also @ TechSpot: Google, Samsung unveil Chromebook, Chromebox with Chrome OS 19

TechSpot

TechSpot News Products Downloads Forums

[Solved] Virus or rootkit haunts me

Discussion in 'Virus and Malware Removal' started by RRackman, Dec 15, 2010.

Thread Status:: Not open for further replies.

Page 1 of 3

RRackman Newcomer, in training
I noticed that McAfee OR Malwarebytes would pop up and say that a attempt to connect to a malicious website had been blocked. I never got a notice of a virus/trojan/malware infection . . .

Scanning and searching I manually found 3 rogue services installed and the applications residing in my {user}/appdata/temp directory. I removed the services and deleted the files but I am still getting the occasional notification that "System" was blocked from connecting to a malicious site, sometimes it is port 137 another time it was port 50304 and sometimes no port is given. I have been working on this for 20 plus hours and cannot find where the code is being loaded or what dll or system file is being used. I am attaching my GMER log file in hopes that someone can help me. PLEASE?

Thanks

I have scanned many times with McAfee, Malwarebytes, and Spybot Search & Destroy (all with latest updates) and none find any issues. I have installed RUBotted also as further protection against rootkit activity.
Attached Files:
- GMER.log
  
  File size:
  
  16.6 KB
  
  Views:
  
  0
RRackman, Dec 15, 2010

#1
Broni Malware Annihilator
Welcome aboard

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Broni, Dec 16, 2010

#2
RRackman Newcomer, in training

Completed Steps (post 1)

I have completed all the steps and will start by posting the mbam.log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5317

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/15/2010 10:53:41 PM
mbam-log-2010-12-15 (22-53-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 298429
Time elapsed: 57 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Followed by the GMER log file:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-15 21:53:17
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BJKT-00F4T0 rev.11.01A11
Running: 5nvhyl75.exe; Driver: C:\Users\REMORA~1\AppData\Local\Temp\uxtdrpog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0x8C750AF0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0x8C750B40]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0x8C751490]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0x8C751320]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0x8C750BE0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0x8C750AA0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0x8C751630]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0x8C750C80]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0x8C751000]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8347A599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8349EF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 834A67AC 4 Bytes [F0, 0A, 75, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 834A685C 4 Bytes [40, 0B, 75, 8C] {INC EAX; OR ESI, [EBP-0x74]}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 834A69F8 4 Bytes [90, 14, 75, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 508 834A6A18 4 Bytes [20, 13, 75, 8C] {AND [EBX], DL; JNZ 0xffffffffffffff90}
.text ntkrnlpa.exe!RtlSidHashLookup + 54C 834A6A5C 4 Bytes [E0, 0B, 75, 8C] {LOOPNZ 0xd; JNZ 0xffffffffffffff90}
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x92618340, 0x3EE217, 0xE8000020]
? C:\Users\REMORA~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1820] kernel32.dll!LoadLibraryA 772A2884 5 Bytes JMP 700A99A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1820] kernel32.dll!LoadLibraryW 772A28D2 5 Bytes JMP 700A9A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3448] USER32.dll!TrackPopupMenu 75E94B3B 5 Bytes JMP 5AF52342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] ntdll.dll!NtCreateFile 77564A30 5 Bytes JMP 73B87940 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] ntdll.dll!NtCreateSection 77564B50 5 Bytes JMP 73B87A60 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] ntdll.dll!NtOpenFile 77565140 5 Bytes JMP 73B878D0 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] ntdll.dll!NtOpenSection 77565230 5 Bytes JMP 73B87B00 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] ntdll.dll!NtWriteFile 77565ED0 5 Bytes JMP 73B87B40 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] kernel32.dll!OutputDebugStringA 772916A2 5 Bytes JMP 73B87D60 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] kernel32.dll!CreateThread 772A281D 5 Bytes JMP 73B87090 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] USER32.dll!PostThreadMessageA 75E6CBD1 5 Bytes JMP 73B82720 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] USER32.dll!SendMessageA 75E6CC28 5 Bytes JMP 73B869D0 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] USER32.dll!PostMessageA 75E6D656 5 Bytes JMP 73B86E90 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] USER32.dll!SendNotifyMessageW 75E6EB65 5 Bytes JMP 73B86C90 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] USER32.dll!PostThreadMessageW 75E6ECDE 5 Bytes JMP 73B82740 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] USER32.dll!SendMessageTimeoutW 75E7313E 5 Bytes JMP 73B86D20 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] USER32.dll!SendMessageCallbackW 75E74DFC 5 Bytes JMP 73B86DC0 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] USER32.dll!PostMessageW 75E76225 5 Bytes JMP 73B86ED0 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] USER32.dll!SendMessageW 75E7764C 5 Bytes JMP 73B86AA0 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] USER32.dll!SetWindowTextW 75E78267 5 Bytes JMP 73B87800 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] USER32.dll!SendNotifyMessageA 75E867B4 5 Bytes JMP 73B86C50 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] USER32.dll!SendMessageTimeoutA 75E96E97 5 Bytes JMP 73B86CD0 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] USER32.dll!SendMessageCallbackA 75EC3EEB 5 Bytes JMP 73B86D70 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] ADVAPI32.dll!CredEnumerateW 75FD6439 7 Bytes JMP 73B86FB0 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] CRYPT32.dll!CryptUnprotectData 7586777F 5 Bytes JMP 73B86F30 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] WS2_32.dll!sendto 75D83AED 5 Bytes JMP 73B82890 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] WS2_32.dll!WSASocketW 75D83D1B 7 Bytes JMP 73B82950 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] WS2_32.dll!connect 75D848BE 5 Bytes JMP 73B828D0 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] WS2_32.dll!WSASend 75D868A7 5 Bytes JMP 73B82910 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] WS2_32.dll!WSAConnect 75D8BB9B 5 Bytes JMP 73B82850 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] WININET.dll!HttpSendRequestW 7598EEBB 5 Bytes JMP 73B827C0 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] WININET.dll!HttpSendRequestExW 759A8E50 5 Bytes JMP 73B827F0 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] WININET.dll!InternetWriteFile 759A90FC 5 Bytes JMP 73B82790 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] WININET.dll!HttpSendRequestExA 75A001FA 5 Bytes JMP 73B82820 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3452] WININET.dll!HttpSendRequestA 75A002E0 5 Bytes JMP 73B82760 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Windows\Explorer.EXE[3624] ntdll.dll!NtWriteFile 77565ED0 5 Bytes JMP 73B87B40 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Windows\Explorer.EXE[3624] kernel32.dll!CreateThread 772A281D 5 Bytes JMP 73B87090 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Windows\Explorer.EXE[3624] USER32.dll!SetWindowTextW 75E78267 5 Bytes JMP 73B87800 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1312] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1312] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1880] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1880] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1908] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [009BABE0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Zune\ZuneLauncher.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[2020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[2020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74282494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74265624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742656E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7428250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74278573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74274D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742750CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742751A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [742766D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742782CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74278819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7427907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7427E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74274C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4044] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000066 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197ee8f918
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197ee8f918@002376371d1f 0x63 0x02 0x7D 0x85 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197ee8f918 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197ee8f918@002376371d1f 0x63 0x02 0x7D 0x85 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 08: copy of MBR

---- EOF - GMER 1.0.15 ----

RRackman, Dec 16, 2010

#3
RRackman Newcomer, in training

Log posting (part 2)

Posting of the DDS log and the Attach log files:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Remo Rackman at 21:25:38.90 on Wed 12/15/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2020 [GMT -8:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\NetworkIndicator.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Remo Rackman\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070525
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101201065849.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [NetworkIndicator] c:\program files\NetworkIndicator.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
StartupFolder: c:\users\remora~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: gmodules.com\99
Trusted Zone: google.com\images
Trusted Zone: google.com\www
Trusted Zone: googlecommunity.com\www
Trusted Zone: humbuckermusic.com\www
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motorola.com
Trusted Zone: myspace.com\www
Trusted Zone: twitter.com
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\remora~1\appdata\roaming\mozilla\firefox\profiles\dkaf33o5.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-12 454840]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-12-12 32008]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-4-12 64464]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-4-12 163656]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-12-12 76696]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-12-12 6416120]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-9 363344]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-1 213880]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-1 213880]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-1 213880]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-1 213880]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-12 163952]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-12 155712]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-12 145936]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-8-7 1153368]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-1-12 185640]
R2 Trend Micro RUBotted Service;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2010-12-12 431440]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-12 57240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-9 20952]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-12 173208]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-12 332928]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-12-12 26096]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2009-11-9 25088]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-26 37296]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2010-2-23 37488]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/15/2010,1.12.0.1;c:\windows\system32\drivers\libusb0.sys [2010-3-15 20992]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-12 59096]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-12 85760]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-7 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-7 40552]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 UsbGps;LGE Mobile USB GPS NMEA Port;c:\windows\system32\drivers\lgusbgps.sys [2010-1-21 19840]
S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2009-8-7 12800]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-9 1343400]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-2 19677]

=============== Created Last 30 ================

2010-12-16 04:32:24 -------- d-----w- c:\windows\pss
2010-12-15 07:49:14 -------- d-----w- c:\progra~2\PC Tools
2010-12-15 05:02:53 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-15 05:02:46 -------- d-----w- c:\users\remora~1\appdata\local\temp
2010-12-15 04:38:10 98816 ----a-w- c:\windows\sed.exe
2010-12-15 04:38:10 89088 ----a-w- c:\windows\MBR.exe
2010-12-15 04:38:10 256512 ----a-w- c:\windows\PEV.exe
2010-12-15 04:38:10 161792 ----a-w- c:\windows\SWREG.exe
2010-12-15 04:28:10 -------- d-----w- c:\progra~2\Trend Micro
2010-12-14 12:41:53 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{473e05e6-efc2-44c1-89eb-637f7d258ec1}\mpengine.dll
2010-12-13 06:05:56 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-12-13 06:05:55 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-12-13 06:05:55 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-12-13 06:05:54 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-12-13 06:05:54 -------- d-----w- c:\program files\Prevx
2010-12-13 06:05:42 -------- d-----w- c:\progra~2\PrevxCSI
2010-12-13 03:16:52 -------- d-----w- c:\program files\WinPcap
2010-12-13 03:16:23 -------- d-----w- c:\program files\Trend Micro
2010-12-13 02:13:55 -------- d-----w- C:\HJT
2010-12-12 11:30:07 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-12-12 11:29:48 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2010-12-12 11:19:24 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
2010-12-11 20:45:34 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-12-11 20:45:30 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-09 11:38:19 539968 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2010-12-01 14:58:49 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2010-11-27 03:59:55 -------- d-----w- c:\users\remo rackman\.thumbnails
2010-11-23 23:44:14 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-21 22:04:51 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2010-11-21 19:55:02 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2010-11-21 19:54:46 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2010-11-21 19:54:25 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2010-11-21 19:54:21 539968 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll

==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll
2010-10-14 09:36:52 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 09:36:50 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-09-24 20:19:16 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-23 07:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-21 21:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2009-12-12 18:08:20 147456 ----a-w- c:\program files\NetworkIndicator.exe

============= FINISH: 21:27:15.50 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/7/2009 1:12:38 PM
System Uptime: 12/15/2010 9:08:33 PM (0 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 2000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 54.354 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs

==== System Restore Points ===================

RP196: 12/14/2010 4:41:19 AM - Windows Update
RP197: 12/14/2010 9:15:18 PM - Windows Update
RP198: 12/15/2010 4:12:50 PM - Removed Java(TM) 6 Update 22
RP199: 12/15/2010 4:23:23 PM - Removed Citrix Presentation Server Client
RP200: 12/15/2010 4:38:38 PM - Removed Microsoft Expression Blend 3 SDK
RP201: 12/15/2010 4:41:51 PM - Removed Microsoft Expression Blend SDK for .NET 4
RP202: 12/15/2010 4:46:05 PM - Removed Microsoft Expression Blend SDK for Silverlight 4
RP203: 12/15/2010 4:47:23 PM - Removed Microsoft Silverlight 3 SDK
RP204: 12/15/2010 4:48:17 PM - Removed Microsoft Silverlight 4 SDK

==== Installed Programs ======================

7-Zip 4.65
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.5 - CPSID_49013
Adobe Acrobat 8.1.5 Professional
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Shockwave Player 11.5
Apple Software Update
Avi2Dvd 0.5
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BitTorrent
Conexant HDA D110 MDC V.92 Modem
D3DX10
Dell Driver Download Manager
DVD Shrink 3.2
FastStone Image Viewer 4.2
Feedback Tool
GOM Player
Google Toolbar for Internet Explorer
Image Resizer Powertoy Clone for Windows
Jawbone Updater
Logitech Harmony Remote Software 7
Logitech Webcam Software
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Expression Blend 4
Microsoft Expression Blend 4 Add-in for Adobe FXG Import
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight Tools for Visual Studio 2010
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual Studio 2010 Express for Windows Phone - ENU
Microsoft Windows Phone Developer Tools - ENU
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Game Studio 4.0
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft XNA Game Studio 4.0 Windows Phone Extensions
Microsoft XNA Game Studio Platform Tools
Mozilla Firefox (3.6.13)
MSVCRT
Network Stumbler 0.4.0 (remove only)
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Picasa 3
PL-2303 Vista Driver Installer
Prevx
QuickTime
Remote Control USB Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB982127)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TeamViewer 5
Trend Micro RUBotted 2.0 Beta
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)
WIDCOMM Bluetooth Software 6.0.1.3100
Winamp
Winamp Essentials Pack
Windows Driver Package - Intel Net (08/20/2008 8.10.3.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Updater Component
Windows Phone 7 Add-in for Visual Studio 2010 - ENU
Windows Phone Emulator - ENU
Windows XP Mode
WinPcap 4.1.1
WinRAR archiver
WPF Toolkit February 2010 (Version 3.5.50211.1)
Xilisoft AVI to DVD Converter
Xilisoft Video Converter Ultimate
Xilisoft Video Converter Ultimate 6
Xvid 1.2.1 final uninstall
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)

==== Event Viewer Messages From Past Week ========

12/9/2010 3:35:44 AM, Error: TermDD [50] - The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
12/15/2010 9:09:09 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
12/15/2010 9:08:11 PM, Error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The pipe has been ended.
12/15/2010 9:08:00 PM, Error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/15/2010 5:36:55 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
12/15/2010 5:30:31 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
12/15/2010 5:28:43 PM, Error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The system cannot find the path specified.
12/14/2010 9:14:08 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/14/2010 8:58:48 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/14/2010 8:35:14 PM, Error: Service Control Manager [7034] - The Trend Micro RUBotted Service service terminated unexpectedly. It has done this 1 time(s).
12/14/2010 8:34:44 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/14/2010 8:34:33 PM, Error: Service Control Manager [7034] - The TeamViewer 5 service terminated unexpectedly. It has done this 1 time(s).
12/14/2010 8:33:43 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
12/14/2010 8:33:43 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/14/2010 8:33:43 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/14/2010 8:33:43 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/14/2010 8:33:43 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/14/2010 8:33:43 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/14/2010 8:33:43 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/14/2010 8:31:40 PM, Error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
12/14/2010 10:14:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
12/14/2010 10:14:00 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/14/2010 10:09:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CSIScanner service.
12/14/2010 10:09:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service.
12/13/2010 6:35:41 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'O2Micro CCID SC Reader 0' rejected IOCTL GET_STATE: The device has been removed. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
12/13/2010 5:52:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
12/13/2010 5:50:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/13/2010 5:50:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/13/2010 5:50:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/13/2010 5:50:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/13/2010 5:50:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/13/2010 5:50:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/13/2010 5:37:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
12/13/2010 5:33:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
12/13/2010 5:33:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk mfewfpk MPFP NetBIOS NetBT nsiproxy Psched pxrts rdbss spldr Tcpip tdx vmm vpcnfltr vpcvmm Wanarpv6 WfpLwf
12/13/2010 5:33:37 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2010 5:33:36 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2010 4:44:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/12/2010 6:59:11 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/12/2010 6:54:58 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/12/2010 6:53:06 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/12/2010 6:51:13 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/12/2010 6:49:34 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/12/2010 6:42:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk mfewfpk MPFP NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx vmm vpcnfltr vpcvmm Wanarpv6 WfpLwf
12/12/2010 11:48:15 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/11/2010 8:45:59 AM, Error: Service Control Manager [7030] - The CDTIZCGKNIQ service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/11/2010 12:10:07 AM, Error: Service Control Manager [7030] - The PDAUUUL service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/11/2010 12:10:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the RJJLDK service to connect.
12/11/2010 12:10:07 AM, Error: Service Control Manager [7000] - The RJJLDK service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2010 12:09:36 AM, Error: Service Control Manager [7030] - The RJJLDK service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/10/2010 6:18:33 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {B3EDE298-AE75-4A1C-AB7E-1B9229B77BBE} as /. The error: "740" Happened while starting this command: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -Embedding
12/10/2010 6:14:14 PM, Error: Service Control Manager [7034] - The QuikSync service terminated unexpectedly. It has done this 1 time(s).
12/10/2010 6:13:16 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
12/10/2010 6:12:56 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 12 time(s).
12/10/2010 6:10:57 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 11 time(s).
12/10/2010 6:08:57 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 10 time(s).
12/10/2010 6:04:26 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 9 time(s).
12/10/2010 6:02:14 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 8 time(s).
12/10/2010 6:01:13 PM, Error: Service Control Manager [7034] - The MT7 Serial Search Service service terminated unexpectedly. It has done this 1 time(s).
12/10/2010 6:01:05 PM, Error: Service Control Manager [7034] - The MT7 Registry Service service terminated unexpectedly. It has done this 1 time(s).
12/10/2010 5:59:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Software Shadow Copy Provider service to connect.
12/10/2010 5:59:15 PM, Error: Service Control Manager [7000] - The Microsoft Software Shadow Copy Provider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2010 5:58:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
12/10/2010 5:55:08 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 7 time(s).
12/10/2010 5:54:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
12/10/2010 5:52:49 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 6 time(s).
12/10/2010 5:52:32 PM, Error: Service Control Manager [7034] - The Retrospect Launcher service terminated unexpectedly. It has done this 1 time(s).
12/10/2010 5:46:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Center Receiver Service service to connect.
12/10/2010 5:46:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ehRecvr with arguments "-Service" in order to run the server: {D44CBB4F-743E-4818-8077-C47F666CA7EE}
12/10/2010 4:21:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk mfewfpk MPFP NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx vmm vpcnfltr vpcvmm Wanarpv6 WfpLwf ws2ifsl
12/10/2010 4:06:45 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

RRackman, Dec 16, 2010

#4
RRackman Newcomer, in training

Activity while performing scan steps

I am not sure if it will help locate the problem but I did get a notification of another blocked attempt to a numerical IP while the GMER scan was active.

I have noticed also that Outlook seems to be sluggish changing between inboxes and while loading. Not sure if this is a result of my previous attempts at eradicating the problem or a symptom of the problem.

I have not noticed any regularity in connection attempts; ie it does not happen when I open a browser window or when I start Outlook, etc.

Thank you again

RRackman, Dec 16, 2010

#5
Broni Malware Annihilator
Well, your computer is definitely infected...

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.
Broni, Dec 16, 2010

#6
RRackman Newcomer, in training

MBRCheck log

I was finally able to locate the MBRcheck.exe file on another site in another forum as your link does not work.

Here is the results of the MBRCheck (will post again after running the remover program.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: MXG061
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 195):
0x83437000 \SystemRoot\system32\ntkrnlpa.exe
0x83400000 \SystemRoot\system32\halmacpi.dll
0x80BC0000 \SystemRoot\system32\kdcom.dll
0x83A1B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83A93000 \SystemRoot\system32\PSHED.dll
0x83AA4000 \SystemRoot\system32\BOOTVID.dll
0x83AAC000 \SystemRoot\system32\CLFS.SYS
0x83AEE000 \SystemRoot\system32\CI.dll
0x8C02E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C09F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C0AD000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8C0F5000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8C0FE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8C106000 \SystemRoot\system32\DRIVERS\pci.sys
0x8C130000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8C13B000 \SystemRoot\System32\drivers\partmgr.sys
0x8C14C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8C154000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8C15F000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8C16F000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C1BA000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8C1C1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8C1CF000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C1E5000 \SystemRoot\System32\drivers\pxscan.sys
0x8C1EB000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C000000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x83B99000 \SystemRoot\system32\DRIVERS\SI3132.sys
0x83BB0000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8C023000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C229000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C25D000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C26E000 \SystemRoot\system32\drivers\mfehidk.sys
0x8C2DB000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
0x8C404000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C533000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C55E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C571000 \SystemRoot\System32\Drivers\cng.sys
0x8C5CE000 \SystemRoot\System32\drivers\pcw.sys
0x8C5DC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C2DF000 \SystemRoot\system32\drivers\ndis.sys
0x8C396000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C3D4000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C5E5000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C602000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C641000 \SystemRoot\System32\Drivers\spldr.sys
0x8C649000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C676000 \SystemRoot\system32\DRIVERS\SiRemFil.sys
0x8C67E000 \SystemRoot\System32\Drivers\mup.sys
0x8C68E000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C696000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C6C8000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C6D9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C730000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C74F000 \SystemRoot\System32\drivers\pxrts.sys
0x8C760000 \SystemRoot\System32\drivers\TDI.SYS
0x8C76B000 \SystemRoot\System32\Drivers\Null.SYS
0x8C772000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C779000 \SystemRoot\System32\drivers\vga.sys
0x8C785000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C7A6000 \SystemRoot\System32\drivers\watchdog.sys
0x8C7B3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C7BB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C7C3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8C7CB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C7D6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90213000 \SystemRoot\System32\drivers\tcpip.sys
0x9035C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x9038D000 \SystemRoot\System32\Drivers\Mpfp.sys
0x903B6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x903CD000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x8C200000 \SystemRoot\system32\drivers\mfewfpk.sys
0x91A13000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91A45000 \SystemRoot\system32\drivers\afd.sys
0x91A9F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x91AA6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91AC5000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x91AD5000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x91AE3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91AF1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91B04000 \SystemRoot\system32\drivers\vpcvmm.sys
0x91B4B000 \??\C:\Windows\system32\Drivers\vmm.sys
0x91B87000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91B97000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91BD8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91BE2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91BEC000 \SystemRoot\System32\drivers\discache.sys
0x91227000 \SystemRoot\system32\drivers\csc.sys
0x9128B000 \SystemRoot\System32\Drivers\dfsc.sys
0x912A3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x912B1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x912D2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x912E4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x912ED000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x92618000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x912F1000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92D4B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92D84000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9340E000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x93821000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x9385D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x93868000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x938B3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x938C2000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x938EE000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x93907000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x93918000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x9392C000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x9397E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x93996000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x939C5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x939C7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x939D4000 \SystemRoot\System32\drivers\pxkbf.sys
0x939D9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x939E6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x92DA3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x92DB5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x939F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92DCD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92600000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x913A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x913BF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x93400000 \SystemRoot\system32\DRIVERS\teamviewervpn.sys
0x92DEF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x93407000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92008000 \SystemRoot\system32\DRIVERS\ks.sys
0x9203C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9204A000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x92062000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x9206F000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x920A5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x920E9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x920FA000 \SystemRoot\system32\drivers\HdAudio.sys
0x9214A000 \SystemRoot\system32\drivers\portcls.sys
0x92179000 \SystemRoot\system32\drivers\drmk.sys
0x92192000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x95822000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x95919000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x959CF000 \SystemRoot\system32\drivers\modem.sys
0x921CC000 \SystemRoot\system32\drivers\mfeavfk.sys
0x9A40D000 \SystemRoot\system32\drivers\mfefirek.sys
0x9A45D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9A46A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9A475000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9A47E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9AEB0000 \SystemRoot\System32\win32k.sys
0x9A48F000 \SystemRoot\System32\drivers\Dxapi.sys
0x9A499000 \SystemRoot\System32\Drivers\oz776.sys
0x9A4A9000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0x9A4B4000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x9A4C0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9A4CB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9A4DE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9A4E5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9A4F1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9A4FC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B110000 \SystemRoot\System32\TSDDD.dll
0x9B140000 \SystemRoot\System32\cdd.dll
0x9B160000 \SystemRoot\System32\ATMFD.DLL
0x9A507000 \SystemRoot\system32\drivers\luafv.sys
0x9A522000 \SystemRoot\system32\drivers\WudfPf.sys
0x9A53C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A54C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A592000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A5A2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B21A000 \SystemRoot\system32\drivers\HTTP.sys
0x9B29F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B2B8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9B2CA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B2ED000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B328000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B35B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9B35F000 \SystemRoot\system32\drivers\npf.sys
0xA2015000 \SystemRoot\system32\drivers\peauth.sys
0xA20AC000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA20B6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA20D7000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA210D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA215C000 \SystemRoot\System32\DRIVERS\srv.sys
0xA21AD000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA21B2000 \SystemRoot\System32\drivers\rdpdr.sys
0xA21D7000 \SystemRoot\system32\drivers\tdtcp.sys
0xA21E1000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x9B36E000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA20E4000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA20FF000 \SystemRoot\system32\drivers\cfwids.sys
0xA21EE000 \??\C:\Windows\system32\drivers\mbam.sys
0xACE96000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xACE9F000 \??\C:\Users\REMORA~1\AppData\Local\Temp\mbr.sys
0xACEA6000 \??\C:\Users\REMORA~1\AppData\Local\Temp\uxtdrpog.sys
0x77520000 \Windows\System32\ntdll.dll
0x48120000 \Windows\System32\smss.exe
0x77760000 \Windows\System32\apisetschema.dll
0x00A60000 \Windows\System32\autochk.exe
0x77700000 \Windows\System32\Wldap32.dll
0x77670000 \Windows\System32\oleaut32.dll

Processes (total 72):
0 System Idle Process
4 System
348 C:\Windows\System32\smss.exe
508 csrss.exe
572 C:\Windows\System32\wininit.exe
588 csrss.exe
632 C:\Windows\System32\services.exe
648 C:\Windows\System32\lsass.exe
656 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\winlogon.exe
824 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\nvvsvc.exe
924 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\rundll32.exe
1420 C:\Windows\System32\svchost.exe
1552 C:\Windows\System32\spoolsv.exe
1588 C:\Windows\System32\svchost.exe
1620 C:\Windows\System32\svchost.exe
1720 C:\Program Files\Prevx\prevx.exe
1768 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
1820 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1864 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1880 C:\Windows\System32\rundll32.exe
1908 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
1956 C:\Windows\System32\svchost.exe
2004 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
2040 C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
300 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
516 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
1188 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
1412 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
1464 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2712 C:\Windows\System32\svchost.exe
3472 C:\Windows\System32\taskhost.exe
3568 C:\Windows\System32\dwm.exe
3624 C:\Windows\explorer.exe
3680 C:\Program Files\Prevx\prevx.exe
4020 C:\Windows\System32\rundll32.exe
4044 C:\Windows\System32\rundll32.exe
4060 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4076 C:\Windows\WindowsMobile\wmdc.exe
2720 C:\Windows\System32\svchost.exe
2020 C:\Program Files\Zune\ZuneLauncher.exe
396 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2108 C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
1964 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1756 C:\Program Files\NetworkIndicator.exe
524 C:\Windows\System32\SearchIndexer.exe
800 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3060 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
1144 C:\Program Files\Windows Media Player\wmpnetwk.exe
4228 C:\Windows\System32\svchost.exe
4376 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4984 C:\Windows\System32\svchost.exe
5012 dllhost.exe
4860 C:\Program Files\McAfee.com\Agent\mcagent.exe
2668 C:\Program Files\McAfee.com\Agent\mcupdate.exe
1168 mcupdmgr.exe
3496 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
5500 C:\Windows\System32\audiodg.exe
2104 C:\Program Files\Mozilla Firefox\firefox.exe
5180 C:\Program Files\Mozilla Firefox\plugin-container.exe
1900 C:\Windows\System32\SearchProtocolHost.exe
5812 C:\Windows\System32\SearchFilterHost.exe
7752 MpCmdRun.exe
6892 C:\Users\Remo Rackman\Desktop\MBRCheck.exe
6776 C:\Windows\System32\conhost.exe
6928 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BJKT-00F4T0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

RRackman, Dec 16, 2010

#7
Broni Malware Annihilator

MBRCheck link works just fine for me

Broni, Dec 16, 2010

#8
RRackman Newcomer, in training

bootkit remover log (part 1)

I was unable to copy the screen from bootkit remover, however, upon exit it does write its own logfile to the desktop.

Bootkit remover log:

.\debug.cpp(238) : Debug log started at 17.12.2010 - 01:40:17
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x83437000 0x00410000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x83400000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x80bc0000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x83a1b000 0x00078000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x83a93000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x83aa4000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x83aac000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x83aee000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8c02e000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8c09f000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8c0ad000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
.\debug.cpp(256) : 0x8c0f5000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0x8c0fe000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
.\debug.cpp(256) : 0x8c106000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys"
.\debug.cpp(256) : 0x8c130000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
.\debug.cpp(256) : 0x8c13b000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x8c14c000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x8c154000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x8c15f000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
.\debug.cpp(256) : 0x8c16f000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x8c1ba000 0x00007000 "\SystemRoot\system32\DRIVERS\intelide.sys"
.\debug.cpp(256) : 0x8c1c1000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x8c1cf000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8c1e5000 0x00006000 "\SystemRoot\System32\drivers\pxscan.sys"
.\debug.cpp(256) : 0x8c1eb000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
.\debug.cpp(256) : 0x8c000000 0x00023000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
.\debug.cpp(256) : 0x83b99000 0x00017000 "\SystemRoot\system32\DRIVERS\SI3132.sys"
.\debug.cpp(256) : 0x83bb0000 0x00026000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS"
.\debug.cpp(256) : 0x8c023000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys"
.\debug.cpp(256) : 0x8c229000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8c25d000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x8c26e000 0x0006d000 "\SystemRoot\system32\drivers\mfehidk.sys"
.\debug.cpp(256) : 0x8c2db000 0x00004000 "\SystemRoot\system32\DRIVERS\SiWinAcc.sys"
.\debug.cpp(256) : 0x8c404000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8c533000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x8c55e000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8c571000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x8c5ce000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x8c5dc000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x8c2df000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8c396000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8c3d4000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x8c5e5000 0x00009000 "\SystemRoot\system32\DRIVERS\vmstorfl.sys"
.\debug.cpp(256) : 0x8c602000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
.\debug.cpp(256) : 0x8c641000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8c649000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8c676000 0x00008000 "\SystemRoot\system32\DRIVERS\SiRemFil.sys"
.\debug.cpp(256) : 0x8c67e000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8c68e000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x8c696000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x8c6c8000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x8c6d9000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8c730000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8c74f000 0x00011000 "\SystemRoot\System32\drivers\pxrts.sys"
.\debug.cpp(256) : 0x8c760000 0x0000b000 "\SystemRoot\System32\drivers\TDI.SYS"
.\debug.cpp(256) : 0x8c76b000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8c772000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8c779000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8c785000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8c7a6000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8c7b3000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8c7bb000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8c7c3000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x8c7cb000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8c7d6000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x90213000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x9035c000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x9038d000 0x00029000 "\SystemRoot\System32\Drivers\Mpfp.sys"
.\debug.cpp(256) : 0x903b6000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x903cd000 0x00015000 "\SystemRoot\system32\DRIVERS\ipfltdrv.sys"
.\debug.cpp(256) : 0x8c200000 0x00027000 "\SystemRoot\system32\drivers\mfewfpk.sys"
.\debug.cpp(256) : 0x91a13000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x91a45000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x91a9f000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x91aa6000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x91ac5000 0x00010000 "\SystemRoot\system32\DRIVERS\vpcnfltr.sys"
.\debug.cpp(256) : 0x91ad5000 0x0000e000 "\SystemRoot\system32\DRIVERS\mfenlfk.sys"
.\debug.cpp(256) : 0x91ae3000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x91af1000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x91b04000 0x00047000 "\SystemRoot\system32\drivers\vpcvmm.sys"
.\debug.cpp(256) : 0x91b4b000 0x0003c000 "\??\C:\Windows\system32\Drivers\vmm.sys"
.\debug.cpp(256) : 0x91b87000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x91b97000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x91bd8000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x91be2000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x91bec000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x91227000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x9128b000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x912a3000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x912b1000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x912d2000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x912e4000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0x912ed000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0x92618000 0x00733000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys"
.\debug.cpp(256) : 0x912f1000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x92d4b000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x92d84000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x9340e000 0x00413000 "\SystemRoot\system32\DRIVERS\netw5v32.sys"
.\debug.cpp(256) : 0x93821000 0x0003c000 "\SystemRoot\system32\DRIVERS\b57nd60x.sys"
.\debug.cpp(256) : 0x9385d000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x93868000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x938b3000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x938c2000 0x0002c000 "\SystemRoot\system32\DRIVERS\1394ohci.sys"
.\debug.cpp(256) : 0x938ee000 0x00019000 "\SystemRoot\system32\DRIVERS\sdbus.sys"
.\debug.cpp(256) : 0x93907000 0x00011000 "\SystemRoot\system32\DRIVERS\rimmptsk.sys"
.\debug.cpp(256) : 0x93918000 0x00014000 "\SystemRoot\system32\DRIVERS\rimsptsk.sys"
.\debug.cpp(256) : 0x9392c000 0x00052000 "\SystemRoot\system32\DRIVERS\rixdptsk.sys"
.\debug.cpp(256) : 0x9397e000 0x00018000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x93996000 0x0002f000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0x939c5000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x939c7000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x939d4000 0x00005000 "\SystemRoot\System32\drivers\pxkbf.sys"
.\debug.cpp(256) : 0x939d9000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x939e6000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
.\debug.cpp(256) : 0x92da3000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x92db5000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x939f3000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x92dcd000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x92600000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x913a8000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x913bf000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x93400000 0x00007000 "\SystemRoot\system32\DRIVERS\teamviewervpn.sys"
.\debug.cpp(256) : 0x92def000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x93407000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x92008000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x9203c000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x9204a000 0x00018000 "\SystemRoot\system32\DRIVERS\vpcusb.sys"
.\debug.cpp(256) : 0x92062000 0x0000d000 "\SystemRoot\system32\DRIVERS\usbrpm.sys"
.\debug.cpp(256) : 0x9206f000 0x00036000 "\SystemRoot\system32\DRIVERS\vpchbus.sys"
.\debug.cpp(256) : 0x920a5000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x920e9000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x920fa000 0x00050000 "\SystemRoot\system32\drivers\HdAudio.sys"
.\debug.cpp(256) : 0x9214a000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x92179000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x92192000 0x0003a000 "\SystemRoot\system32\DRIVERS\HSXHWAZL.sys"
.\debug.cpp(256) : 0x95822000 0x000f7000 "\SystemRoot\system32\DRIVERS\HSX_DPV.sys"
.\debug.cpp(256) : 0x95919000 0x000b6000 "\SystemRoot\system32\DRIVERS\HSX_CNXT.sys"
.\debug.cpp(256) : 0x959cf000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys"
.\debug.cpp(256) : 0x921cc000 0x00029000 "\SystemRoot\system32\drivers\mfeavfk.sys"
.\debug.cpp(256) : 0x9a40d000 0x00050000 "\SystemRoot\system32\drivers\mfefirek.sys"
.\debug.cpp(256) : 0x9a45d000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x9a46a000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x9a475000 0x00009000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x9a47e000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x9aeb0000 0x0024b000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x9a48f000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x9a499000 0x00010000 "\SystemRoot\System32\Drivers\oz776.sys"
.\debug.cpp(256) : 0x9a4a9000 0x0000b000 "\SystemRoot\System32\Drivers\SMCLIB.SYS"
.\debug.cpp(256) : 0x9a4b4000 0x0000c000 "\SystemRoot\System32\DRIVERS\scfilter.sys"
.\debug.cpp(256) : 0x9a4c0000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x9a4cb000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x9a4de000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x9a4e5000 0x0000c000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x9a4f1000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x9a4fc000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x9b110000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x9b140000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x9b160000 0x0004d000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x9a507000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x9a522000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x9a53c000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x9a54c000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x9a592000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x9a5a2000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x9b21a000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x9b29f000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x9b2b8000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x9b2ca000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x9b2ed000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x9b328000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x9b35b000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0x9b35f000 0x0000f000 "\SystemRoot\system32\drivers\npf.sys"
.\debug.cpp(256) : 0xa2015000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0xa20ac000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0xa20b6000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0xa20d7000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xa210d000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xa215c000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa21ad000 0x00005000 "\SystemRoot\system32\DRIVERS\LVPr2Mon.sys"
.\debug.cpp(256) : 0xa21b2000 0x00025000 "\SystemRoot\System32\drivers\rdpdr.sys"
.\debug.cpp(256) : 0xa21d7000 0x0000a000 "\SystemRoot\system32\drivers\tdtcp.sys"
.\debug.cpp(256) : 0xa21e1000 0x0000d000 "\SystemRoot\System32\DRIVERS\tssecsrv.sys"
.\debug.cpp(256) : 0x9b36e000 0x00031000 "\SystemRoot\System32\Drivers\RDPWD.SYS"
.\debug.cpp(256) : 0xa20e4000 0x0001b000 "\SystemRoot\system32\drivers\mfeapfk.sys"
.\debug.cpp(256) : 0xa20ff000 0x0000d000 "\SystemRoot\system32\drivers\cfwids.sys"
.\debug.cpp(256) : 0xa21ee000 0x00004000 "\??\C:\Windows\system32\drivers\mbam.sys"
.\debug.cpp(256) : 0xace96000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
.\debug.cpp(256) : 0xace9f000 0x00007000 "\??\C:\Users\REMORA~1\AppData\Local\Temp\mbr.sys"
.\debug.cpp(256) : 0xacea6000 0x00018000 "\??\C:\Users\REMORA~1\AppData\Local\Temp\uxtdrpog.sys"
.\debug.cpp(256) : 0x77520000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x48120000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x77760000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x00a60000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x77700000 0x00045000 "\Windows\System32\Wldap32.dll"
.\debug.cpp(256) : 0x77670000 0x0008f000 "\Windows\System32\oleaut32.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{2DD828C4-E15C-4A93-A57D-C672964F7401}"
.\debug.cpp(400) : Destination "\Device\NPF_{2DD828C4-E15C-4A93-A57D-C672964F7401}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanBh"
.\debug.cpp(400) : Destination "\Device\NPF_NdisWanBh"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0B97&PID_7762#7&15477028&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801CE&REV_1022#4&3b2ad384&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000084"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VPCNetS3_{9008A83E-ED98-465A-8BF8-DDB48CE1F399}"
.\debug.cpp(400) : Destination "\Device\VPCNetS3_{9008A83E-ED98-465A-8BF8-DDB48CE1F399}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0A5C&PID_4503&Col02#8&837520b&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000056"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{9008A83E-ED98-465A-8BF8-DDB48CE1F399}"
.\debug.cpp(400) : Destination "\Device\NPF_{9008A83E-ED98-465A-8BF8-DDB48CE1F399}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000060"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) : Destination "\Device\AgileVPN"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2d7ddd1a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LogiProcMon2"
.\debug.cpp(400) : Destination "\Device\LogiProcMon2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15_-_Intel(R)_Core(TM)2_CPU_________T7200__@_2.00GHz#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000067"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0843&SUBSYS_01CE1028&REV_01#4&35bab052&0&0AF0#{ba39d8e2-30c9-11d4-b3cd-d916bda91711}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD+-RW_GSA-T11N_______________A103____#5&1e500546&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD+-RW_GSA-T11N_______________A103____#5&1e500546&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&TSBUS#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000092"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{9813E820-AEED-4067-B9FD-5F6707E1225A}"
.\debug.cpp(400) : Destination "\Device\NPF_{9813E820-AEED-4067-B9FD-5F6707E1225A}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WGUARDNT"
.\debug.cpp(400) : Destination "\Device\mfehidk"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination "\Device\ProcessManagement"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1600&SUBSYS_01CE1028&REV_02#4&eb643fb&0&00E2#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BE58C48E-5394-4FF3-A794-DEC4247F3560}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination "\Device\Video5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000060"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10208086&REV_02#4&e11c65&0&00E1#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VPCVMM"
.\debug.cpp(400) : Destination "\Device\VPCVMM"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\0000006c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0297&SUBSYS_019B1028&REV_A1#4&21d6a3ab&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000054"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) : Destination "\Device\SPDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) : Destination "\Device\TeredoTun"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanIpv6"
.\debug.cpp(400) : Destination "\Device\NPF_NdisWanIpv6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801CE&REV_1022#4&3b2ad384&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
.\debug.cpp(400) : Destination "\Device\00000084"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&ActiveSyncWPDEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000093"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) : Destination "\Device\NPF_{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination "\Device\PEAuth"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000006f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10208086&REV_02#4&e11c65&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\Winachsf0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0852&SUBSYS_01CE1028&REV_05#4&35bab052&0&0CF0#{58b90d02-b4b0-4504-9bea-52b93082ddf6}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E2F8A220-AF88-446C-9A55-453E58DD3A33}"
.\debug.cpp(400) : Destination "\Device\NDMP17"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000091"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{E0597050-09C8-4BEC-A0C2-848F94207B02}"
.\debug.cpp(400) : Destination "\Device\NPF_{E0597050-09C8-4BEC-A0C2-848F94207B02}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801CE&REV_1022#4&3b2ad384&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000084"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801CE&REV_1022#4&3b2ad384&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000084"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Conexant HDA D110 MDC V.92 Modem"
.\debug.cpp(400) : Destination "\Device\00000085"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000060"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MPFP"
.\debug.cpp(400) : Destination "\Device\MPFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&57648f1&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801CE&REV_1022#4&3b2ad384&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000084"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15_-_Intel(R)_Core(TM)2_CPU_________T7200__@_2.00GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000068"
.\debug.cpp(409) : --

continued in next post

RRackman, Dec 16, 2010

#9
RRackman Newcomer, in training

bootkit remover log (part 2)

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\0000008f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900#4&3b2ad384&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\00000085"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPFILTERDRIVER"
.\debug.cpp(400) : Destination "\Device\IPFILTERDRIVER"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0A5C&PID_4503&Col01#8&837520b&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\pxkbf"
.\debug.cpp(400) : Destination "\Device\pxkbf"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0297&SUBSYS_019B1028&REV_A1#4&21d6a3ab&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000060"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000060"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\mfehidk"
.\debug.cpp(400) : Destination "\Device\mfehidk"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2DD828C4-E15C-4A93-A57D-C672964F7401}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{892EDE5E-BE49-443c-A0B3-005D74F2D69C}#ScFilter#8&1d0b04df&0&01#{d86354cc-a2ac-4223-95b9-2e48ce154434}"
.\debug.cpp(400) : Destination "\Device\0000008b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) : Destination "\Device\IPSECDOSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#VPCBUS#0000#{0711023b-1e63-4928-8063-c927369fad10}"
.\debug.cpp(400) : Destination "\Device\00000065"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000060"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{e849804e-c719-43d8-ac88-96b894c191e2}"
.\debug.cpp(400) : Destination "\Device\0000006c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{1BB4B248-1CA6-434F-8B89-27FBFD7C1CFD}"
.\debug.cpp(400) : Destination "\Device\NPF_{1BB4B248-1CA6-434F-8B89-27FBFD7C1CFD}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0A5C&PID_4502#8&a2dd901&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{83D769FC-3F3A-4EC5-99F3-B0B6756E8F03}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0A5C&PID_4503&Col01#8&837520b&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000056"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VPCBus"
.\debug.cpp(400) : Destination "\Device\VPCBus"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801CE&REV_1022#4&3b2ad384&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination "\Device\00000084"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0A5C&PID_4500#6&2b90f3c&0&4#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{5EA386E8-337A-493E-A459-445A2E2BAD28}"
.\debug.cpp(400) : Destination "\Device\NPF_{5EA386E8-337A-493E-A459-445A2E2BAD28}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{BE58C48E-5394-4FF3-A794-DEC4247F3560}"
.\debug.cpp(400) : Destination "\Device\NPF_{BE58C48E-5394-4FF3-A794-DEC4247F3560}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0A5C&PID_4503#7&1af59997&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0A5C&PID_4502#7&1af59997&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#VMUSBCONNECTOR#0000#{8add3807-340a-469d-acac-25c377a4273c}"
.\debug.cpp(400) : Destination "\Device\00000063"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{073e5890-838c-11de-9805-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{E2F8A220-AF88-446C-9A55-453E58DD3A33}"
.\debug.cpp(400) : Destination "\Device\NPF_{E2F8A220-AF88-446C-9A55-453E58DD3A33}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination "\Device\Secdrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0832&SUBSYS_01CE1028&REV_00#4&35bab052&0&08F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9008A83E-ED98-465A-8BF8-DDB48CE1F399}"
.\debug.cpp(400) : Destination "\Device\NDMP15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VPCNetS3"
.\debug.cpp(400) : Destination "\Device\VPCNetS3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THM_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000005c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0B97&PID_7762#7&15477028&0&2#{50dd5230-ba8a-11d1-bf5d-0000f805f530}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900#4&3b2ad384&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination "\Device\00000085"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&57648f1&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0A5C&PID_4502#8&a2dd901&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000091"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_413C&PID_A005#5&1c8ba3eb&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) : Destination "\Device\nativewifip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) : Destination "\Device\NDMP14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{073e588d-838c-11de-9805-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1600&SUBSYS_01CE1028&REV_02#4&eb643fb&0&00E2#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) : Destination "\Device\NPF_{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0592&SUBSYS_01CE1028&REV_0A#4&35bab052&0&0BF0#{d2d3b8e3-2400-448c-8c0d-79abecfcfda3}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{83D769FC-3F3A-4EC5-99F3-B0B6756E8F03}"
.\debug.cpp(400) : Destination "\Device\NPF_{83D769FC-3F3A-4EC5-99F3-B0B6756E8F03}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VPCNetS3_{1BB4B248-1CA6-434F-8B89-27FBFD7C1CFD}"
.\debug.cpp(400) : Destination "\Device\VPCNetS3_{1BB4B248-1CA6-434F-8B89-27FBFD7C1CFD}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{073e588b-838c-11de-9805-806e6f6e6963}#0000000000007E00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_01CE1028&REV_01#3&18d45aa6&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) : Destination "\Device\NPF_{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000060"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) : Destination "\Device\WwanProt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&17aa870d&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0597050-09C8-4BEC-A0C2-848F94207B02}"
.\debug.cpp(400) : Destination "\Device\NDMP1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
.\debug.cpp(400) : Destination "\Device\ASYNCMAC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0B97&PID_7761#6&2b90f3c&0&2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{E8801DC9-6103-45D6-93FF-E4C744CF81C9}"
.\debug.cpp(400) : Destination "\Device\NPF_{E8801DC9-6103-45D6-93FF-E4C744CF81C9}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination "\Device\WANARPV6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000006e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\pxrts"
.\debug.cpp(400) : Destination "\Device\pxrts"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_01CE1028&REV_01#3&18d45aa6&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_01CE1028&REV_01#3&18d45aa6&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&a427c5e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPL0000#5&2dccd7a4&0&UID280#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination "\Device\0000008f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000005c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VPCNetS3_{83D769FC-3F3A-4EC5-99F3-B0B6756E8F03}"
.\debug.cpp(400) : Destination "\Device\VPCNetS3_{83D769FC-3F3A-4EC5-99F3-B0B6756E8F03}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPL0000#5&2dccd7a4&0&UID280#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination "\Device\0000008f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000060"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000054"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F8D45E8D-0EE1-4DE3-9C9F-79E830DE217F}"
.\debug.cpp(400) : Destination "\Device\NDMP16"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{C2E91719-C0E0-438A-8A7D-61DC2B4E544F}"
.\debug.cpp(400) : Destination "\Device\NPF_{C2E91719-C0E0-438A-8A7D-61DC2B4E544F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination "\Device\AscKmd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
.\debug.cpp(400) : Destination "\Device\MICH_AZ0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1BB4B248-1CA6-434F-8B89-27FBFD7C1CFD}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\uxtdrpog"
.\debug.cpp(400) : Destination "\Device\uxtdrpog"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination "\Device\MPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9008A83E-ED98-465A-8BF8-DDB48CE1F399}.dgt"
.\debug.cpp(400) : Destination "\Device\{9008A83E-ED98-465A-8BF8-DDB48CE1F399}.dgt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VMM"
.\debug.cpp(400) : Destination "\Device\VMM"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&30e7d614&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&6d88364&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_01CE1028&REV_01#3&18d45aa6&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanIp"
.\debug.cpp(400) : Destination "\Device\NPF_NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) : Destination "\Device\NPF_{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr"
.\debug.cpp(400) : Destination "\Device\mbr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MBAMProtector"
.\debug.cpp(400) : Destination "\Device\MBAMProtector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD1600BJKT-00F4T0___________________11.01A11#5&b9654a1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&180ad589&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{7A577D60-1E2E-4F09-B32B-4029BC77BE58}"
.\debug.cpp(400) : Destination "\Device\NPF_{7A577D60-1E2E-4F09-B32B-4029BC77BE58}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\pxscan"
.\debug.cpp(400) : Destination "\Device\pxscan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000005f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#0#{629758ee-986e-4d9e-8e47-de27f8ab054d}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_01CE1028&REV_01#3&18d45aa6&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000005e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) : Destination "\Device\NPF_{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&17aa870d&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000075"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1151) : Done;

RRackman, Dec 16, 2010

#10
RRackman Newcomer, in training

mbrcheck.exe

Broni,

Thanks for the fast response. I am getting a little more worried. I tried the link from a different computer in the house and it did not work either.

I am going to go check from the wife's computer and see if it works from there (both mine and the second are win 7 OS machines). Is it possible that the rootkit has affected the DSL router ? or that it has infected across my home network to my other machine(s)?

Thank you again for the help

RRackman, Dec 16, 2010

#11
Broni Malware Annihilator
Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Broni, Dec 16, 2010

#12
RRackman Newcomer, in training

TDSSkiller log file

I have run this previous to my ask for help but have run it again as directed. Report was nothing found.
Here is the log file.

2010/12/16 18:38:39.0767 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/16 18:38:39.0767 ================================================================================
2010/12/16 18:38:39.0767 SystemInfo:
2010/12/16 18:38:39.0767
2010/12/16 18:38:39.0767 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/16 18:38:39.0767 Product type: Workstation
2010/12/16 18:38:39.0767 ComputerName: CHWILLIA2
2010/12/16 18:38:39.0782 UserName: Remo Rackman
2010/12/16 18:38:39.0782 Windows directory: C:\Windows
2010/12/16 18:38:39.0782 System windows directory: C:\Windows
2010/12/16 18:38:39.0782 Processor architecture: Intel x86
2010/12/16 18:38:39.0782 Number of processors: 2
2010/12/16 18:38:39.0782 Page size: 0x1000
2010/12/16 18:38:39.0782 Boot type: Normal boot
2010/12/16 18:38:39.0782 ================================================================================
2010/12/16 18:38:42.0122 Initialize success
2010/12/16 18:38:49.0626 ================================================================================
2010/12/16 18:38:49.0626 Scan started
2010/12/16 18:38:49.0626 Mode: Manual;
2010/12/16 18:38:49.0626 ================================================================================
2010/12/16 18:38:50.0593 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/16 18:38:50.0655 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/16 18:38:50.0702 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/16 18:38:50.0780 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/16 18:38:50.0796 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/16 18:38:50.0827 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/16 18:38:50.0874 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/16 18:38:50.0905 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/16 18:38:50.0936 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/16 18:38:50.0967 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/16 18:38:50.0999 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/16 18:38:51.0030 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/16 18:38:51.0045 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/16 18:38:51.0077 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/16 18:38:51.0108 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/16 18:38:51.0139 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/16 18:38:51.0170 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/16 18:38:51.0186 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/16 18:38:51.0248 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/16 18:38:51.0279 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/16 18:38:51.0326 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/16 18:38:51.0357 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/16 18:38:51.0404 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/16 18:38:51.0451 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/16 18:38:51.0482 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/16 18:38:51.0529 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/16 18:38:51.0545 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/16 18:38:51.0576 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/16 18:38:51.0607 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/16 18:38:51.0638 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/16 18:38:51.0669 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/16 18:38:51.0701 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/16 18:38:51.0716 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/16 18:38:51.0763 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/12/16 18:38:51.0794 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/16 18:38:51.0825 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/12/16 18:38:51.0857 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/12/16 18:38:51.0935 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/12/16 18:38:52.0013 btusbflt (24b6f65f80ebe0111e7807769ae3d6c0) C:\Windows\system32\drivers\btusbflt.sys
2010/12/16 18:38:52.0075 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2010/12/16 18:38:52.0106 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
2010/12/16 18:38:52.0137 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/12/16 18:38:52.0278 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/16 18:38:52.0325 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/16 18:38:52.0387 cfwids (f18e1d80a091823ff7ff3799ceed6b7f) C:\Windows\system32\drivers\cfwids.sys
2010/12/16 18:38:52.0465 CH341SER (e9fcc96798ab3b38a88c09475e6fea52) C:\Windows\system32\Drivers\CH341SER.SYS
2010/12/16 18:38:52.0590 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/16 18:38:52.0621 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/16 18:38:52.0683 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/16 18:38:52.0715 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/16 18:38:52.0746 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/16 18:38:52.0793 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/16 18:38:52.0824 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/16 18:38:52.0855 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/16 18:38:52.0917 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/12/16 18:38:53.0058 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/16 18:38:53.0120 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/16 18:38:53.0198 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/16 18:38:53.0245 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/16 18:38:53.0339 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/16 18:38:53.0432 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/16 18:38:53.0619 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/16 18:38:53.0666 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/16 18:38:53.0713 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/16 18:38:53.0775 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/16 18:38:53.0822 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/16 18:38:53.0853 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/16 18:38:53.0900 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/16 18:38:53.0947 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/16 18:38:54.0009 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/16 18:38:54.0072 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/16 18:38:54.0087 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/16 18:38:54.0165 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/16 18:38:54.0197 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/16 18:38:54.0275 guardian2 (f058c5f64dff28a2c8d7d1d04171e604) C:\Windows\system32\Drivers\oz776.sys
2010/12/16 18:38:54.0321 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/16 18:38:54.0384 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/12/16 18:38:54.0446 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/16 18:38:54.0477 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/16 18:38:54.0509 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/16 18:38:54.0571 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/16 18:38:54.0633 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/16 18:38:54.0680 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/16 18:38:54.0743 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/16 18:38:54.0789 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/12/16 18:38:54.0852 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/16 18:38:54.0899 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/16 18:38:54.0930 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/16 18:38:54.0977 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/16 18:38:55.0008 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/16 18:38:55.0055 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/16 18:38:55.0070 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/16 18:38:55.0117 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/16 18:38:55.0148 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/16 18:38:55.0179 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/16 18:38:55.0226 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/16 18:38:55.0242 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/16 18:38:55.0273 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/16 18:38:55.0320 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/16 18:38:55.0351 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/16 18:38:55.0382 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/16 18:38:55.0445 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/16 18:38:55.0538 libusb0 (bb90b64682d4108819947940bd7c4ea5) C:\Windows\system32\DRIVERS\libusb0.sys
2010/12/16 18:38:55.0772 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/16 18:38:55.0881 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/16 18:38:55.0913 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/16 18:38:55.0959 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/16 18:38:55.0975 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/16 18:38:56.0037 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/16 18:38:56.0115 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2010/12/16 18:38:56.0209 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
2010/12/16 18:38:56.0474 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
2010/12/16 18:38:56.0693 MBAMProtector (9b5cc6c481bdd00a963829b892623247) C:\Windows\system32\drivers\mbam.sys
2010/12/16 18:38:56.0833 mdmxsdk (e246a32c445056996074a397da56e815) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/16 18:38:56.0864 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/16 18:38:56.0927 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/16 18:38:56.0989 mfeapfk (3f2a40f1a5ccb876539e5fc160064bc9) C:\Windows\system32\drivers\mfeapfk.sys
2010/12/16 18:38:57.0051 mfeavfk (e67a1fda398f7511fe40997018cc4e98) C:\Windows\system32\drivers\mfeavfk.sys
2010/12/16 18:38:57.0129 mfebopk (999457578763eb1e0f0355f6d4a09014) C:\Windows\system32\drivers\mfebopk.sys
2010/12/16 18:38:57.0207 mfefirek (c85559940bf9d45f5bcc6e7de05dfafc) C:\Windows\system32\drivers\mfefirek.sys
2010/12/16 18:38:57.0254 mfehidk (745c47fa38bd299e8eee5a4a56aa6f83) C:\Windows\system32\drivers\mfehidk.sys
2010/12/16 18:38:57.0285 mfenlfk (83e43fb9bedf34006a87769b87109421) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/12/16 18:38:57.0317 mferkdet (e1cfebe832a0482ba071c41675dda53b) C:\Windows\system32\drivers\mferkdet.sys
2010/12/16 18:38:57.0379 mferkdk (f7488fabf1dc4ced93be36907ebc4749) C:\Windows\system32\drivers\mferkdk.sys
2010/12/16 18:38:57.0441 mfesmfk (63dd7b6d8a31dce0298e86de3873d013) C:\Windows\system32\drivers\mfesmfk.sys
2010/12/16 18:38:57.0488 mfewfpk (eb1bd3a1ca5005c84cc7e0650f23c4c1) C:\Windows\system32\drivers\mfewfpk.sys
2010/12/16 18:38:57.0519 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/16 18:38:57.0566 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/16 18:38:57.0597 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/16 18:38:57.0629 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/16 18:38:57.0660 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/16 18:38:57.0691 MPFP (cf16b359169ce325e5ee0348b3169ed4) C:\Windows\system32\Drivers\Mpfp.sys
2010/12/16 18:38:57.0722 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/16 18:38:57.0753 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/16 18:38:57.0785 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/16 18:38:57.0847 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/16 18:38:57.0894 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/16 18:38:57.0956 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/16 18:38:57.0972 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/16 18:38:58.0019 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/16 18:38:58.0081 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/16 18:38:58.0393 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/16 18:38:58.0424 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/16 18:38:58.0487 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/16 18:38:58.0518 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/16 18:38:58.0533 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/16 18:38:58.0580 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/16 18:38:58.0611 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/16 18:38:58.0643 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/16 18:38:58.0674 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/16 18:38:58.0705 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/16 18:38:58.0736 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/16 18:38:58.0783 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/16 18:38:58.0830 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/16 18:38:58.0861 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/16 18:38:58.0892 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/16 18:38:58.0939 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/16 18:38:58.0970 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/16 18:38:59.0001 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/16 18:38:59.0033 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/16 18:38:59.0204 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/12/16 18:38:59.0329 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/16 18:38:59.0407 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
2010/12/16 18:38:59.0438 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/16 18:38:59.0469 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/16 18:38:59.0532 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\Windows\system32\NSNDIS5.SYS
2010/12/16 18:38:59.0594 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/16 18:38:59.0657 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/16 18:38:59.0844 nvlddmkm (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/16 18:39:00.0031 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/16 18:39:00.0062 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/16 18:39:00.0109 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/16 18:39:00.0140 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/16 18:39:00.0187 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/16 18:39:00.0203 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/16 18:39:00.0234 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/16 18:39:00.0265 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/16 18:39:00.0296 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/16 18:39:00.0327 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/16 18:39:00.0343 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/16 18:39:00.0390 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/16 18:39:00.0515 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/16 18:39:00.0546 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/16 18:39:00.0593 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/16 18:39:00.0671 pxkbf (0c738845c7c12c45f05b127edff2cc87) C:\Windows\system32\drivers\pxkbf.sys
2010/12/16 18:39:00.0702 pxrts (04d1c97a0818f9378eeaa793a09f8202) C:\Windows\system32\drivers\pxrts.sys
2010/12/16 18:39:00.0733 pxscan (e6e1f9f717feab3e16c3b160b17e6855) C:\Windows\system32\drivers\pxscan.sys
2010/12/16 18:39:00.0795 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/16 18:39:00.0858 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/16 18:39:00.0889 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/16 18:39:00.0920 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/16 18:39:00.0951 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/16 18:39:00.0998 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/16 18:39:01.0029 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/16 18:39:01.0076 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/16 18:39:01.0107 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/16 18:39:01.0139 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/16 18:39:01.0170 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/16 18:39:01.0201 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/12/16 18:39:01.0248 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/16 18:39:01.0295 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/16 18:39:01.0310 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/16 18:39:01.0341 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/16 18:39:01.0404 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/12/16 18:39:01.0451 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/12/16 18:39:01.0482 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/12/16 18:39:01.0529 rismxdp (b0a7494a9ba7909efac64e05d3f160db) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/12/16 18:39:01.0591 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/16 18:39:01.0622 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/16 18:39:01.0669 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/16 18:39:01.0716 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/16 18:39:01.0778 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/16 18:39:01.0825 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/16 18:39:01.0903 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/16 18:39:01.0919 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/16 18:39:01.0965 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/16 18:39:02.0043 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/16 18:39:02.0106 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/16 18:39:02.0153 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/16 18:39:02.0199 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/16 18:39:02.0277 SI3132 (0b9b5c6df6226497ef4819b6e1b2efd5) C:\Windows\system32\DRIVERS\SI3132.sys
2010/12/16 18:39:02.0309 SiFilter (ad29a80543c63e5b3588d118fb327e22) C:\Windows\system32\DRIVERS\SiWinAcc.sys
2010/12/16 18:39:02.0324 SiRemFil (b19efe5e45ae31f3c3e4c4f0f9da3c49) C:\Windows\system32\DRIVERS\SiRemFil.sys
2010/12/16 18:39:02.0355 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/16 18:39:02.0402 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/16 18:39:02.0433 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/16 18:39:02.0465 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/16 18:39:02.0511 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/16 18:39:02.0589 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/16 18:39:02.0667 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/16 18:39:02.0714 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/12/16 18:39:02.0761 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/12/16 18:39:02.0839 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/12/16 18:39:02.0901 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/16 18:39:02.0948 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/16 18:39:03.0011 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/16 18:39:03.0026 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/16 18:39:03.0057 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/16 18:39:03.0151 SynTP (fa2daa32bed908023272a0f77d625dae) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/16 18:39:03.0260 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/12/16 18:39:03.0354 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/16 18:39:03.0385 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/16 18:39:03.0416 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/16 18:39:03.0447 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/16 18:39:03.0510 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/16 18:39:03.0588 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
2010/12/16 18:39:03.0603 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/16 18:39:03.0697 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/16 18:39:03.0744 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/16 18:39:03.0806 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/16 18:39:03.0837 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/16 18:39:03.0900 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/16 18:39:03.0931 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/16 18:39:03.0962 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/16 18:39:04.0087 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2010/12/16 18:39:04.0181 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\Windows\system32\DRIVERS\lgusbbus.sys
2010/12/16 18:39:04.0212 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/16 18:39:04.0243 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/16 18:39:04.0290 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2010/12/16 18:39:04.0321 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/16 18:39:04.0383 UsbGps (66ae66aa38127f3083cf27bfabd4760f) C:\Windows\system32\DRIVERS\lgusbgps.sys
2010/12/16 18:39:04.0415 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/16 18:39:04.0461 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2010/12/16 18:39:04.0493 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/16 18:39:04.0508 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/16 18:39:04.0539 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/16 18:39:04.0571 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/16 18:39:04.0633 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
2010/12/16 18:39:04.0680 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/16 18:39:04.0711 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/16 18:39:04.0727 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/16 18:39:04.0758 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/16 18:39:04.0805 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/16 18:39:04.0836 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/16 18:39:04.0851 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/16 18:39:04.0883 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/16 18:39:04.0914 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/16 18:39:04.0976 vmm (c01604eaea9c89035cff58cdb322476c) C:\Windows\system32\Drivers\vmm.sys
2010/12/16 18:39:05.0054 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/16 18:39:05.0085 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/16 18:39:05.0132 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/16 18:39:05.0179 vpcbus (63ef70b7bfb875436d5983e3c77f0681) C:\Windows\system32\DRIVERS\vpchbus.sys
2010/12/16 18:39:05.0273 vpcnfltr (2559494dc74877afce97c6f75e4b7020) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2010/12/16 18:39:05.0288 vpcusb (ac0adad2ad5a166100cf59fb9a7880b7) C:\Windows\system32\DRIVERS\vpcusb.sys
2010/12/16 18:39:05.0351 vpcuxd (533f4fa47006cc605de375d277cb70ea) C:\Windows\system32\DRIVERS\vpcuxd.sys
2010/12/16 18:39:05.0429 vpcvmm (7a806cc4416fe9b1b9c091e31bc638bc) C:\Windows\system32\drivers\vpcvmm.sys
2010/12/16 18:39:05.0475 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/16 18:39:05.0507 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/12/16 18:39:05.0553 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/16 18:39:05.0600 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/16 18:39:05.0616 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/16 18:39:05.0678 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/16 18:39:05.0709 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/16 18:39:05.0787 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/16 18:39:05.0803 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/16 18:39:05.0865 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/16 18:39:05.0990 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2010/12/16 18:39:06.0084 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/16 18:39:06.0193 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/16 18:39:06.0240 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/16 18:39:06.0271 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/16 18:39:06.0349 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\Windows\system32\Drivers\xbreader.sys
2010/12/16 18:39:06.0614 ================================================================================
2010/12/16 18:39:06.0614 Scan finished
2010/12/16 18:39:06.0614 ================================================================================
2010/12/16 18:39:48.0282 Deinitialize success

RRackman, Dec 16, 2010

#13
RRackman Newcomer, in training

Infection is still current

I have not rebooted since the starting the diagnostics / removal attempts tonight and I just saw that Malwarebytes has blocked another attempt using Port 137

RRackman, Dec 16, 2010

#14
Broni Malware Annihilator
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Dec 16, 2010

#15
RRackman Newcomer, in training

Combofix log

I have run Combofix and it did a automatic reboot. It was running on reboot and I waited until it was finished before doing anything.
Here is the log file created (I have my fingers crossed).

ComboFix 10-12-16.02 - Remo Rackman 12/16/2010 19:35:01.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2030 [GMT -8:00]
Running from: c:\users\Remo Rackman\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-17 03:54 . 2010-12-17 03:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-17 03:54 . 2010-12-17 03:54 -------- d-----w- c:\users\Ben\AppData\Local\temp
2010-12-15 07:49 . 2010-12-15 07:49 -------- d-----w- c:\programdata\PC Tools
2010-12-15 05:02 . 2010-12-17 03:57 -------- d-----w- c:\users\Remo Rackman\AppData\Local\temp
2010-12-15 04:28 . 2010-12-15 04:28 -------- d-----w- c:\programdata\Trend Micro
2010-12-14 12:41 . 2010-11-16 20:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{473E05E6-EFC2-44C1-89EB-637F7D258EC1}\mpengine.dll
2010-12-13 06:05 . 2010-12-13 06:05 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-12-13 06:05 . 2010-12-13 06:05 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-12-13 06:05 . 2010-12-13 06:05 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-12-13 06:05 . 2010-12-13 06:05 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-12-13 06:05 . 2010-12-13 06:05 -------- d-----w- c:\program files\Prevx
2010-12-13 06:05 . 2010-12-16 02:15 -------- d-----w- c:\programdata\PrevxCSI
2010-12-13 03:16 . 2010-12-13 03:16 -------- d-----w- c:\program files\WinPcap
2010-12-13 03:16 . 2010-12-13 03:16 -------- d-----w- c:\program files\Trend Micro
2010-12-13 02:13 . 2010-12-16 02:58 -------- d-----w- C:\HJT
2010-12-12 11:30 . 2010-12-12 11:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-12-12 11:29 . 2010-12-12 11:29 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-12-12 11:19 . 2010-12-12 11:19 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-12-11 20:45 . 2010-10-19 18:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-09 11:38 . 2010-12-09 11:38 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-01 14:58 . 2010-11-25 07:52 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2010-11-27 03:59 . 2010-11-27 03:59 -------- d-----w- c:\users\Remo Rackman\.thumbnails
2010-11-23 23:44 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-21 22:04 . 2007-03-23 11:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2010-11-21 19:55 . 2010-12-14 11:41 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-11-21 19:54 . 2010-12-14 11:41 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-11-21 19:54 . 2010-12-14 11:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-11-21 19:54 . 2010-12-12 11:19 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-30 01:42 . 2010-10-10 03:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 01:42 . 2010-10-10 03:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-25 07:38 . 2010-04-13 04:44 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-11-25 07:38 . 2010-04-13 04:43 85760 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-11-25 07:38 . 2010-04-13 04:43 57240 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-11-25 07:38 . 2010-04-13 04:43 332928 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-11-25 07:38 . 2010-04-13 04:43 163656 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-11-25 07:38 . 2010-03-12 22:10 454840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-11-25 07:38 . 2010-04-13 04:43 64464 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-11-25 07:38 . 2010-04-13 04:43 59096 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-11-25 07:38 . 2010-04-13 04:43 173208 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-11-25 07:38 . 2010-03-12 22:10 116872 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-14 09:36 . 2010-10-14 09:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 09:36 . 2010-10-14 09:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-10-14 05:38 . 2010-10-14 05:27 100512 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
2010-09-24 20:25 . 2010-09-24 20:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
2010-09-24 20:19 . 2010-09-24 20:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 19:14 . 2010-09-24 19:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
2010-09-23 07:47 . 2010-09-23 07:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-21 21:03 . 2010-09-21 21:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2009-12-12 18:08 . 2009-12-19 23:52 147456 ----a-w- c:\program files\NetworkIndicator.exe
2010-07-07 22:12 . 2010-10-15 09:08 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-07 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"NetworkIndicator"="c:\program files\NetworkIndicator.exe" [2009-12-12 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-03-06 96800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-20 1303120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-30 963976]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-30 443728]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-30 963976]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-10-11 1103184]

c:\users\Remo Rackman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 04:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelayShred]
2010-11-22 14:58 122728 ----a-w- c:\progra~1\McAfee\MQS\ShrCL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-08-07 20:41 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 21:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-27 01:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2006-10-20 37296]
R3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2007-09-23 37488]
R3 EloBus;Elobus Filter Driver;c:\windows\system32\DRIVERS\EloBus.sys [x]
R3 EloSer;Elo Serial Driver;c:\windows\system32\DRIVERS\EloSer.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/15/2010,1.12.0.1;c:\windows\system32\DRIVERS\libusb0.sys [2010-03-15 20992]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-25 85760]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TwBus;3M MicroTouch Serial Bus Enumerator;c:\windows\system32\DRIVERS\TwBus.sys [x]
R3 TwTouch;3M MicroTouch Sensor;c:\windows\system32\DRIVERS\TwTouch.sys [x]
R3 UsbGps;LGE Mobile USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgusbgps.sys [2010-01-21 19840]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-07-22 12800]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-10 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
R3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\Drivers\xbreader.sys [2001-01-03 19677]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2010-12-13 32008]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-11-25 64464]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-11-25 163656]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-12-13 76696]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2010-12-13 6416120]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-30 363344]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-11-02 213880]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-11-02 213880]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-11-02 213880]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-11-25 155712]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-11-25 145936]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S2 Trend Micro RUBotted Service;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2010-10-11 431440]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-25 57240]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-30 20952]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-25 332928]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-12-13 26096]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-12-16 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-08-07 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070525
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: gmodules.com\99
Trusted Zone: google.com\images
Trusted Zone: google.com\www
Trusted Zone: googlecommunity.com\www
Trusted Zone: humbuckermusic.com\www
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motorola.com
Trusted Zone: myspace.com\www
Trusted Zone: twitter.com
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\McAfee\MSC\McSnIePl.dll
FF - ProfilePath - c:\users\Remo Rackman\AppData\Roaming\Mozilla\Firefox\Profiles\dkaf33o5.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6196)
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\agent\mcupdate.exe
.
**************************************************************************
.
Completion time: 2010-12-16 20:02:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-17 04:02

Pre-Run: 57,722,105,856 bytes free
Post-Run: 57,649,098,752 bytes free

- - End Of File - - 09FF34FE4BABDCFC464EA50AE4FC8F94

RRackman, Dec 16, 2010

#16
Broni Malware Annihilator
The log looks good now

How are the issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Dec 16, 2010

#17
RRackman Newcomer, in training

OTL logs (OTL.txt (part 1))

I am still getting notification from Malwarebytes of blocked connections to malicious sites and as I was loading Firefox to log in here, McAfee notified of a blocked access to a "Risky connection".

Outlook is still sluggish moving from folder to folder (inbox, deleted, sent, etc) and I have lost the ability to click on links within an email.

I could not connect to the link you sent me for OTL.exe, and I cannot access geekstogo website at all from my computer, but I can from other computers in the house.

Here is the first log from OTL:

OTL logfile created on: 12/17/2010 6:31:37 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Remo Rackman\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 53.04 Gb Free Space | 35.58% Space Free | Partition Type: NTFS

Computer Name: CHWILLIA2 | User Name: Remo Rackman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/17 17:59:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Remo Rackman\Desktop\OTL.exe
PRC - [2010/12/12 22:05:54 | 006,416,120 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/29 17:42:14 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/24 23:51:32 | 000,155,712 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/11/24 23:51:12 | 000,163,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/11/24 23:48:50 | 000,145,936 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/11/22 19:21:22 | 000,361,712 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2010/11/19 20:31:14 | 001,303,120 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/11/02 15:45:14 | 000,213,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/10/11 15:25:42 | 000,431,440 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/10/11 15:25:36 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2010/09/24 12:19:08 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/12 06:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/12/12 10:08:20 | 000,147,456 | ---- | M] (ITSamples.com) -- C:\Program Files\NetworkIndicator.exe
PRC - [2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/08/07 12:41:03 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (SafeList) ==========

MOD - [2010/12/17 17:59:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Remo Rackman\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/04/01 08:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/07/13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 17:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 17:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/12/12 22:05:54 | 006,416,120 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/24 23:51:32 | 000,155,712 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2010/11/24 23:51:12 | 000,163,952 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/11/24 23:48:50 | 000,145,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/11/22 19:21:22 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/11/02 15:45:14 | 000,213,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/11/02 15:45:14 | 000,213,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/11/02 15:45:14 | 000,213,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/11/02 15:45:14 | 000,213,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/11/02 15:45:14 | 000,213,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/11/02 15:45:14 | 000,213,880 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/11/02 15:45:14 | 000,213,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/11 15:25:42 | 000,431,440 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe -- (Trend Micro RUBotted Service)
SRV - [2010/09/24 12:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 12:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 12:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/08/15 22:15:05 | 000,804,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/03/09 16:01:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/12 06:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/10/20 10:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/08/16 13:27:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\TwTouch.sys -- (TwTouch)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\TwBus.sys -- (TwBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\EloSer.sys -- (EloSer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\EloBus.sys -- (EloBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\frmupgr.sys -- (DFUBTUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\REMORA~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/12/12 22:05:55 | 000,076,696 | ---- | M] (Prevx) [File_System | System | Running] -- C:\Windows\System32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/12/12 22:05:55 | 000,032,008 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2010/12/12 22:05:54 | 000,026,096 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/24 23:38:02 | 000,454,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/11/24 23:38:02 | 000,332,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/11/24 23:38:02 | 000,163,656 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/11/24 23:38:02 | 000,085,760 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/11/24 23:38:02 | 000,057,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/11/24 23:38:00 | 000,173,208 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/11/24 23:38:00 | 000,116,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/11/24 23:38:00 | 000,064,464 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/11/24 23:38:00 | 000,059,096 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/09/08 14:42:16 | 000,230,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/03/15 14:01:10 | 000,020,992 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/01/21 00:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 00:59:58 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbgps.sys -- (UsbGps)
DRV - [2010/01/21 00:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 00:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/12/10 23:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/09 09:12:42 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009/10/20 10:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2009/10/07 08:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/09 16:19:16 | 000,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2009/07/22 13:54:19 | 000,293,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/07/22 13:54:19 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/07/22 13:53:23 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/07/22 13:53:21 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcuxd.sys -- (vpcuxd)
DRV - [2009/07/22 13:53:19 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/07/13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 17:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 17:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 17:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 17:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 17:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 17:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 15:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 15:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 15:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 15:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 14:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 14:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 14:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/08 13:50:52 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/07/08 12:44:20 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/07/08 12:43:46 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/03/06 10:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/11/05 13:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/11 05:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/07/29 05:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/10/03 21:55:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/03 21:55:28 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2007/10/03 21:55:08 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2007/09/23 08:00:00 | 000,037,488 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CH341SER.SYS -- (CH341SER)
DRV - [2006/11/06 17:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 15:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 15:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/10/20 14:34:16 | 000,037,296 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2006/03/08 11:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/01 16:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 16:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 16:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2004/03/23 18:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nsndis5.sys -- (NSNDIS5)
DRV - [2001/01/02 22:53:30 | 000,019,677 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xbreader.sys -- (xbreader) ActionReplay XBox Driver (xbreader.sys)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070525
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 93 9D 06 9C 17 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/12/14 19:36:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 20:24:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/15 20:55:58 | 000,000,000 | ---D | M]

[2010/10/20 18:48:40 | 000,000,000 | ---D | M] -- C:\Users\Remo Rackman\AppData\Roaming\Mozilla\Extensions
[2010/12/16 20:15:27 | 000,000,000 | ---D | M] -- C:\Users\Remo Rackman\AppData\Roaming\Mozilla\Firefox\Profiles\dkaf33o5.default\extensions
[2010/12/06 21:14:07 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Remo Rackman\AppData\Roaming\Mozilla\Firefox\Profiles\dkaf33o5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/12/15 16:15:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/07 14:12:08 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/20 18:48:51 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

RRackman, Dec 17, 2010

#18
RRackman Newcomer, in training

OTL logs (OTL.txt (part 2))

O1 HOSTS File: ([2010/12/16 19:57:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\Windows\System32\PxSecure.dll (Prevx)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101201065849.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NetworkIndicator] C:\Program Files\NetworkIndicator.exe (ITSamples.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: gmodules.com ([99] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([images] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: googlecommunity.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: humbuckermusic.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: motorola.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: motorola.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: myspace.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: twitter.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/12/17 18:15:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Remo Rackman\Desktop\OTL.exe
[2010/12/16 19:57:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/12/16 19:30:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/16 18:38:19 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Remo Rackman\Desktop\TDSSKiller.exe
[2010/12/16 17:33:22 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Remo Rackman\Desktop\remover.exe
[2010/12/15 20:32:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/12/14 23:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/12/14 23:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/12/14 21:02:46 | 000,000,000 | ---D | C] -- C:\Users\Remo Rackman\AppData\Local\temp
[2010/12/14 20:38:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/14 20:38:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/14 20:38:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/14 20:37:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/14 20:31:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/14 20:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2010/12/12 22:09:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Remo Rackman\Desktop\TFC.exe
[2010/12/12 22:05:56 | 000,071,880 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010/12/12 22:05:55 | 000,076,696 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/12/12 22:05:55 | 000,032,008 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010/12/12 22:05:54 | 000,026,096 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010/12/12 22:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/12/12 22:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2010/12/12 19:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/12/12 19:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/12 18:13:55 | 000,000,000 | ---D | C] -- C:\HJT
[2010/12/10 19:42:37 | 000,000,000 | ---D | C] -- C:\Users\Remo Rackman\Desktop\Work Phone Pics
[2010/11/26 19:59:55 | 000,000,000 | ---D | C] -- C:\Users\Remo Rackman\.thumbnails
[2010/11/26 19:57:34 | 000,000,000 | ---D | C] -- C:\Users\Remo Rackman\Documents\gegl-0.0
[2009/12/19 15:52:41 | 000,147,456 | ---- | C] (ITSamples.com) -- C:\Program Files\NetworkIndicator.exe

========== Files - Modified Within 30 Days ==========

[2010/12/17 18:18:39 | 000,663,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/17 18:18:39 | 000,122,012 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/17 17:59:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Remo Rackman\Desktop\OTL.exe
[2010/12/16 20:33:27 | 000,013,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/16 20:33:27 | 000,013,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/16 20:25:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/16 20:25:53 | 2616,037,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/16 19:57:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/16 19:25:08 | 003,993,198 | R--- | M] () -- C:\Users\Remo Rackman\Desktop\ComboFix.exe
[2010/12/15 21:09:02 | 002,358,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/15 20:53:16 | 000,000,162 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/12/15 16:43:30 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/12/15 16:10:08 | 000,426,196 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101215-164702.backup
[2010/12/15 06:30:28 | 000,080,384 | ---- | M] () -- C:\Users\Remo Rackman\Desktop\MBRCheck.exe
[2010/12/14 22:01:07 | 000,296,448 | ---- | M] () -- C:\Users\Remo Rackman\Desktop\5nvhyl75.exe
[2010/12/14 20:58:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101215-161008.backup
[2010/12/14 20:00:14 | 000,037,216 | ---- | M] () -- C:\Users\Remo Rackman\Documents\BCD00000000.reg
[2010/12/12 23:26:41 | 000,053,248 | ---- | M] () -- C:\Users\Remo Rackman\Documents\PW_list.xls
[2010/12/12 22:09:23 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Remo Rackman\Desktop\TFC.exe
[2010/12/12 22:05:56 | 000,071,880 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010/12/12 22:05:55 | 000,076,696 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/12/12 22:05:55 | 000,032,008 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010/12/12 22:05:54 | 000,026,096 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010/12/08 14:48:08 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Remo Rackman\Desktop\TDSSKiller.exe
[2010/12/03 22:52:23 | 000,426,736 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101210-203158.backup
[2010/12/01 16:52:59 | 397,436,429 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/30 17:40:34 | 000,054,041 | ---- | M] () -- C:\Users\Public\Documents\218 397 098 2010-11-30 17.40.tvs
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/26 22:51:50 | 000,049,395 | ---- | M] () -- C:\Users\Remo Rackman\Desktop\P7270024 (Medium).JPG
[2010/11/24 23:38:02 | 000,454,840 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010/11/24 23:38:02 | 000,332,928 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010/11/24 23:38:02 | 000,163,656 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010/11/24 23:38:02 | 000,085,760 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010/11/24 23:38:02 | 000,057,240 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2010/11/24 23:38:02 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010/11/24 23:38:00 | 000,173,208 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/11/24 23:38:00 | 000,116,872 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010/11/24 23:38:00 | 000,064,464 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010/11/24 23:38:00 | 000,059,096 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys

========== Files Created - No Company Name ==========

[2010/12/16 19:31:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/16 19:24:55 | 003,993,198 | R--- | C] () -- C:\Users\Remo Rackman\Desktop\ComboFix.exe
[2010/12/16 17:32:09 | 000,080,384 | ---- | C] () -- C:\Users\Remo Rackman\Desktop\MBRCheck.exe
[2010/12/15 16:43:30 | 000,000,254 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/12/14 22:03:37 | 000,296,448 | ---- | C] () -- C:\Users\Remo Rackman\Desktop\5nvhyl75.exe
[2010/12/14 20:38:10 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/14 20:38:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/14 20:38:10 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/14 20:38:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/14 20:00:14 | 000,037,216 | ---- | C] () -- C:\Users\Remo Rackman\Documents\BCD00000000.reg
[2010/11/30 18:06:21 | 000,054,041 | ---- | C] () -- C:\Users\Public\Documents\218 397 098 2010-11-30 17.40.tvs
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/11/25 23:37:09 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/25 23:37:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/04 19:30:46 | 000,003,584 | ---- | C] () -- C:\Users\Remo Rackman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/20 10:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/10/07 08:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/08/16 21:58:51 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/12/12 17:55:07 | 000,000,000 | ---D | M] -- C:\Users\Remo Rackman\AppData\Roaming\BitTorrent
[2010/08/01 12:18:38 | 000,000,000 | ---D | M] -- C:\Users\Remo Rackman\AppData\Roaming\Blitware
[2010/08/01 12:08:37 | 000,000,000 | ---D | M] -- C:\Users\Remo Rackman\AppData\Roaming\Flash Undelete Software
[2010/07/14 21:01:11 | 000,000,000 | ---D | M] -- C:\Users\Remo Rackman\AppData\Roaming\JawboneUpdater
[2010/02/18 21:16:59 | 000,000,000 | ---D | M] -- C:\Users\Remo Rackman\AppData\Roaming\Leadertech
[2010/01/28 18:09:20 | 000,000,000 | ---D | M] -- C:\Users\Remo Rackman\AppData\Roaming\TeamViewer
[2010/04/05 16:49:54 | 000,000,000 | ---D | M] -- C:\Users\Remo Rackman\AppData\Roaming\Xerox
[2010/08/01 22:29:37 | 000,000,000 | ---D | M] -- C:\Users\Remo Rackman\AppData\Roaming\Xilisoft
[2010/12/03 22:39:40 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/08/30 18:44:43 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/06/10 13:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 17:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/08/07 12:52:54 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/12/16 20:02:08 | 000,020,019 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 13:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/12/16 20:25:53 | 2616,037,376 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/01 21:07:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/01 21:07:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/16 20:25:55 | 3488,051,200 | -HS- | M] () -- C:\pagefile.sys
[2010/12/16 18:39:48 | 000,073,408 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_16.12.2010_18.38.39_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/13 20:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 20:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 20:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 20:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/06/22 17:58:20 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2009/07/13 17:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 17:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
[2009/07/17 09:07:52 | 000,011,264 | ---- | M] (Xerox Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\Xrprt_b.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 20:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2009/12/12 10:08:20 | 000,147,456 | ---- | M] (ITSamples.com) -- C:\Program Files\NetworkIndicator.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x %systemroot%\*.config %systemroot%\system32\*.db %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x %USERPROFILE%\Desktop\*.exe %PROGRAMFILES%\Common Files\*.* %systemroot%\*.src >
Invalid Switch: x %USERPROFILE%\Desktop\*.exe %PROGRAMFILES%\Common Files\*.* %systemroot%\*.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/12/26 22:54:24 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/12/26 22:54:24 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/12/26 22:54:24 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/12/26 22:54:24 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/12/26 22:54:24 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2009/12/26 22:54:24 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/04 14:57:39 | 000,000,402 | -HS- | M] () -- C:\Users\Remo Rackman\Favorites\desktop.ini
[2010/11/02 19:35:05 | 000,000,653 | ---- | M] () -- C:\Users\Remo Rackman\Favorites\Shortcut to School.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c dir /b "%systemroot%\*.exe" | find /i " " /c >
0

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >

RRackman, Dec 17, 2010

#19
RRackman Newcomer, in training

OTL logs (Extras.txt)

OTL Extras logfile created on: 12/17/2010 6:31:37 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Remo Rackman\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 53.04 Gb Free Space | 35.58% Space Free | Partition Type: NTFS

Computer Name: CHWILLIA2 | User Name: Remo Rackman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C3AB990-1F33-3D6B-9F34-8D5189FA04D3}" = Windows Phone 7 Add-in for Visual Studio 2010 - ENU
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{49F09453-8205-48CF-ADE6-29CE6B509669}" = SmartFTP Client
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
"{5542F72D-45E4-371C-BE4B-A7CB70C11E9D}" = Windows Phone Emulator - ENU
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ONENOTER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{91120000-00A1-0000-0000-0000000FF1CE}_ONENOTER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00A1-0000-0000-0000000FF1CE}_ONENOTER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB91CB0-17D9-44EB-BFB2-5307AB7E7DDC}" = Microsoft Visual Studio 2010 Express for Windows Phone - ENU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3FA9BC-3F96-44F1-9E8F-0544A2226432}" = Image Resizer Powertoy Clone for Windows
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3A5CA951EF665845B5AD1156BD88090C7A4F3E57" = Windows Driver Package - Intel Net (08/20/2008 8.10.3.0)
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.5 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avi2Dvd" = Avi2Dvd 0.5
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Blend_4.0.20901.0" = Microsoft Expression Blend 4
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DVD Shrink_is1" = DVD Shrink 3.2
"FastStone Image Viewer" = FastStone Image Viewer 4.2
"GOM Player" = GOM Player
"Jawbone Updater" = Jawbone Updater
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual Studio 2010 Express for Windows Phone - ENU" = Microsoft Windows Phone Developer Tools - ENU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = McAfee SecurityCenter
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"ONENOTER" = Microsoft Office OneNote 2007
"PCSI" = Prevx
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"VISPROR" = Microsoft Office Visio Professional 2007
"Winamp" = Winamp
"Winamp Essentials Pack" = Winamp Essentials Pack
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2010 5:16:44 AM | Computer Name = chwillia2 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 12/13/2010 5:20:55 AM | Computer Name = chwillia2 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 12/15/2010 4:49:27 AM | Computer Name = chwillia2 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 12/15/2010 4:53:16 AM | Computer Name = chwillia2 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 12/16/2010 4:31:37 AM | Computer Name = chwillia2 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 12/16/2010 4:34:35 AM | Computer Name = chwillia2 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 12/16/2010 9:16:18 PM | Computer Name = chwillia2 | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 12.0.6548.5000, time
stamp: 0x4cafbeb3 Faulting module name: olmapi32.dll, version: 12.0.6548.5000, time
stamp: 0x4cafbbf7 Exception code: 0xc0000005 Fault offset: 0x00003276 Faulting process
id: 0x1308 Faulting application start time: 0x01cb9d8774a9c8dc Faulting application
path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE Faulting module path:
c:\progra~1\micros~2\office12\olmapi32.dll Report Id: 3f623d58-097b-11e0-8228-0015c53e962d

Error - 12/17/2010 4:31:37 AM | Computer Name = chwillia2 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 12/17/2010 4:34:57 AM | Computer Name = chwillia2 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 12/17/2010 10:21:18 PM | Computer Name = chwillia2 | Source = Application Error | ID = 1000
Description = Faulting application name: mcagent.exe, version: 11.0.435.0, time
stamp: 0x4ce716e6 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x03832f60 Faulting process id: 0x2720 Faulting application
start time: 0x01cb9dad1cf1f4f1 Faulting application path: C:\Program Files\McAfee.com\Agent\mcagent.exe
Faulting
module path: unknown Report Id: 7ee66d4a-0a4d-11e0-8222-0015c53e962d

[ Media Center Events ]
Error - 12/12/2010 9:04:30 PM | Computer Name = chwillia2 | Source = MCUpdate | ID = 0
Description = 5:04:29 PM - Error connecting to the internet. 5:04:29 PM - Unable
to contact server..

Error - 12/12/2010 10:04:45 PM | Computer Name = chwillia2 | Source = MCUpdate | ID = 0
Description = 6:04:41 PM - Error connecting to the internet. 6:04:41 PM - Unable
to contact server..

Error - 12/13/2010 7:17:44 AM | Computer Name = chwillia2 | Source = MCUpdate | ID = 0
Description = 3:17:44 AM - Error connecting to the internet. 3:17:44 AM - Unable
to contact server..

Error - 12/13/2010 7:17:55 AM | Computer Name = chwillia2 | Source = MCUpdate | ID = 0
Description = 3:17:49 AM - Error connecting to the internet. 3:17:49 AM - Unable
to contact server..

Error - 12/13/2010 8:19:37 AM | Computer Name = chwillia2 | Source = MCUpdate | ID = 0
Description = 4:19:37 AM - Error connecting to the internet. 4:19:37 AM - Unable
to contact server..

Error - 12/13/2010 8:19:46 AM | Computer Name = chwillia2 | Source = MCUpdate | ID = 0
Description = 4:19:42 AM - Error connecting to the internet. 4:19:42 AM - Unable
to contact server..

Error - 12/13/2010 9:19:58 AM | Computer Name = chwillia2 | Source = MCUpdate | ID = 0
Description = 5:19:58 AM - Error connecting to the internet. 5:19:58 AM - Unable
to contact server..

Error - 12/13/2010 9:20:09 AM | Computer Name = chwillia2 | Source = MCUpdate | ID = 0
Description = 5:20:03 AM - Error connecting to the internet. 5:20:03 AM - Unable
to contact server..

Error - 12/13/2010 9:33:21 PM | Computer Name = chwillia2 | Source = MCUpdate | ID = 0
Description = 5:33:21 PM - Error connecting to the internet. 5:33:21 PM - Unable
to contact server..

Error - 12/13/2010 9:33:31 PM | Computer Name = chwillia2 | Source = MCUpdate | ID = 0
Description = 5:33:27 PM - Error connecting to the internet. 5:33:27 PM - Unable
to contact server..

[ OSession Events ]
Error - 2/1/2010 12:36:28 AM | Computer Name = chwillia2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/1/2010 9:20:23 PM | Computer Name = chwillia2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 74520
seconds with 720 seconds of active time. This session ended with a crash.

Error - 3/24/2010 7:43:31 PM | Computer Name = chwillia2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 160424
seconds with 600 seconds of active time. This session ended with a crash.

Error - 5/8/2010 4:24:51 AM | Computer Name = chwillia2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 276
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/24/2010 10:29:08 PM | Computer Name = chwillia2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 275
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/15/2010 12:28:57 AM | Computer Name = chwillia2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 239
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/25/2010 6:16:02 AM | Computer Name = chwillia2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 884817
seconds with 5340 seconds of active time. This session ended with a crash.

Error - 9/29/2010 10:29:08 PM | Computer Name = chwillia2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 273
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/1/2010 11:45:30 PM | Computer Name = chwillia2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 311
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/16/2010 9:16:17 PM | Computer Name = chwillia2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 235
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/16/2010 10:54:35 PM | Computer Name = chwillia2 | Source = Service Control Manager | ID = 7031
Description = The CSIScanner service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.

Error - 12/16/2010 10:54:46 PM | Computer Name = chwillia2 | Source = Service Control Manager | ID = 7000
Description = The CSIScanner service failed to start due to the following error:
%%109

Error - 12/16/2010 10:57:17 PM | Computer Name = chwillia2 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 12/16/2010 11:30:47 PM | Computer Name = chwillia2 | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/16/2010 11:34:39 PM | Computer Name = chwillia2 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/16/2010 11:55:07 PM | Computer Name = chwillia2 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:54:05 PM on ?12/?16/?2010 was unexpected.

Error - 12/16/2010 11:55:10 PM | Computer Name = chwillia2 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 12/17/2010 12:26:02 AM | Computer Name = chwillia2 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 12/17/2010 10:14:49 PM | Computer Name = chwillia2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/17/2010 10:19:39 PM | Computer Name = chwillia2 | Source = BROWSER | ID = 8032
Description =

< End of report >

RRackman, Dec 17, 2010

#20

(You must log in or sign up to reply here.)

Page 1 of 3

Thread Status:: Not open for further replies.

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved