Windows 7 32-bit version on a continuous restart

Solved
By AB Hat
Aug 12, 2012
  1. My PC is on a continuous reboot. It starts up and then indicates that windows has encountered a critical problem and will restart in one minute. MSE had indicated that my system is infected with sirefef trojan/virus and needs to be cleaned, but I do not get the opportunity to do so because of the restart. So now I am unable to run any of the antivirus programs to clean the trojan/virus. Please help.
  2. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  3. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    I have run FRST as you indicated. I have uploaded the two files FRST.txt and Search.txt
    I have also pasted the results here.
    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-08-2012
    Ran by SYSTEM at 13-08-2012 21:12:07
    Running from G:\
    Windows 7 Home Premium (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
    HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [71176 2007-05-24] (Hewlett-Packard)
    HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
    HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
    HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)
    HKLM\...\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" [54936 2007-04-07] (Sun Microsystems, Inc.)
    HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
    HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)
    HKLM\...\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
    HKLM\...\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe" [1565696 2010-03-17] (Alcatel-Lucent)
    HKLM\...\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
    HKLM\...\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe [x]
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM\...\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1409384 2011-10-03] (Garmin)
    HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
    HKU\Bhat Family\...\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe [77656 2011-03-10] (Intuit Inc.)
    HKU\Bhat Family\...\Run: [Google Update] "C:\Users\Bhat Family\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-16] (Google Inc.)
    HKU\Bhat Family\...\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\Bhat Family\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-29] (Gemalto N.V.)
    HKU\Bhat Family\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Bhat Family\...\Run: [CAHeadless] C:\Program Files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe [615808 2009-09-06] (Adobe Systems Incorporated)
    HKU\Bhat Family\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-03] (Skype Technologies S.A.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.112.12
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
    ShortcutTarget: Snapfish Media Detector.lnk -> C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe ()

    ================================ Services (Whitelisted) ==================

    3 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated)
    3 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    2 IHA_MessageCenter; "C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [335888 2012-06-11] (Verizon)
    2 IntuitUpdateServiceV4; "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
    2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-05-03] (Skype Technologies)
    2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
    3 IDriverT; "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [x]
    2 LightScribeService; "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x]
    2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
    3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
    3 RoxMediaDB9; "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" [x]
    3 stllssvr; "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [x]

    ========================== Drivers (Whitelisted) =============

    3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    3 VSTHWBS2; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)
    3 VST_DPV; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.)
    3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
    3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-12 22:39 - 2012-08-12 22:40 - 00000000 ____D C:\FRST
    2012-08-12 17:17 - 2012-08-12 17:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-12 16:36 - 2012-08-12 16:36 - 00144808 ____A C:\Windows\Minidump\081212-40107-01.dmp
    2012-08-12 11:52 - 2012-08-12 11:52 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-08-07 17:16 - 2012-08-07 17:16 - 23870334 ____A C:\Users\Bhat Family\Desktop\Kunidu Kunidu Baare - PitchA#.wav
    2012-07-31 06:43 - 2012-07-31 06:43 - 38056556 ____A C:\Users\Bhat Family\Desktop\Bole_Re_Paihara-Guddi-HKS-Pitch B.wav
    2012-07-31 06:41 - 2012-07-31 06:41 - 58548524 ____A C:\Users\Bhat Family\Desktop\Ishq_Sufiyana(female)-The_Dirty_Picture-HKS -PitchG#.wav
    2012-07-28 12:59 - 2012-07-28 12:59 - 00098054 ____A C:\Users\Bhat Family\Downloads\JTSIAH.htm
    2012-07-15 08:46 - 2012-07-15 08:47 - 13533324 ____A C:\Users\Bhat Family\Documents\Sneha Graduation.3gp
    2012-07-15 08:00 - 2012-07-15 08:00 - 00003596 ____A C:\Users\Bhat Family\Documents\Thaye Yashoda.xmp
    2012-07-15 07:42 - 2012-07-15 07:44 - 13852266 ____A C:\Users\Bhat Family\Documents\Modalasala.3gp
    2012-07-15 07:42 - 2012-07-15 07:42 - 00003602 ____A C:\Users\Bhat Family\Documents\Modalasala.xmp
    2012-07-15 07:20 - 2012-07-15 07:22 - 15115010 ____A C:\Users\Bhat Family\Documents\Veena Mehendi CUT.3gp
    2012-07-15 07:15 - 2012-07-15 07:18 - 186114048 ____A C:\Users\Bhat Family\Documents\Veena Mehendi CUT.mpg
    2012-07-15 07:05 - 2012-07-15 07:11 - 280920064 ____A C:\Users\Bhat Family\Documents\Thaye Yashoda.mpg
    2012-07-15 06:58 - 2012-07-15 07:01 - 170151936 ____A C:\Users\Bhat Family\Documents\Modalasala.mpg
    2012-07-15 06:46 - 2012-07-15 06:46 - 00001187 ____A C:\Users\Public\Desktop\PhotoshopdotcomInspirationBrowser.lnk
    2012-07-15 06:46 - 2012-07-15 06:46 - 00000000 ____D C:\Users\Bhat Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
    2012-07-14 12:32 - 2012-07-14 12:32 - 00001253 ____A C:\Users\Bhat Family\Desktop\AVS4YOU Software Navigator.lnk
    2012-07-14 12:32 - 2012-07-14 12:32 - 00000000 ____D C:\Users\Bhat Family\AppData\Roaming\AVS4YOU
    2012-07-14 12:31 - 2012-07-14 12:32 - 00000000 ____D C:\Users\All Users\AVS4YOU
    2012-07-14 12:31 - 2012-07-14 12:32 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
    2012-07-14 12:31 - 2012-07-14 12:32 - 00000000 ____D C:\Program Files\AVS4YOU
    2012-07-14 12:31 - 2012-07-14 12:31 - 00001197 ____A C:\Users\Bhat Family\Desktop\AVS Video Converter.lnk
    2012-07-14 12:31 - 2012-03-23 15:59 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\msxml3a.dll
    2012-07-14 12:31 - 2012-03-23 15:58 - 11137024 ____A (Intel Corporation) C:\Windows\System32\libmfxsw32.dll

    ============ 3 Months Modified Files ========================

    2012-08-12 18:22 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-08-12 18:21 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-12 18:20 - 2009-07-13 20:39 - 12334624 ____A C:\Windows\setupact.log
    2012-08-12 17:18 - 2011-11-19 14:10 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-12 17:18 - 2010-08-21 11:31 - 01341992 ____A C:\Windows\WindowsUpdate.log
    2012-08-12 17:17 - 2010-08-21 11:40 - 00742892 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-12 17:17 - 2010-08-21 11:12 - 00010048 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-12 17:17 - 2010-08-21 11:12 - 00010048 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-12 16:49 - 2012-04-29 05:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-12 16:40 - 2011-04-16 07:41 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-275413225-1255351595-1175814651-1000UA.job
    2012-08-12 16:36 - 2012-08-12 16:36 - 00144808 ____A C:\Windows\Minidump\081212-40107-01.dmp
    2012-08-12 16:36 - 2012-01-20 12:29 - 367814060 ____A C:\Windows\MEMORY.DMP
    2012-08-11 08:45 - 2009-07-13 20:53 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-09 04:40 - 2011-04-16 07:41 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-275413225-1255351595-1175814651-1000Core.job
    2012-08-08 17:42 - 2011-04-16 07:41 - 00002488 ____A C:\Users\Bhat Family\Desktop\Google Chrome.lnk
    2012-08-07 17:16 - 2012-08-07 17:16 - 23870334 ____A C:\Users\Bhat Family\Desktop\Kunidu Kunidu Baare - PitchA#.wav
    2012-08-03 05:49 - 2012-04-29 05:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-08-03 05:49 - 2011-05-15 04:27 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-07-31 06:43 - 2012-07-31 06:43 - 38056556 ____A C:\Users\Bhat Family\Desktop\Bole_Re_Paihara-Guddi-HKS-Pitch B.wav
    2012-07-31 06:41 - 2012-07-31 06:41 - 58548524 ____A C:\Users\Bhat Family\Desktop\Ishq_Sufiyana(female)-The_Dirty_Picture-HKS -PitchG#.wav
    2012-07-28 12:59 - 2012-07-28 12:59 - 00098054 ____A C:\Users\Bhat Family\Downloads\JTSIAH.htm
    2012-07-27 18:44 - 2010-09-19 05:01 - 00027136 ____A C:\Users\Bhat Family\Documents\Account Information.xlsx
    2012-07-15 08:47 - 2012-07-15 08:46 - 13533324 ____A C:\Users\Bhat Family\Documents\Sneha Graduation.3gp
    2012-07-15 08:00 - 2012-07-15 08:00 - 00003596 ____A C:\Users\Bhat Family\Documents\Thaye Yashoda.xmp
    2012-07-15 07:44 - 2012-07-15 07:42 - 13852266 ____A C:\Users\Bhat Family\Documents\Modalasala.3gp
    2012-07-15 07:42 - 2012-07-15 07:42 - 00003602 ____A C:\Users\Bhat Family\Documents\Modalasala.xmp
    2012-07-15 07:22 - 2012-07-15 07:20 - 15115010 ____A C:\Users\Bhat Family\Documents\Veena Mehendi CUT.3gp
    2012-07-15 07:18 - 2012-07-15 07:15 - 186114048 ____A C:\Users\Bhat Family\Documents\Veena Mehendi CUT.mpg
    2012-07-15 07:11 - 2012-07-15 07:05 - 280920064 ____A C:\Users\Bhat Family\Documents\Thaye Yashoda.mpg
    2012-07-15 07:01 - 2012-07-15 06:58 - 170151936 ____A C:\Users\Bhat Family\Documents\Modalasala.mpg
    2012-07-15 06:46 - 2012-07-15 06:46 - 00001187 ____A C:\Users\Public\Desktop\PhotoshopdotcomInspirationBrowser.lnk
    2012-07-15 06:18 - 2010-08-22 17:21 - 00065536 ____A C:\Users\Bhat Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-14 12:32 - 2012-07-14 12:32 - 00001253 ____A C:\Users\Bhat Family\Desktop\AVS4YOU Software Navigator.lnk
    2012-07-14 12:31 - 2012-07-14 12:31 - 00001197 ____A C:\Users\Bhat Family\Desktop\AVS Video Converter.lnk
    2012-07-10 23:53 - 2009-07-13 20:33 - 00476504 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-10 23:52 - 2010-08-21 11:22 - 00471420 ____A C:\Windows\PFRO.log
    2012-07-10 23:02 - 2010-08-27 17:30 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-08 15:55 - 2012-07-08 15:55 - 00384844 ____A C:\Users\Bhat Family\AppData\Local\funmoods-speeddial.crx
    2012-07-08 15:55 - 2012-07-08 15:55 - 00031465 ____A C:\Users\Bhat Family\AppData\Local\funmoods.crx
    2012-07-08 10:03 - 2012-07-08 10:03 - 27684133 ____A C:\Users\Bhat Family\Downloads\IMG_0473 (1).MOV
    2012-07-08 10:01 - 2012-07-08 09:54 - 27684133 ____A C:\Users\Bhat Family\Downloads\IMG_0473.MOV
    2012-07-07 12:26 - 2012-07-07 12:26 - 00000967 ____A C:\Users\Bhat Family\Desktop\Audacity.lnk
    2012-06-30 09:06 - 2012-06-30 09:06 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
    2012-06-23 13:50 - 2010-09-19 05:01 - 00059392 ____A C:\Users\Bhat Family\Documents\Vehicle Maintenance.xls
    2012-06-16 07:16 - 2012-06-16 07:16 - 00001991 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2012-06-13 16:38 - 2012-06-13 16:38 - 00001755 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-11 18:40 - 2012-07-10 23:02 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 18:04 - 2012-06-11 18:04 - 01534144 ____A (W3i, LLC) C:\Users\Bhat Family\Downloads\expertpdf7_1527.exe
    2012-06-08 20:41 - 2012-07-10 12:36 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-05 21:05 - 2012-07-10 12:36 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 21:05 - 2012-07-10 12:36 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 21:03 - 2012-07-10 12:36 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-02 14:19 - 2012-06-21 17:15 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 17:15 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 17:15 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 17:15 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 17:15 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:12 - 2012-06-21 17:15 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-06-21 17:15 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-21 17:15 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:12 - 2012-06-21 17:15 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 01:07 - 2012-07-10 23:35 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 00:43 - 2012-07-10 23:35 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 00:33 - 2012-07-10 23:35 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 00:26 - 2012-07-10 23:35 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 00:25 - 2012-07-10 23:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-10 23:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 00:23 - 2012-07-10 23:35 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 00:21 - 2012-07-10 23:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 00:20 - 2012-07-10 23:35 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-10 23:35 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 00:19 - 2012-07-10 23:35 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 00:17 - 2012-07-10 23:35 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 00:16 - 2012-07-10 23:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 00:14 - 2012-07-10 23:35 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-01 20:45 - 2012-07-10 12:36 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 20:45 - 2012-07-10 12:36 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 20:40 - 2012-07-10 12:36 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 20:40 - 2012-07-10 12:36 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 20:39 - 2012-07-10 12:36 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll


    ZeroAccess:
    C:\Windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}
    C:\Windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\@
    C:\Windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\L
    C:\Windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\n
    C:\Windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\U
    C:\Windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\L\00000004.@
    C:\Windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\L\201d3dde

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    TDL4: custom:26000022 <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 14%
    Total physical RAM: 3070.46 MB
    Available physical RAM: 2624.84 MB
    Total Pagefile: 3068.74 MB
    Available Pagefile: 2628.48 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1977.62 MB

    ======================= Partitions =========================

    1 Drive c: (HP) (Fixed) (Total:456.91 GB) (Free:221.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:8.85 GB) (Free:1.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: () (Fixed) (Total:298.09 GB) (Free:72.85 GB) NTFS
    5 Drive g: (CHAYA BHAT) (Removable) (Total:3.72 GB) (Free:2.17 GB) FAT32
    10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 1024 KB
    Disk 1 Online 298 GB 1024 KB
    Disk 2 Online 3813 MB 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 456 GB 31 KB
    Partition 2 Primary 8 GB 456 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C HP NTFS Partition 456 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D FACTORY_IMA NTFS Partition 8 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 298 GB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F NTFS Partition 298 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3809 MB 4032 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G CHAYA BHAT FAT32 Removable 3809 MB Healthy

    ==================================================================================

    Last Boot: 2012-08-06 20:01

    ======================= End Of Log ==========================

    Results of Search.Txt
    Farbar Recovery Scan Tool Version: 10-08-2012
    Ran by SYSTEM at 2012-08-13 21:21:23
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2012-08-12 18:22] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

    === End Of Search ===
    Anil

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    Attached Files:

  5. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    Here is the fixlog.txt. I have uploaded TDS Killer log file since the contents are too large to paste in the reply.


    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 10-08-2012
    Ran by SYSTEM at 2012-08-13 22:10:35 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c} moved successfully.

    The operation completed successfully.
    The operation completed successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 46,167   +251

  7. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    First part of the TDS Killer Log file:

    22:15:13.0680 4784TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    22:15:14.0078 4784============================================================
    22:15:14.0078 4784Current date / time: 2012/08/13 22:15:14.0078
    22:15:14.0078 4784SystemInfo:
    22:15:14.0078 4784
    22:15:14.0078 4784OS Version: 6.1.7601 ServicePack: 1.0
    22:15:14.0078 4784Product type: Workstation
    22:15:14.0078 4784ComputerName: BHATFAMILY-PC
    22:15:14.0079 4784UserName: Bhat Family
    22:15:14.0079 4784Windows directory: C:\Windows
    22:15:14.0079 4784System windows directory: C:\Windows
    22:15:14.0079 4784Processor architecture: Intel x86
    22:15:14.0079 4784Number of processors: 2
    22:15:14.0079 4784Page size: 0x1000
    22:15:14.0079 4784Boot type: Normal boot
    22:15:14.0079 4784============================================================
    22:15:20.0919 4784Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    22:15:20.0930 4784Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:15:20.0936 4784Drive \Device\Harddisk2\DR7 - Size: 0xEE500000 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:15:20.0955 4784============================================================
    22:15:20.0955 4784\Device\Harddisk0\DR0:
    22:15:20.0955 4784MBR partitions:
    22:15:20.0955 4784\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x391D1FC1
    22:15:20.0955 4784\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x391D2000, BlocksNum 0x11B3000
    22:15:20.0955 4784\Device\Harddisk1\DR1:
    22:15:20.0962 4784MBR partitions:
    22:15:20.0962 4784\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
    22:15:20.0962 4784\Device\Harddisk2\DR7:
    22:15:20.0963 4784MBR partitions:
    22:15:20.0963 4784\Device\Harddisk2\DR7\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x770880
    22:15:20.0963 4784============================================================
    22:15:20.0999 4784C: <-> \Device\Harddisk0\DR0\Partition0
    22:15:21.0031 4784D: <-> \Device\Harddisk0\DR0\Partition1
    22:15:21.0055 4784F: <-> \Device\Harddisk1\DR1\Partition0
    22:15:21.0056 4784============================================================
    22:15:21.0056 4784Initialize success
    22:15:21.0056 4784============================================================
    22:15:31.0944 2516============================================================
    22:15:31.0944 2516Scan started
    22:15:31.0944 2516Mode: Manual;
    22:15:31.0944 2516============================================================
    22:15:33.0117 25161394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    22:15:33.0124 25161394ohci - ok
    22:15:33.0223 251661883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
    22:15:33.0253 251661883 - ok
    22:15:33.0694 2516ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    22:15:33.0701 2516ACPI - ok
    22:15:33.0788 2516AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    22:15:33.0801 2516AcpiPmi - ok
    22:15:34.0073 2516AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    22:15:34.0300 2516AdobeActiveFileMonitor8.0 - ok
    22:15:34.0570 2516AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    22:15:34.0572 2516AdobeARMservice - ok
    22:15:34.0753 2516AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    22:15:34.0967 2516AdobeFlashPlayerUpdateSvc - ok
    22:15:36.0560 2516adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    22:15:37.0164 2516adp94xx - ok
    22:15:37.0443 2516adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    22:15:37.0475 2516adpahci - ok
    22:15:37.0570 2516adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    22:15:37.0615 2516adpu320 - ok
    22:15:37.0655 2516AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    22:15:37.0656 2516AeLookupSvc - ok
    22:15:37.0750 2516AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    22:15:37.0805 2516AFD - ok
    22:15:37.0869 2516agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    22:15:37.0893 2516agp440 - ok
    22:15:38.0038 2516aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    22:15:38.0096 2516aic78xx - ok
    22:15:38.0197 2516ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    22:15:38.0223 2516ALG - ok
    22:15:38.0291 2516aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    22:15:38.0346 2516aliide - ok
    22:15:38.0604 2516Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    22:15:38.0762 2516Amazon Download Agent - ok
    22:15:38.0880 2516AMD External Events Utility (ebccbcbf1df132e4775e5d6e6dea3ed0) C:\Windows\system32\atiesrxx.exe
    22:15:38.0931 2516AMD External Events Utility - ok
    22:15:38.0976 2516amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    22:15:39.0001 2516amdagp - ok
    22:15:39.0062 2516amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    22:15:39.0073 2516amdide - ok
    22:15:39.0156 2516AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    22:15:39.0158 2516AmdK8 - ok
    22:15:41.0361 2516amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
    22:15:41.0801 2516amdkmdag - ok
    22:15:43.0924 2516amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
    22:15:43.0949 2516amdkmdap - ok
    22:15:44.0060 2516AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    22:15:44.0090 2516AmdPPM - ok
    22:15:44.0163 2516amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    22:15:44.0189 2516amdsata - ok
    22:15:44.0269 2516amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    22:15:44.0335 2516amdsbs - ok
    22:15:44.0384 2516amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    22:15:44.0386 2516amdxata - ok
    22:15:44.0448 2516AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    22:15:44.0510 2516AppID - ok
    22:15:44.0638 2516AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    22:15:44.0656 2516AppIDSvc - ok
    22:15:44.0748 2516Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    22:15:44.0748 2516Appinfo - ok
    22:15:45.0448 2516Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:15:45.0449 2516Apple Mobile Device - ok
    22:15:45.0511 2516arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    22:15:45.0535 2516arc - ok
    22:15:45.0564 2516arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    22:15:45.0592 2516arcsas - ok
    22:15:45.0615 2516AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    22:15:45.0629 2516AsyncMac - ok
    22:15:45.0677 2516atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    22:15:45.0678 2516atapi - ok
    22:15:46.0922 2516atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
    22:15:46.0972 2516atikmdag - ok
    22:15:47.0301 2516AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    22:15:47.0340 2516AudioEndpointBuilder - ok
    22:15:47.0350 2516Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    22:15:47.0353 2516Audiosrv - ok
    22:15:47.0524 2516Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
    22:15:47.0580 2516Avc - ok
    22:15:47.0771 2516AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    22:15:47.0851 2516AxInstSV - ok
    22:15:48.0190 2516b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    22:15:48.0316 2516b06bdrv - ok
    22:15:48.0406 2516b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    22:15:48.0499 2516b57nd60x - ok
    22:15:48.0711 2516BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
    22:15:48.0757 2516BBSvc - ok
    22:15:48.0908 2516BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    22:15:48.0959 2516BDESVC - ok
    22:15:49.0017 2516Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    22:15:49.0028 2516Beep - ok
    22:15:49.0036 2516blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    22:15:49.0069 2516blbdrive - ok
    22:15:49.0315 2516Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    22:15:49.0337 2516Bonjour Service - ok
    22:15:49.0458 2516bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    22:15:49.0459 2516bowser - ok
    22:15:49.0512 2516BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    22:15:49.0530 2516BrFiltLo - ok
    22:15:49.0561 2516BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    22:15:49.0580 2516BrFiltUp - ok
    22:15:49.0714 2516Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    22:15:49.0715 2516Browser - ok
    22:15:49.0812 2516Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    22:15:49.0904 2516Brserid - ok
    22:15:49.0964 2516BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    22:15:49.0990 2516BrSerWdm - ok
    22:15:50.0078 2516BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:15:50.0129 2516BrUsbMdm - ok
    22:15:50.0167 2516BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    22:15:50.0179 2516BrUsbSer - ok
    22:15:50.0206 2516BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    22:15:50.0237 2516BTHMODEM - ok
    22:15:50.0285 2516bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    22:15:50.0303 2516bthserv - ok
    22:15:50.0367 2516cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    22:15:50.0399 2516cdfs - ok
    22:15:50.0525 2516cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    22:15:50.0565 2516cdrom - ok
    22:15:50.0681 2516CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    22:15:50.0709 2516CertPropSvc - ok
    22:15:50.0785 2516circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    22:15:50.0810 2516circlass - ok
    22:15:51.0004 2516CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    22:15:51.0010 2516CLFS - ok
    22:15:51.0176 2516clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:15:51.0235 2516clr_optimization_v2.0.50727_32 - ok
    22:15:51.0360 2516clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:15:51.0556 2516clr_optimization_v4.0.30319_32 - ok
    22:15:51.0592 2516CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    22:15:51.0619 2516CmBatt - ok
    22:15:51.0651 2516cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    22:15:51.0662 2516cmdide - ok
    22:15:51.0771 2516CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
    22:15:51.0775 2516CNG - ok
    22:15:51.0849 2516Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    22:15:51.0890 2516Compbatt - ok
    22:15:51.0968 2516CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    22:15:51.0996 2516CompositeBus - ok
    22:15:52.0012 2516COMSysApp - ok
    22:15:52.0068 2516crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    22:15:52.0106 2516crcdisk - ok
    22:15:52.0210 2516CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
    22:15:52.0211 2516CryptSvc - ok
    22:15:52.0286 2516dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
    22:15:52.0338 2516dc3d - ok
    22:15:52.0427 2516DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    22:15:52.0431 2516DcomLaunch - ok
    22:15:52.0494 2516defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    22:15:52.0538 2516defragsvc - ok
    22:15:52.0587 2516DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    22:15:52.0638 2516DfsC - ok
    22:15:52.0759 2516Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    22:15:52.0762 2516Dhcp - ok
    22:15:52.0799 2516discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    22:15:52.0843 2516discache - ok
    22:15:52.0893 2516Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    22:15:52.0893 2516Disk - ok
    22:15:52.0950 2516Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
    22:15:52.0952 2516Dnscache - ok
    22:15:53.0129 2516dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    22:15:53.0192 2516dot3svc - ok
    22:15:53.0238 2516DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    22:15:53.0240 2516DPS - ok
    22:15:53.0296 2516drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    22:15:53.0311 2516drmkaud - ok
    22:15:53.0458 2516DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    22:15:53.0480 2516DXGKrnl - ok
    22:15:53.0542 2516EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    22:15:53.0565 2516EapHost - ok
    22:15:54.0084 2516ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    22:15:54.0200 2516ebdrv - ok
    22:15:54.0437 2516EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
    22:15:54.0474 2516EFS - ok
    22:15:54.0687 2516ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    22:15:54.0765 2516ehRecvr - ok
    22:15:54.0836 2516ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    22:15:54.0861 2516ehSched - ok
    22:15:55.0037 2516elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    22:15:55.0084 2516elxstor - ok
    22:15:55.0126 2516ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    22:15:55.0137 2516ErrDev - ok
    22:15:55.0328 2516EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    22:15:55.0355 2516EventSystem - ok
    22:15:55.0449 2516exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    22:15:55.0471 2516exfat - ok
    22:15:55.0504 2516fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    22:15:55.0505 2516fastfat - ok
    22:15:55.0601 2516Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    22:15:55.0606 2516Fax - ok
    22:15:55.0652 2516fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    22:15:55.0668 2516fdc - ok
    22:15:55.0713 2516fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    22:15:55.0714 2516fdPHost - ok
    22:15:55.0741 2516FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    22:15:55.0742 2516FDResPub - ok
    22:15:55.0757 2516FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    22:15:55.0768 2516FileInfo - ok
    22:15:55.0815 2516Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    22:15:55.0831 2516Filetrace - ok
    22:15:56.0056 2516FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    22:15:56.0257 2516FLEXnet Licensing Service - ok
    22:15:56.0283 2516flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    22:15:56.0298 2516flpydisk - ok
    22:15:56.0387 2516FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    22:15:56.0389 2516FltMgr - ok
    22:15:56.0484 2516FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
    22:15:56.0509 2516FontCache - ok
    22:15:56.0624 2516FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    22:15:56.0645 2516FontCache3.0.0.0 - ok
    22:15:56.0667 2516FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    22:15:56.0692 2516FsDepends - ok
    22:15:56.0723 2516Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
    22:15:56.0724 2516Fs_Rec - ok
    22:15:56.0807 2516fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    22:15:56.0808 2516fvevol - ok
    22:15:56.0887 2516gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    22:15:56.0911 2516gagp30kx - ok
    22:15:56.0947 2516GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:15:56.0967 2516GEARAspiWDM - ok
    22:15:57.0058 2516gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    22:15:57.0072 2516gpsvc - ok
    22:15:57.0205 2516gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    22:15:57.0255 2516gusvc - ok
    22:15:57.0588 2516HCW85BDA (89364cc2a694364f4aa148b7cb802d57) C:\Windows\system32\drivers\HCW85BDA.sys
    22:15:57.0762 2516HCW85BDA - ok
    22:15:58.0031 2516hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    22:15:58.0047 2516hcw85cir - ok
    22:15:58.0097 2516HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    22:15:58.0115 2516HdAudAddService - ok
    22:15:58.0199 2516HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    22:15:58.0202 2516HDAudBus - ok
    22:15:58.0247 2516HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    22:15:58.0277 2516HidBatt - ok
    22:15:58.0320 2516HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    22:15:58.0347 2516HidBth - ok
    22:15:58.0408 2516HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    22:15:58.0428 2516HidIr - ok
    22:15:58.0467 2516hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
    22:15:58.0485 2516hidserv - ok
    22:15:58.0557 2516HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    22:15:58.0577 2516HidUsb - ok
    22:15:58.0619 2516hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    22:15:58.0646 2516hkmsvc - ok
    22:15:58.0692 2516HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    22:15:58.0780 2516HomeGroupListener - ok
    22:15:58.0828 2516HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    22:15:58.0894 2516HomeGroupProvider - ok
    22:15:59.0130 2516HP Health Check Service (e48b80f6614d4befa7768b960ffef514) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    22:15:59.0132 2516HP Health Check Service - ok
    22:15:59.0264 2516hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    22:15:59.0266 2516hpqcxs08 - ok
    22:15:59.0345 2516hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    22:15:59.0347 2516hpqddsvc - ok
    22:15:59.0421 2516HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    22:15:59.0450 2516HpSAMD - ok
    22:15:59.0650 2516HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    22:15:59.0660 2516HPSLPSVC - ok
    22:15:59.0794 2516HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    22:15:59.0802 2516HTTP - ok
    22:15:59.0894 2516hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    22:15:59.0894 2516hwpolicy - ok
    22:15:59.0964 2516i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    22:16:00.0015 2516i8042prt - ok
    22:16:00.0100 2516iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    22:16:00.0148 2516iaStorV - ok
    22:16:00.0264 2516IDriverT (6f95324909b502e2651442c1548ab12f) c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    22:16:00.0300 2516IDriverT - ok
    22:16:00.0481 2516idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    22:16:00.0660 2516idsvc - ok
    22:16:00.0884 2516IHA_MessageCenter (5cab9d1ab5c9384d28dff89dbe7a72bb) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    22:16:00.0886 2516IHA_MessageCenter - ok
    22:16:01.0034 2516iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    22:16:01.0069 2516iirsp - ok
    22:16:01.0169 2516IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    22:16:01.0222 2516IKEEXT - ok
    22:16:01.0624 2516IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
    22:16:01.0662 2516IntcAzAudAddService - ok
    22:16:01.0781 2516intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    22:16:01.0794 2516intelide - ok
    22:16:01.0880 2516intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    22:16:01.0919 2516intelppm - ok
    22:16:02.0172 2516IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    22:16:02.0173 2516IntuitUpdateService - ok
    22:16:02.0300 2516IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    22:16:02.0301 2516IntuitUpdateServiceV4 - ok
    22:16:02.0346 2516IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    22:16:02.0381 2516IPBusEnum - ok
    22:16:02.0459 2516IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:16:02.0501 2516IpFilterDriver - ok
    22:16:02.0582 2516IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    22:16:02.0613 2516IPMIDRV - ok
    22:16:02.0627 2516IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    22:16:02.0653 2516IPNAT - ok
    22:16:02.0819 2516iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
    22:16:02.0835 2516iPod Service - ok
    22:16:02.0950 2516IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    22:16:02.0980 2516IRENUM - ok
    22:16:03.0014 2516isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    22:16:03.0038 2516isapnp - ok
    22:16:03.0091 2516iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    22:16:03.0114 2516iScsiPrt - ok
    22:16:03.0137 2516kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
    22:16:03.0160 2516kbdclass - ok
    22:16:03.0192 2516kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
    22:16:03.0215 2516kbdhid - ok
    22:16:03.0267 2516KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    22:16:03.0268 2516KeyIso - ok
    22:16:03.0346 2516KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
    22:16:03.0347 2516KSecDD - ok
    22:16:03.0419 2516KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
    22:16:03.0420 2516KSecPkg - ok
    22:16:03.0457 2516KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    22:16:03.0491 2516KtmRm - ok
    22:16:03.0555 2516LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
    22:16:03.0562 2516LanmanServer - ok
    22:16:03.0638 2516LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    22:16:03.0645 2516LanmanWorkstation - ok
    22:16:03.0912 2516LightScribeService (683a07b982832426128b684b7366710f) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    22:16:03.0913 2516LightScribeService - ok
    22:16:03.0975 2516lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    22:16:03.0976 2516lltdio - ok
    22:16:04.0020 2516lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    22:16:04.0059 2516lltdsvc - ok
    22:16:04.0089 2516lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    22:16:04.0090 2516lmhosts - ok
    22:16:04.0147 2516LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    22:16:04.0186 2516LSI_FC - ok
    22:16:04.0239 2516LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    22:16:04.0266 2516LSI_SAS - ok
    22:16:04.0325 2516LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    22:16:04.0345 2516LSI_SAS2 - ok
    22:16:04.0369 2516LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    22:16:04.0401 2516LSI_SCSI - ok
    22:16:04.0448 2516luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    22:16:04.0448 2516luafv - ok
    22:16:04.0543 2516McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
    22:16:04.0546 2516McciCMService - ok
    22:16:04.0635 2516Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    22:16:04.0663 2516Mcx2Svc - ok
    22:16:04.0744 2516megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    22:16:04.0791 2516megasas - ok
    22:16:04.0825 2516MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    22:16:04.0855 2516MegaSR - ok
    22:16:04.0917 2516MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    22:16:04.0939 2516MMCSS - ok
    22:16:04.0962 2516Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    22:16:04.0962 2516Modem - ok
    22:16:05.0013 2516monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    22:16:05.0014 2516monitor - ok
    22:16:05.0045 2516mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    22:16:05.0077 2516mouclass - ok
    22:16:05.0139 2516mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    22:16:05.0169 2516mouhid - ok
    22:16:05.0215 2516mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    22:16:05.0216 2516mountmgr - ok
    22:16:05.0264 2516MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
    22:16:05.0266 2516MpFilter - ok
    22:16:05.0310 2516mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    22:16:05.0355 2516mpio - ok
    22:16:05.0546 2516MpKsl3165b6f0 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7FE75A08-62C1-46A3-9218-CC75C118163F}\MpKsl3165b6f0.sys
    22:16:05.0548 2516MpKsl3165b6f0 - ok
    22:16:05.0588 2516mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    22:16:05.0622 2516mpsdrv - ok
    22:16:05.0874 2516MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    22:16:05.0923 2516MREMP50 - ok
    22:16:05.0944 2516MREMPR5 - ok
    22:16:05.0951 2516MRENDIS5 - ok
    22:16:05.0976 2516MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    22:16:06.0001 2516MRESP50 - ok
    22:16:06.0081 2516MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    22:16:06.0105 2516MRxDAV - ok
    22:16:06.0172 2516mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:16:06.0173 2516mrxsmb - ok
    22:16:06.0219 2516mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:16:06.0221 2516mrxsmb10 - ok
    22:16:06.0254 2516mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:16:06.0254 2516mrxsmb20 - ok
    22:16:06.0297 2516msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    22:16:06.0310 2516msahci - ok
    22:16:06.0432 2516MSCamSvc (b03e3f64b70f8031e65eb26da23de91a) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    22:16:06.0433 2516MSCamSvc - ok
    22:16:06.0484 2516msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    22:16:06.0501 2516msdsm - ok
    22:16:06.0537 2516MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    22:16:06.0578 2516MSDTC - ok
    22:16:06.0651 2516MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
    22:16:06.0674 2516MSDV - ok
    22:16:06.0721 2516Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    22:16:06.0765 2516Msfs - ok
    22:16:06.0793 2516mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    22:16:06.0802 2516mshidkmdf - ok
    22:16:06.0855 2516MSHUSBVideo (7a0f9cbdbdb135113b9a3c138e20c85d) C:\Windows\system32\Drivers\nx6000.sys
    22:16:06.0872 2516MSHUSBVideo - ok
    22:16:06.0927 2516msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    22:16:06.0927 2516msisadrv - ok
    22:16:07.0003 2516MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    22:16:07.0033 2516MSiSCSI - ok
    22:16:07.0039 2516msiserver - ok
    22:16:07.0105 2516MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    22:16:07.0135 2516MSKSSRV - ok
    22:16:07.0264 2516MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    22:16:07.0287 2516MsMpSvc - ok
    22:16:07.0361 2516MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    22:16:07.0383 2516MSPCLOCK - ok
    22:16:07.0468 2516MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    22:16:07.0482 2516MSPQM - ok
    22:16:07.0707 2516MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    22:16:07.0711 2516MsRPC - ok
    22:16:07.0845 2516mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    22:16:07.0847 2516mssmbios - ok
    22:16:07.0916 2516MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    22:16:07.0944 2516MSTEE - ok
    22:16:08.0040 2516MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    22:16:08.0089 2516MTConfig - ok
    22:16:08.0195 2516Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    22:16:08.0196 2516Mup - ok
    22:16:08.0581 2516napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
    22:16:08.0591 2516napagent - ok
    22:16:08.0763 2516NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    22:16:08.0797 2516NativeWifiP - ok
    22:16:08.0983 2516NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    22:16:08.0990 2516NDIS - ok
    22:16:09.0076 2516NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    22:16:09.0089 2516NdisCap - ok
    22:16:09.0140 2516NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    22:16:09.0156 2516NdisTapi - ok
    22:16:09.0201 2516Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    22:16:09.0224 2516Ndisuio - ok
    22:16:09.0290 2516NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    22:16:09.0371 2516NdisWan - ok
    22:16:09.0443 2516NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    22:16:09.0472 2516NDProxy - ok
    22:16:09.0562 2516Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
    22:16:09.0564 2516Net Driver HPZ12 - ok
    22:16:09.0719 2516NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    22:16:09.0778 2516NetBIOS - ok
    22:16:09.0845 2516NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    22:16:09.0904 2516NetBT - ok
    22:16:09.0936 2516Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    22:16:09.0937 2516Netlogon - ok
    22:16:10.0040 2516Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    22:16:10.0043 2516Netman - ok
    22:16:10.0126 2516netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    22:16:10.0130 2516netprofm - ok
    22:16:10.0245 2516NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:16:10.0303 2516NetTcpPortSharing - ok
    22:16:10.0409 2516nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    22:16:10.0430 2516nfrd960 - ok
    22:16:10.0494 2516NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    22:16:10.0527 2516NisDrv - ok
    22:16:10.0685 2516NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
    22:16:10.0741 2516NisSrv - ok
    22:16:10.0820 2516NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    22:16:10.0823 2516NlaSvc - ok
    22:16:10.0849 2516Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    22:16:10.0869 2516Npfs - ok
    22:16:10.0942 2516nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    22:16:10.0946 2516nsi - ok
    22:16:11.0029 2516nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    22:16:11.0056 2516nsiproxy - ok
  8. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    Second and final part of TDS killer log file.

    22:16:11.0127 2516Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    22:16:11.0136 2516Ntfs - ok
    22:16:11.0233 2516Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    22:16:11.0242 2516Null - ok
    22:16:11.0290 2516NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
    22:16:11.0312 2516NVENETFD - ok
    22:16:12.0574 2516nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    22:16:12.0908 2516nvlddmkm - ok
    22:16:13.0139 2516nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    22:16:13.0143 2516nvraid - ok
    22:16:13.0239 2516nvrd32 (049e81b6fb41c73619ed3fe4df7d8638) C:\Windows\system32\DRIVERS\nvrd32.sys
    22:16:13.0292 2516nvrd32 - ok
    22:16:13.0338 2516nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    22:16:13.0398 2516nvstor - ok
    22:16:13.0456 2516nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\DRIVERS\nvstor32.sys
    22:16:13.0457 2516nvstor32 - ok
    22:16:13.0510 2516nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    22:16:13.0530 2516nv_agp - ok
    22:16:13.0562 2516ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    22:16:13.0585 2516ohci1394 - ok
    22:16:13.0712 2516ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:16:13.0796 2516ose - ok
    22:16:14.0369 2516osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    22:16:14.0895 2516osppsvc - ok
    22:16:15.0105 2516p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    22:16:15.0185 2516p2pimsvc - ok
    22:16:15.0244 2516p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    22:16:15.0294 2516p2psvc - ok
    22:16:15.0398 2516Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    22:16:15.0399 2516Parport - ok
    22:16:15.0424 2516partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
    22:16:15.0425 2516partmgr - ok
    22:16:15.0452 2516Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    22:16:15.0462 2516Parvdm - ok
    22:16:15.0545 2516PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    22:16:15.0558 2516PcaSvc - ok
    22:16:15.0615 2516pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    22:16:15.0618 2516pci - ok
    22:16:15.0665 2516pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    22:16:15.0666 2516pciide - ok
    22:16:15.0708 2516pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    22:16:15.0735 2516pcmcia - ok
    22:16:15.0756 2516pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    22:16:15.0756 2516pcw - ok
    22:16:15.0852 2516PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    22:16:15.0856 2516PEAUTH - ok
    22:16:15.0993 2516pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    22:16:16.0062 2516pla - ok
    22:16:16.0259 2516PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
    22:16:16.0268 2516PlugPlay - ok
    22:16:16.0531 2516Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
    22:16:16.0533 2516Pml Driver HPZ12 - ok
    22:16:16.0602 2516PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    22:16:16.0645 2516PNRPAutoReg - ok
    22:16:16.0703 2516PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    22:16:16.0711 2516PNRPsvc - ok
    22:16:16.0771 2516PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    22:16:16.0820 2516PolicyAgent - ok
    22:16:16.0850 2516Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    22:16:16.0875 2516Power - ok
    22:16:16.0963 2516PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    22:16:16.0992 2516PptpMiniport - ok
    22:16:17.0012 2516Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    22:16:17.0033 2516Processor - ok
    22:16:17.0090 2516ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
    22:16:17.0092 2516ProfSvc - ok
    22:16:17.0137 2516ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    22:16:17.0138 2516ProtectedStorage - ok
    22:16:17.0199 2516Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
    22:16:17.0244 2516Ps2 - ok
    22:16:17.0340 2516Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    22:16:17.0392 2516Psched - ok
    22:16:17.0422 2516PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
    22:16:17.0423 2516PxHelp20 - ok
    22:16:17.0538 2516ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    22:16:17.0607 2516ql2300 - ok
    22:16:17.0856 2516ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    22:16:17.0942 2516ql40xx - ok
    22:16:17.0985 2516QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    22:16:18.0046 2516QWAVE - ok
    22:16:18.0070 2516QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    22:16:18.0093 2516QWAVEdrv - ok
    22:16:18.0219 2516RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
    22:16:18.0221 2516RapiMgr - ok
    22:16:18.0255 2516RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    22:16:18.0288 2516RasAcd - ok
    22:16:18.0372 2516RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:16:18.0396 2516RasAgileVpn - ok
    22:16:18.0458 2516RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    22:16:18.0518 2516RasAuto - ok
    22:16:18.0613 2516Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:16:18.0667 2516Rasl2tp - ok
    22:16:18.0847 2516RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    22:16:18.0891 2516RasMan - ok
    22:16:18.0964 2516RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    22:16:18.0979 2516RasPppoe - ok
    22:16:19.0034 2516RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    22:16:19.0111 2516RasSstp - ok
    22:16:19.0173 2516rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    22:16:19.0209 2516rdbss - ok
    22:16:19.0252 2516rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    22:16:19.0267 2516rdpbus - ok
    22:16:19.0332 2516RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:16:19.0341 2516RDPCDD - ok
    22:16:19.0399 2516RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    22:16:19.0408 2516RDPENCDD - ok
    22:16:19.0418 2516RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    22:16:19.0437 2516RDPREFMP - ok
    22:16:19.0493 2516RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
    22:16:19.0550 2516RDPWD - ok
    22:16:19.0648 2516rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    22:16:19.0652 2516rdyboost - ok
    22:16:19.0719 2516RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    22:16:19.0769 2516RemoteAccess - ok
    22:16:19.0824 2516RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    22:16:19.0861 2516RemoteRegistry - ok
    22:16:20.0144 2516RoxMediaDB9 (2dac86f10c42b55f2511f14cbcee7284) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    22:16:20.0429 2516RoxMediaDB9 - ok
    22:16:20.0490 2516RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    22:16:20.0506 2516RpcEptMapper - ok
    22:16:20.0538 2516RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    22:16:20.0555 2516RpcLocator - ok
    22:16:20.0636 2516RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    22:16:20.0640 2516RpcSs - ok
    22:16:20.0811 2516rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    22:16:20.0813 2516rspndr - ok
    22:16:20.0931 2516SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    22:16:20.0932 2516SamSs - ok
    22:16:21.0129 2516sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    22:16:21.0200 2516sbp2port - ok
    22:16:21.0266 2516SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    22:16:21.0342 2516SCardSvr - ok
    22:16:21.0405 2516scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    22:16:21.0425 2516scfilter - ok
    22:16:21.0612 2516Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    22:16:21.0621 2516Schedule - ok
    22:16:21.0671 2516SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    22:16:21.0672 2516SCPolicySvc - ok
    22:16:21.0816 2516SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    22:16:21.0838 2516SDRSVC - ok
    22:16:22.0042 2516SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    22:16:22.0046 2516SeaPort - ok
    22:16:22.0137 2516secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    22:16:22.0138 2516secdrv - ok
    22:16:22.0170 2516seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    22:16:22.0198 2516seclogon - ok
    22:16:22.0255 2516SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
    22:16:22.0257 2516SENS - ok
    22:16:22.0301 2516SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    22:16:22.0325 2516SensrSvc - ok
    22:16:22.0371 2516Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    22:16:22.0385 2516Serenum - ok
    22:16:22.0420 2516Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    22:16:22.0482 2516Serial - ok
    22:16:22.0531 2516sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    22:16:22.0557 2516sermouse - ok
    22:16:22.0725 2516SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    22:16:22.0753 2516SessionEnv - ok
    22:16:22.0829 2516sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    22:16:22.0851 2516sffdisk - ok
    22:16:22.0880 2516sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    22:16:22.0892 2516sffp_mmc - ok
    22:16:22.0919 2516sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    22:16:22.0932 2516sffp_sd - ok
    22:16:22.0977 2516sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    22:16:22.0998 2516sfloppy - ok
    22:16:23.0051 2516ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    22:16:23.0059 2516ShellHWDetection - ok
    22:16:23.0152 2516sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    22:16:23.0176 2516sisagp - ok
    22:16:23.0265 2516SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    22:16:23.0311 2516SiSRaid2 - ok
    22:16:23.0341 2516SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    22:16:23.0378 2516SiSRaid4 - ok
    22:16:23.0541 2516SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files\Skype\Updater\Updater.exe
    22:16:23.0543 2516SkypeUpdate - ok
    22:16:23.0612 2516Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    22:16:23.0645 2516Smb - ok
    22:16:23.0737 2516SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    22:16:23.0758 2516SNMPTRAP - ok
    22:16:23.0804 2516spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    22:16:23.0804 2516spldr - ok
    22:16:23.0867 2516Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    22:16:23.0871 2516Spooler - ok
    22:16:24.0394 2516sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    22:16:24.0450 2516sppsvc - ok
    22:16:24.0729 2516sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    22:16:24.0802 2516sppuinotify - ok
    22:16:25.0360 2516srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    22:16:25.0362 2516srv - ok
    22:16:25.0717 2516srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    22:16:25.0719 2516srv2 - ok
    22:16:25.0824 2516srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    22:16:25.0825 2516srvnet - ok
    22:16:26.0149 2516SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    22:16:26.0156 2516SSDPSRV - ok
    22:16:26.0312 2516SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    22:16:26.0332 2516SstpSvc - ok
    22:16:26.0367 2516stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    22:16:26.0382 2516stexstor - ok
    22:16:26.0494 2516StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
    22:16:26.0538 2516StillCam - ok
    22:16:26.0878 2516StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    22:16:26.0892 2516StiSvc - ok
    22:16:27.0180 2516stllssvr (e5ff667e416dac99bff16b626234a379) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    22:16:27.0304 2516stllssvr - ok
    22:16:27.0352 2516swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    22:16:27.0366 2516swenum - ok
    22:16:27.0485 2516swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    22:16:27.0515 2516swprv - ok
    22:16:27.0763 2516SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    22:16:27.0790 2516SysMain - ok
    22:16:28.0009 2516TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    22:16:28.0048 2516TabletInputService - ok
    22:16:28.0169 2516TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    22:16:28.0251 2516TapiSrv - ok
    22:16:28.0400 2516TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    22:16:28.0476 2516TBS - ok
    22:16:30.0030 2516Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
    22:16:30.0085 2516Tcpip - ok
    22:16:30.0131 2516TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
    22:16:30.0140 2516TCPIP6 - ok
    22:16:30.0391 2516tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    22:16:30.0392 2516tcpipreg - ok
    22:16:30.0527 2516TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    22:16:30.0561 2516TDPIPE - ok
    22:16:30.0705 2516TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
    22:16:30.0763 2516TDTCP - ok
    22:16:30.0903 2516tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    22:16:30.0939 2516tdx - ok
    22:16:30.0998 2516TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    22:16:31.0037 2516TermDD - ok
    22:16:31.0418 2516TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    22:16:31.0495 2516TermService - ok
    22:16:31.0814 2516Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    22:16:31.0819 2516Themes - ok
    22:16:31.0952 2516THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    22:16:31.0954 2516THREADORDER - ok
    22:16:32.0107 2516TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    22:16:32.0109 2516TrkWks - ok
    22:16:32.0549 2516TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    22:16:32.0734 2516TrustedInstaller - ok
    22:16:32.0801 2516tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:16:32.0819 2516tssecsrv - ok
    22:16:33.0068 2516TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    22:16:33.0147 2516TsUsbFlt - ok
    22:16:33.0535 2516tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    22:16:33.0552 2516tunnel - ok
    22:16:33.0909 2516uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    22:16:34.0000 2516uagp35 - ok
    22:16:34.0608 2516udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    22:16:34.0855 2516udfs - ok
    22:16:35.0190 2516UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    22:16:35.0392 2516UI0Detect - ok
    22:16:35.0606 2516uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    22:16:35.0687 2516uliagpkx - ok
    22:16:35.0806 2516umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    22:16:35.0834 2516umbus - ok
    22:16:35.0892 2516UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    22:16:35.0962 2516UmPass - ok
    22:16:36.0218 2516upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    22:16:36.0232 2516upnphost - ok
    22:16:36.0351 2516USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    22:16:36.0412 2516USBAAPL - ok
    22:16:36.0626 2516usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
    22:16:36.0706 2516usbaudio - ok
    22:16:36.0846 2516usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    22:16:36.0895 2516usbccgp - ok
    22:16:37.0025 2516usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    22:16:37.0078 2516usbcir - ok
    22:16:37.0153 2516usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    22:16:37.0172 2516usbehci - ok
    22:16:37.0453 2516usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    22:16:37.0496 2516usbhub - ok
    22:16:37.0559 2516usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
    22:16:37.0574 2516usbohci - ok
    22:16:37.0638 2516usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    22:16:37.0688 2516usbprint - ok
    22:16:37.0720 2516USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:16:37.0753 2516USBSTOR - ok
    22:16:37.0846 2516usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
    22:16:37.0861 2516usbuhci - ok
    22:16:37.0949 2516usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
    22:16:37.0993 2516usbvideo - ok
    22:16:38.0059 2516UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    22:16:38.0061 2516UxSms - ok
    22:16:38.0092 2516VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    22:16:38.0094 2516VaultSvc - ok
    22:16:38.0133 2516vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    22:16:38.0134 2516vdrvroot - ok
    22:16:38.0359 2516vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    22:16:38.0461 2516vds - ok
    22:16:38.0551 2516vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    22:16:38.0566 2516vga - ok
    22:16:38.0674 2516VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    22:16:38.0703 2516VgaSave - ok
    22:16:38.0745 2516vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    22:16:38.0778 2516vhdmp - ok
    22:16:38.0802 2516viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    22:16:38.0827 2516viaagp - ok
    22:16:38.0907 2516ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    22:16:38.0934 2516ViaC7 - ok
    22:16:39.0031 2516viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    22:16:39.0073 2516viaide - ok
    22:16:39.0130 2516volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    22:16:39.0131 2516volmgr - ok
    22:16:39.0354 2516volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    22:16:39.0358 2516volmgrx - ok
    22:16:39.0462 2516volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    22:16:39.0465 2516volsnap - ok
    22:16:39.0647 2516vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    22:16:39.0705 2516vsmraid - ok
    22:16:40.0020 2516VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    22:16:40.0106 2516VSS - ok
    22:16:40.0461 2516VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
    22:16:40.0517 2516VSTHWBS2 - ok
    22:16:40.0677 2516VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    22:16:40.0744 2516VST_DPV - ok
    22:16:40.0837 2516vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    22:16:40.0879 2516vwifibus - ok
    22:16:40.0939 2516W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    22:16:40.0943 2516W32Time - ok
    22:16:41.0020 2516WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    22:16:41.0035 2516WacomPen - ok
    22:16:41.0683 2516WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    22:16:41.0778 2516WANARP - ok
    22:16:41.0783 2516Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    22:16:41.0784 2516Wanarpv6 - ok
    22:16:42.0738 2516WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
    22:16:44.0219 2516WatAdminSvc - ok
    22:16:45.0057 2516wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    22:16:45.0226 2516wbengine - ok
    22:16:45.0281 2516WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    22:16:45.0302 2516WbioSrvc - ok
    22:16:45.0414 2516WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
    22:16:45.0418 2516WcesComm - ok
    22:16:45.0463 2516wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    22:16:45.0507 2516wcncsvc - ok
    22:16:45.0564 2516WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    22:16:45.0601 2516WcsPlugInService - ok
    22:16:45.0682 2516Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    22:16:45.0702 2516Wd - ok
    22:16:45.0751 2516Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    22:16:45.0756 2516Wdf01000 - ok
    22:16:45.0767 2516WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    22:16:45.0769 2516WdiServiceHost - ok
    22:16:45.0774 2516WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    22:16:45.0776 2516WdiSystemHost - ok
    22:16:46.0399 2516WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    22:16:46.0499 2516WebClient - ok
    22:16:46.0784 2516Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    22:16:46.0804 2516Wecsvc - ok
    22:16:46.0902 2516wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    22:16:46.0921 2516wercplsupport - ok
    22:16:46.0938 2516WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    22:16:46.0962 2516WerSvc - ok
    22:16:47.0026 2516WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    22:16:47.0037 2516WfpLwf - ok
    22:16:47.0108 2516WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    22:16:47.0120 2516WIMMount - ok
    22:16:47.0305 2516winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    22:16:47.0415 2516winachsf - ok
    22:16:47.0424 2516WinHttpAutoProxySvc - ok
    22:16:47.0708 2516Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    22:16:47.0709 2516Winmgmt - ok
    22:16:47.0785 2516WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    22:16:47.0976 2516WinRM - ok
    22:16:48.0393 2516WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    22:16:48.0448 2516WinUsb - ok
    22:16:48.0786 2516Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    22:16:48.0862 2516Wlansvc - ok
    22:16:49.0112 2516wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:16:49.0158 2516wlidsvc - ok
    22:16:49.0378 2516WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    22:16:49.0390 2516WmiAcpi - ok
    22:16:49.0523 2516wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    22:16:49.0583 2516wmiApSrv - ok
    22:16:49.0935 2516WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    22:16:49.0948 2516WMPNetworkSvc - ok
    22:16:50.0091 2516WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    22:16:50.0171 2516WPCSvc - ok
    22:16:50.0392 2516WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    22:16:50.0394 2516WPDBusEnum - ok
    22:16:50.0598 2516ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    22:16:50.0612 2516ws2ifsl - ok
    22:16:50.0616 2516WSearch - ok
    22:16:51.0093 2516WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    22:16:51.0131 2516WudfPf - ok
    22:16:51.0174 2516WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:16:51.0175 2516WUDFRd - ok
    22:16:51.0363 2516wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    22:16:51.0370 2516wudfsvc - ok
    22:16:51.0460 2516WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    22:16:51.0533 2516WwanSvc - ok
    22:16:51.0596 2516MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    22:16:51.0664 2516\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    22:16:51.0664 2516\Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    22:16:51.0687 2516MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1
    22:16:58.0720 2516\Device\Harddisk1\DR1 - ok
    22:16:58.0725 2516MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR7
    22:16:58.0730 2516\Device\Harddisk2\DR7 - ok
    22:16:58.0781 2516Boot (0x1200) (714205f7d510f91c406c08d4140d1bdf) \Device\Harddisk0\DR0\Partition0
    22:16:58.0885 2516\Device\Harddisk0\DR0\Partition0 - ok
    22:16:58.0933 2516Boot (0x1200) (dc0bbea41e1b1827f1196434dd018c8b) \Device\Harddisk0\DR0\Partition1
    22:16:58.0976 2516\Device\Harddisk0\DR0\Partition1 - ok
    22:16:59.0005 2516Boot (0x1200) (dc81eb998cb53f5b9a656bb932cfa768) \Device\Harddisk1\DR1\Partition0
    22:16:59.0008 2516\Device\Harddisk1\DR1\Partition0 - ok
    22:16:59.0015 2516Boot (0x1200) (05c66d76b686a35e068506de7db07ceb) \Device\Harddisk2\DR7\Partition0
    22:16:59.0017 2516\Device\Harddisk2\DR7\Partition0 - ok
    22:16:59.0021 2516============================================================
    22:16:59.0021 2516Scan finished
    22:16:59.0021 2516============================================================
    22:16:59.0035 6008Detected object count: 1
    22:16:59.0035 6008Actual detected object count: 1
    22:17:09.0093 6008\Device\Harddisk0\DR0\# - copied to quarantine
    22:17:09.0383 6008\Device\Harddisk0\DR0 - copied to quarantine
    22:17:11.0569 6008\Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    22:17:11.0651 6008\Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    22:17:11.0731 6008\Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    22:17:11.0842 6008\Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    22:17:11.0921 6008\Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    22:17:12.0080 6008\Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    22:17:13.0494 6008\Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    22:17:13.0528 6008\Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    22:17:13.0534 6008\Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    22:17:13.0538 6008\Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    22:17:13.0975 6008\Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    22:17:14.0088 6008\Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    22:17:14.0110 6008\Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    22:17:14.0131 6008\Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    22:17:14.0295 6008\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    22:17:14.0299 6008\Device\Harddisk0\DR0 - ok
    22:17:14.0694 6008\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    22:17:27.0429 4624Deinitialize success
  9. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  10. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    Here are the results of the Malware bytes scan.

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.14.02
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Bhat Family :: BHATFAMILY-PC [administrator]
    8/14/2012 5:18:32 AM
    mbam-log-2012-08-14 (05-18-32).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 223565
    Time elapsed: 14 minute(s), 41 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 25
    HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 13
    C:\Users\Bhat Family\AppData\Local\Temp\7581.tmp (Trojan.Agent.BRVGen) -> Quarantined and deleted successfully.
    C:\Users\Bhat Family\Downloads\expertpdf7_1527.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
    C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
    C:\Windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\n (Trojan.Zaccess) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Users\Bhat Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Bhat Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Bhat Family\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Bhat Family\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    (end)
  11. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    http://download.bleepingcomputer.com/grinler/beta/rkill.exe
    http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.
     
  12. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    Here are the contents of rkill.txt
    Rkill 2.1.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 08/14/2012 08:03:15 PM in x86 mode.
    Windows Version: Windows 7
    Checking for Windows services to stop.
    * No malware services found to stop.
    Checking for processes to terminate.
    * No malware processes found to kill.
    Checking Registry for malware related settings.
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks.
    * No issues found.
    Searching for Missing Digital Signatures:
    * C:\Windows\System32\services.exe [NoSig]
    Restarting Explorer.exe in order to apply changes.
    Program finished at: 08/14/2012 08:03:29 PM
    Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)
  13. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    http://download.bleepingcomputer.com/grinler/beta/rkill.exe
    http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    Please post BOTH logs, rKill.txt and Combofix.txt.
  14. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    Here are the results after running Combofix

    ComboFix 12-08-14.05 - Bhat Family 08/14/2012 20:22:19.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1866 [GMT -4:00]
    Running from: c:\users\Bhat Family\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\assembly\GAC\Desktop.ini
    c:\windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\@
    c:\windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\L\00000004.@
    c:\windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\L\201d3dde
    c:\windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\U\00000004.@
    c:\windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\U\00000008.@
    c:\windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\U\000000cb.@
    c:\windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\U\80000000.@
    c:\windows\Installer\{14f73684-5246-a5eb-3c41-009adcb7b15c}\U\80000032.@
    F:\autorun.inf
    .
    Infected copy of c:\windows\system32\services.exe was found and disinfected
    Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy8_!Windows!System32!services.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-15 00:36 . 2012-08-15 00:36 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-15 00:15 . 2012-08-15 00:38 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FBB1173-6FC1-49A9-B721-BD22AC00F7D7}\offreg.dll
    2012-08-14 02:17 . 2012-08-14 02:17 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-13 06:39 . 2012-08-13 06:40 -------- d-----w- C:\FRST
    2012-08-13 01:32 . 2012-02-09 18:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-08-13 01:32 . 2012-02-09 18:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA2F5736-218B-4A0F-B692-3A535EC5C14F}\gapaengine.dll
    2012-08-13 01:31 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FE75A08-62C1-46A3-9218-CC75C118163F}\mpengine.dll
    2012-08-13 01:17 . 2012-08-13 01:17 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-12 19:52 . 2012-08-12 19:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-10 01:36 . 2012-08-10 01:36 109568 ----a-w- c:\programdata\Microsoft\Windows\DRM\6DE2.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-03 13:49 . 2012-04-29 13:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-03 13:49 . 2011-05-15 12:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-03 17:46 . 2012-02-20 16:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-12 02:40 . 2012-07-11 07:02 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-06-06 05:05 . 2012-07-10 20:36 1390080 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:05 . 2012-07-10 20:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:03 . 2012-07-10 20:36 805376 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-02 22:19 . 2012-06-22 01:15 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 01:15 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 01:15 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 01:15 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-22 01:15 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-22 01:15 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-22 01:15 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-22 01:15 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:12 . 2012-06-22 01:15 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 08:33 . 2012-07-11 07:35 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25 . 2012-07-11 07:35 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25 . 2012-07-11 07:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20 . 2012-07-11 07:35 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16 . 2012-07-11 07:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 04:45 . 2012-07-10 20:36 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45 . 2012-07-10 20:36 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40 . 2012-07-10 20:36 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40 . 2012-07-10 20:36 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:39 . 2012-07-10 20:36 219136 ----a-w- c:\windows\system32\ncrypt.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickenScheduledUpdates"="c:\program files\Quicken\bagent.exe" [2011-03-10 77656]
    "SanDiskSecureAccess_Manager.exe"="c:\users\Bhat Family\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-06-29 27311232]
    "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "CAHeadless"="c:\program files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-06 615808]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-03 17355912]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
    "AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
    "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
    S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
    S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - SRTSPX
    *Deregistered* - SymEvent
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 13:49]
    .
    2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-275413225-1255351595-1175814651-1000Core.job
    - c:\users\Bhat Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-16 15:41]
    .
    2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-275413225-1255351595-1175814651-1000UA.job
    - c:\users\Bhat Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-16 15:41]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=21
    mStart Page = hxxp://start.funmoods.com/?f=1&a=fmtoby&chnl=fmtoby&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzyzz0D0F0DtB0BtB0EtBtBtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1359594929
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1 68.238.112.12
    DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} - hxxps://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-MsMpSvc
    AddRemove-CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\atieclxx.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\conhost.exe
    c:\windows\RtHDVCpl.exe
    c:\windows\system32\schtasks.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\windows\system32\conhost.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\windows defender\MpCmdRun.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-14 20:49:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-15 00:49
    .
    Pre-Run: 259,870,380,032 bytes free
    Post-Run: 265,647,460,352 bytes free
    .
    - - End Of File - - ADE48E33CF94F51E0A6616BC14854350
  15. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    I am unable to start my anti-vrus as Microsoft Security Essentials as I get the error message "The specified service does not existsas an installed service"
  16. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    Reinstall MSE.

    Combofix looks good.

    ====================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  17. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    Results of the Maware bytes scan
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.14.07
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Bhat Family :: BHATFAMILY-PC [administrator]
    8/14/2012 9:31:42 PM
    mbam-log-2012-08-14 (21-31-42).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 206290
    Time elapsed: 4 minute(s), 13 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    Results of the OTL scan
    OTL logfile created on: 8/15/2012 6:16:12 AM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Bhat Family\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.01% Memory free
    6.00 Gb Paging File | 4.41 Gb Available in Paging File | 73.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 456.91 Gb Total Space | 240.43 Gb Free Space | 52.62% Space Free | Partition Type: NTFS
    Drive D: | 8.85 Gb Total Space | 1.20 Gb Free Space | 13.52% Space Free | Partition Type: NTFS
    Drive F: | 298.09 Gb Total Space | 73.95 Gb Free Space | 24.81% Space Free | Partition Type: NTFS

    Computer Name: BHATFAMILY-PC | User Name: Bhat Family | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/15 00:35:32 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
    PRC - [2012/08/14 22:01:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bhat Family\Desktop\OTL.exe
    PRC - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2011/10/03 10:14:06 | 001,409,384 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
    PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2011/06/29 11:56:42 | 027,311,232 | ---- | M] (Gemalto N.V.) -- C:\Users\Bhat Family\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2011/03/10 17:58:18 | 000,077,656 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken\bagent.exe
    PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/11/20 08:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
    PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
    PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/05/31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe
    PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
    PRC - [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    PRC - [2006/12/08 12:16:56 | 000,065,536 | ---- | M] () -- C:\hp\KBD\KbdStub.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/12 23:29:34 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
    MOD - [2012/06/12 22:36:17 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
    MOD - [2012/06/12 22:36:04 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
    MOD - [2012/06/12 22:35:55 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
    MOD - [2012/06/12 22:35:54 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
    MOD - [2012/05/12 23:20:15 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
    MOD - [2012/05/12 23:20:15 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
    MOD - [2012/05/12 23:17:26 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/12 23:15:06 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
    MOD - [2012/05/12 23:15:04 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
    MOD - [2012/05/12 23:15:00 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
    MOD - [2012/05/12 23:14:55 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/06/29 04:56:06 | 011,483,264 | ---- | M] () -- C:\Users\Bhat Family\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
    MOD - [2006/12/08 12:16:56 | 000,065,536 | ---- | M] () -- C:\hp\KBD\KbdStub.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/08/15 00:35:45 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
    SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/08/22 21:38:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/08/21 21:31:37 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
    SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\BHATFA~1\AppData\Local\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\BHATFA~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/08/14 21:48:51 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7EF73D9B-0AF3-4B56-BE1B-191DB3D23EFC}\MpKsl6ef5800b.sys -- (MpKsl6ef5800b)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
    DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2009/07/13 18:54:14 | 001,394,688 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
    DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
    DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2009/06/10 17:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007/10/26 11:51:26 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
    DRV - [2007/10/26 11:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=fm...CzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1359594929
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9EE08BE5-1640-437A-88EC-F2819B11B1F3}
    IE - HKLM\..\SearchScopes,DefaultScope = {9EE08BE5-1640-437A-88EC-F2819B11B1F3}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{29E07370-60E0-991B-5FD9-1A24D32E2228}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKLM\..\SearchScopes\{3BECA0B7-1ECF-4BF5-9E40-AF1E5AC9EE0A}: "URL" = http://search.live.com/results.aspx...entrypoint={referrer:source?}&amp;FORM=HVDUS7
    IE - HKLM\..\SearchScopes\{9EE08BE5-1640-437A-88EC-F2819B11B1F3}: "URL" = http://start.funmoods.com/results.p...CzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1359594929
    IE - HKLM\..\SearchScopes\{F001B315-0527-4551-A6F1-1B4FEA5C3F69}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://my.yahoo.com/
    IE - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=21
    IE - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\..\SearchScopes,Backup.Old.DefaultScope = {9F5C104D-5417-4CC7-B50A-E520DE4C6FB8}
    IE - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\..\SearchScopes,DefaultScope = {29E07370-60E0-991B-5FD9-1A24D32E2228}
    IE - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\..\SearchScopes\{29E07370-60E0-991B-5FD9-1A24D32E2228}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\..\SearchScopes\{9EE08BE5-1640-437A-88EC-F2819B11B1F3}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bhat Family\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bhat Family\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Bhat Family\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/26 20:41:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.0.0.48\coFFFw\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/27 13:19:22 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/26 20:41:47 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: http://start.funmoods.com/?f=1&a=fm...CzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1359594929
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://start.funmoods.com/?f=1&a=fm...CzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1359594929
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bhat Family\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Bhat Family\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bhat Family\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll
    CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Bhat Family\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Bhat Family\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Funmoods = C:\Users\Bhat Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
    CHR - Extension: SpeedDial = C:\Users\Bhat Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\
    CHR - Extension: InvisibleHand = C:\Users\Bhat Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.8.6_0\
    CHR - Extension: Skype Click to Call = C:\Users\Bhat Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\

    O1 HOSTS File: ([2012/08/14 20:38:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
    O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
    O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-275413225-1255351595-1175814651-1000..\Run: [CAHeadless] C:\Program Files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-275413225-1255351595-1175814651-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-275413225-1255351595-1175814651-1000..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
    O4 - HKU\S-1-5-21-275413225-1255351595-1175814651-1000..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\Bhat Family\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB (CheckFileStatus.UserControl1)
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/67.17/uploader2.cab (UploadListView Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFE5E320-2567-4914-9095-529B2FA17B78}: DhcpNameServer = 192.168.1.1 68.238.112.12
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\awave.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\awave.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/14 22:01:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Bhat Family\Desktop\OTL.exe
    [2012/08/14 21:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/08/14 20:49:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/14 20:19:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/14 20:19:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/14 20:19:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/14 20:14:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/14 20:14:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/14 20:12:29 | 004,731,615 | R--- | C] (Swearware) -- C:\Users\Bhat Family\Desktop\ComboFix.exe
    [2012/08/14 20:00:56 | 001,118,624 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Bhat Family\Desktop\rkill.exe
    [2012/08/13 22:17:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/13 02:39:29 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/12 15:52:47 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/15 06:13:05 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-275413225-1255351595-1175814651-1000UA.job
    [2012/08/15 06:13:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/15 06:13:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/14 22:01:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bhat Family\Desktop\OTL.exe
    [2012/08/14 21:35:28 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/14 21:35:28 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/14 21:30:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/08/14 21:30:07 | 000,626,154 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/08/14 21:30:07 | 000,107,430 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/08/14 20:42:35 | 000,002,488 | ---- | M] () -- C:\Users\Bhat Family\Desktop\Google Chrome.lnk
    [2012/08/14 20:38:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/08/14 20:37:35 | 2414,706,688 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/14 20:12:31 | 004,731,615 | R--- | M] (Swearware) -- C:\Users\Bhat Family\Desktop\ComboFix.exe
    [2012/08/14 20:00:56 | 001,118,624 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Bhat Family\Desktop\rkill.exe
    [2012/08/14 05:18:05 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/13 22:11:34 | 002,117,108 | ---- | M] () -- C:\Users\Bhat Family\Desktop\tdsskiller.zip
    [2012/08/12 20:36:02 | 367,814,060 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/08/09 08:40:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-275413225-1255351595-1175814651-1000Core.job
    [2012/08/07 21:16:38 | 023,870,334 | ---- | M] () -- C:\Users\Bhat Family\Desktop\Kunidu Kunidu Baare - PitchA#.wav
    [2012/07/31 10:43:43 | 038,056,556 | ---- | M] () -- C:\Users\Bhat Family\Desktop\Bole_Re_Paihara-Guddi-HKS-Pitch B.wav
    [2012/07/31 10:41:43 | 058,548,524 | ---- | M] () -- C:\Users\Bhat Family\Desktop\Ishq_Sufiyana(female)-The_Dirty_Picture-HKS -PitchG#.wav
    [2012/07/27 18:12:20 | 000,142,398 | ---- | M] () -- C:\Users\Bhat Family\Desktop\ETrade Options.pdf
    [2012/07/27 18:08:57 | 000,141,631 | ---- | M] () -- C:\Users\Bhat Family\Desktop\ETrade Brokerage.pdf
    [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/14 21:30:08 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/08/14 20:19:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/14 20:19:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/14 20:19:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/14 20:19:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/14 20:19:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/13 22:13:59 | 002,117,108 | ---- | C] () -- C:\Users\Bhat Family\Desktop\tdsskiller.zip
    [2012/08/07 21:16:36 | 023,870,334 | ---- | C] () -- C:\Users\Bhat Family\Desktop\Kunidu Kunidu Baare - PitchA#.wav
    [2012/07/31 10:43:40 | 038,056,556 | ---- | C] () -- C:\Users\Bhat Family\Desktop\Bole_Re_Paihara-Guddi-HKS-Pitch B.wav
    [2012/07/31 10:41:39 | 058,548,524 | ---- | C] () -- C:\Users\Bhat Family\Desktop\Ishq_Sufiyana(female)-The_Dirty_Picture-HKS -PitchG#.wav
    [2012/07/27 18:12:20 | 000,142,398 | ---- | C] () -- C:\Users\Bhat Family\Desktop\ETrade Options.pdf
    [2012/07/27 18:08:56 | 000,141,631 | ---- | C] () -- C:\Users\Bhat Family\Desktop\ETrade Brokerage.pdf
    [2012/07/08 19:55:31 | 000,384,844 | ---- | C] () -- C:\Users\Bhat Family\AppData\Local\funmoods-speeddial.crx
    [2012/01/19 22:01:46 | 000,000,307 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2012/01/11 03:25:01 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{14f73684-5246-a5eb-3c41-009adcb7b15c}\@
    [2012/01/02 12:39:30 | 000,000,288 | ---- | C] () -- C:\Users\Bhat Family\AppData\Roaming\.backup.dm
    [2011/11/06 10:46:34 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
    [2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2011/03/27 11:39:17 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
    [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2011/01/31 21:48:30 | 000,000,048 | ---- | C] () -- C:\Windows\TaxACT10.ini
    [2011/01/22 12:08:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/08/27 20:59:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/08/26 20:37:44 | 000,221,154 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2010/08/26 20:37:44 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2010/08/25 21:23:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/08/22 21:21:33 | 000,065,536 | ---- | C] () -- C:\Users\Bhat Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/21 20:10:33 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2010/08/21 15:24:23 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat

    ========== LOP Check ==========

    [2012/08/12 09:27:38 | 000,000,000 | ---D | M] -- C:\Users\Bhat Family\AppData\Roaming\Audacity
    [2011/06/19 15:32:16 | 000,000,000 | ---D | M] -- C:\Users\Bhat Family\AppData\Roaming\Bullzip
    [2011/11/30 21:23:41 | 000,000,000 | ---D | M] -- C:\Users\Bhat Family\AppData\Roaming\Garmin
    [2011/02/22 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\Bhat Family\AppData\Roaming\JimbobSoft
    [2010/09/02 21:28:55 | 000,000,000 | ---D | M] -- C:\Users\Bhat Family\AppData\Roaming\No Company Name
    [2011/10/16 15:08:24 | 000,000,000 | ---D | M] -- C:\Users\Bhat Family\AppData\Roaming\OverDrive
    [2012/07/15 10:46:38 | 000,000,000 | ---D | M] -- C:\Users\Bhat Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
    [2012/01/03 16:28:53 | 000,000,000 | ---D | M] -- C:\Users\Bhat Family\AppData\Roaming\SanDisk
    [2010/08/21 15:21:03 | 000,000,000 | ---D | M] -- C:\Users\Bhat Family\AppData\Roaming\Snapfish
    [2010/08/21 15:21:03 | 000,000,000 | ---D | M] -- C:\Users\Bhat Family\AppData\Roaming\WinBatch
    [2012/08/13 22:17:38 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
  18. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    Extras.txt?

    Did you reinstall MSE?
     
  19. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    Yes I did do that and it is working fine now.

    Thanks
    Anil
  20. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    Here is the data from Extras.Txt


    OTL Extras logfile created on: 8/15/2012 6:16:12 AM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Bhat Family\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.01% Memory free
    6.00 Gb Paging File | 4.41 Gb Available in Paging File | 73.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 456.91 Gb Total Space | 240.43 Gb Free Space | 52.62% Space Free | Partition Type: NTFS
    Drive D: | 8.85 Gb Total Space | 1.20 Gb Free Space | 13.52% Space Free | Partition Type: NTFS
    Drive F: | 298.09 Gb Total Space | 73.95 Gb Free Space | 24.81% Space Free | Partition Type: NTFS

    Computer Name: BHATFAMILY-PC | User Name: Bhat Family | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BAFA1334-D3BE-4FDF-A3C2-A3A12C2D195F}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{C0691654-8B31-4768-B3DE-B7523FE7A2D8}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "UDP Query User{194F4C41-1A25-4573-B2B0-52253FB8C2E3}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
    "{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{13F2B82E-9F78-4518-826F-2DF37B58AEDD}" = 3200
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
    "{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{549622DF-3674-459C-81F3-38124A45FA0E}" = MusicBridge
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{69EB5C18-1222-41F1-8C75-69B5F55F4321}" = Garmin Lifetime Updater
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
    "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
    "{98271E36-75B8-7D6E-DD22-F0DCEE9A7E1E}" = Adobe Photoshop.com Inspiration Browser
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
    "{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}" = 3100_3200_3300_Help
    "{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    "{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{E0A43EF2-46A5-4de2-916A-C515D8AA1618}" = 3100_3200_3300trb
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Adobe SVG Viewer" = Adobe SVG Viewer 6.0
    "Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
    "Audacity_is1" = Audacity 2.0
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
    "Bullzip PDF Printer_is1" = Bullzip PDF Printer 4.0.0.463
    "GoldWave v5.58" = GoldWave v5.58
    "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
    "Picasa 3" = Picasa 3
    "PremElem80" = Adobe Premiere Elements 8.0
    "Shop for HP Supplies" = Shop for HP Supplies
    "TurboTax 2010" = TurboTax 2010
    "TurboTax 2011" = TurboTax 2011
    "Verizon Help and Support" = Verizon Help and Support Tool
    "WildTangent hp Master Uninstall" = My HP Games
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Toolbar" = Yahoo! Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-275413225-1255351595-1175814651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
    "Google Chrome" = Google Chrome
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/11/2011 7:35:28 PM | Computer Name = BhatFamily-PC | Source = Bonjour Service | ID = 100
    Description = 432: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 9/11/2011 7:35:28 PM | Computer Name = BhatFamily-PC | Source = Bonjour Service | ID = 100
    Description = 436: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 9/11/2011 7:35:28 PM | Computer Name = BhatFamily-PC | Source = Bonjour Service | ID = 100
    Description = 452: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 9/11/2011 7:35:28 PM | Computer Name = BhatFamily-PC | Source = Bonjour Service | ID = 100
    Description = 460: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 9/12/2011 12:31:39 AM | Computer Name = BhatFamily-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 9/12/2011 1:35:27 PM | Computer Name = BhatFamily-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
    mDNS_reentrancy (0)

    Error - 9/12/2011 1:35:27 PM | Computer Name = BhatFamily-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
    != mDNS_reentrancy (0)

    Error - 9/13/2011 10:50:57 AM | Computer Name = BhatFamily-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 9/15/2011 11:04:36 AM | Computer Name = BhatFamily-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 116c Start
    Time: 01cc73b8b7f05760 Termination Time: 18 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id: f9dcbe71-dfab-11e0-9a09-001bb98dfd2b

    Error - 9/15/2011 12:28:53 PM | Computer Name = BhatFamily-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    [ System Events ]
    Error - 8/14/2012 8:43:52 PM | Computer Name = BhatFamily-PC | Source = Service Control Manager | ID = 7022
    Description = The Windows Update service hung on starting.

    Error - 8/14/2012 9:30:48 PM | Computer Name = BhatFamily-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%853
    Source
    Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
    Current
    Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description:
    The program can't check for definition updates.

    Error - 8/14/2012 9:30:48 PM | Computer Name = BhatFamily-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%853
    Source
    Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
    Current
    Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description:
    The program can't check for definition updates.

    Error - 8/14/2012 9:31:10 PM | Computer Name = BhatFamily-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%853
    Source
    Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
    Current
    Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description:
    The program can't check for definition updates.

    Error - 8/14/2012 9:31:10 PM | Computer Name = BhatFamily-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%853
    Source
    Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
    Current
    Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description:
    The program can't check for definition updates.

    Error - 8/14/2012 9:48:06 PM | Computer Name = BhatFamily-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.131.2076.0 Update Source: %%851 Update Stage:
    %%854 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
    Signature
    Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This
    package does not contain up-to-date definition files for this program. For more
    information, see Help and Support.

    Error - 8/14/2012 9:48:06 PM | Computer Name = BhatFamily-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.131.2076.0 Update Source: %%851 Update Stage:
    %%854 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
    Signature
    Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This
    package does not contain up-to-date definition files for this program. For more
    information, see Help and Support.

    Error - 8/14/2012 9:48:06 PM | Computer Name = BhatFamily-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.131.2076.0 Update Source: %%851 Update Stage:
    %%854 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
    Signature
    Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This
    package does not contain up-to-date definition files for this program. For more
    information, see Help and Support.

    Error - 8/14/2012 9:48:06 PM | Computer Name = BhatFamily-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.131.2076.0 Update Source: %%851 Update Stage:
    %%854 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
    Signature
    Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This
    package does not contain up-to-date definition files for this program. For more
    information, see Help and Support.

    Error - 8/14/2012 9:48:06 PM | Computer Name = BhatFamily-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.131.2076.0 Update Source: %%851 Update Stage:
    %%854 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
    Signature
    Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This
    package does not contain up-to-date definition files for this program. For more
    information, see Help and Support.


    < End of report >
  21. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O15 - HKU\S-1-5-21-275413225-1255351595-1175814651-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/08/13 02:39:29 | 000,000,000 | ---D | C] -- C:\FRST
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Windows\System32\config\systemprofile\AppData\Local\{14f73684-5246-a5eb-3c41-009adcb7b15c}
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  22. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    Results after running the OTL.exe RunFix

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-275413225-1255351595-1175814651-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry key HKEY_USERS\S-1-5-21-275413225-1255351595-1175814651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\FRST\Quarantine\{14f73684-5246-a5eb-3c41-009adcb7b15c}\U folder moved successfully.
    C:\FRST\Quarantine\{14f73684-5246-a5eb-3c41-009adcb7b15c}\L folder moved successfully.
    C:\FRST\Quarantine\{14f73684-5246-a5eb-3c41-009adcb7b15c} folder moved successfully.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Windows\System32\config\systemprofile\AppData\Local\{14f73684-5246-a5eb-3c41-009adcb7b15c}\U folder moved successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\{14f73684-5246-a5eb-3c41-009adcb7b15c}\L folder moved successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\{14f73684-5246-a5eb-3c41-009adcb7b15c} folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bhat Family
    ->Temp folder emptied: 1746946 bytes
    ->Temporary Internet Files folder emptied: 412197188 bytes
    ->Java cache emptied: 1035985 bytes
    ->Google Chrome cache emptied: 385748790 bytes
    ->Flash cache emptied: 15261780 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56478 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 55507 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 778.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Bhat Family
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Bhat Family
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.56.0 log created on 08152012_210753
    Files\Folders moved on Reboot...
    C:\Users\Bhat Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EWR67F0O\ads[1].htm moved successfully.
    C:\Users\Bhat Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Bhat Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    PendingFileRenameOperations files...
    File C:\Users\Bhat Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EWR67F0O\ads[1].htm not found!
    File C:\Users\Bhat Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
    File C:\Users\Bhat Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
    Registry entries deleted on Reboot...
  23. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    Results after running SecurityCheck.Exe

    Results of screen317's Security Check version 0.99.44
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Adobe Reader X (10.1.4)
    Google Chrome 21.0.1180.77
    Google Chrome 21.0.1180.79
    Google Chrome VisualElementsManifest.xml..
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  24. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    Results after running Farbar Scanner Service

    Farbar Service Scanner Version: 06-08-2012
    Ran by Bhat Family (administrator) on 15-08-2012 at 21:23:26
    Running from "C:\Users\Bhat Family\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
  25. AB Hat

    AB Hat Newcomer, in training Topic Starter Posts: 19

    Ran TFC.EXE

    Ran ESET Scanner. Here are the results

    C:\ProgramData\Microsoft\Windows\DRM\6DE2.tmp a variant of Win32/Kryptik.AJYL trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.08.2012_22.15.14\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.08.2012_22.15.14\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.08.2012_22.15.14\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.08.2012_22.15.14\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.