Solved Windows 7 maniacally uploads/downloads upon connecting – Malwarebytes installation ac

S

SCnative

Posts: 20   +0
Thank you in advance for any help you can offer.

When I log into my Windows 7 computer, the moment it gets an internet connection, it begins to automatically upload/download data relentlessly. I thought it must be some sort of automatic update process by windows or some other software but this does not seem to be the case.

My Firefox browser will not even open. When I open IE it might navigate to a web page or it might not and if it does it does it slowly.

I had an updated version of Malwarebytes on my computer but it will not let me run it, even in safe mode. I tried to re-install it off of my usb drive (since my internet connection is basically useless) and access is denied.

I’m not sure what to do next and do not want to run combofix unless instructed to do so.
Please advise and again, thank you for your help.

SJ
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
Thanks.

I'll try this when I get home tonight. My work computer (county school district network) will not let me download the file (it sees it as a threat) but I will do it on my son's computer when I get home. I'll get back asap and again, thanks.

SJ
 
Latest ...

OK. I created the CD and booted from it. I double-clicked on OTLPE and a Browse For Folder window came up asking me to Choose Windows Directory. I selected Local Disk (E:)/Windows. It did not ask Do you wish to load the remote registry?. But everything else was as described. Please see copied file below:

OTL logfile created on: 2/21/2012 8:15:45 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\windows | %ProgramFiles% = E:\Program Files
Drive C: | 200.00 Mb Total Space | 171.87 Mb Free Space | 85.94% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 29.59 Gb Free Space | 97.84% Space Free | Partition Type: NTFS
Drive E: | 187.67 Gb Total Space | 88.77 Gb Free Space | 47.30% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/11/14 04:16:38 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto] -- E:\Users\Sullivan\AppData\Local\Temp\7zS36B2\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand] -- E:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand] -- E:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/14 13:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 13:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2011/04/14 13:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Auto] -- E:\windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/07/23 08:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) [Auto] -- E:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2010/07/20 10:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) [Auto] -- E:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2010/05/07 07:16:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- E:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/28 09:41:06 | 000,472,328 | ---- | M] (Lenovo Group Limited) [On_Demand] -- E:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009/07/28 09:41:04 | 000,414,984 | ---- | M] (Lenovo Group Limited) [On_Demand] -- E:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009/07/14 09:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto] -- E:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto] -- E:\windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/06/04 14:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/11 12:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- -- (RtsUIR)
DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk01)
DRV - [2011/04/14 13:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- E:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 13:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 13:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/04/14 13:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 13:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 13:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 13:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/04/14 13:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 13:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/09 04:56:16 | 000,054,800 | ---- | M] () [Kernel | System] -- E:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009/07/30 04:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/28 16:09:38 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand] -- E:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009/07/21 16:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand] -- E:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/16 07:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/06/14 21:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/05/19 08:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/03/13 11:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/08/06 07:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/03/14 08:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2000/02/22 14:46:40 | 000,009,152 | ---- | M] () [Kernel | Auto] -- E:\windows\System32\drivers\TICalc.sys -- (TICalc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\NetworkService_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Sullivan_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14597
IE - HKU\Sullivan_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\Sullivan_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Sullivan_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 31 A3 EF 1F 43 CB 01 [binary data]
IE - HKU\Sullivan_ON_E\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Sullivan_ON_E\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Sullivan_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sullivan_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: E:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: E:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/20 16:34:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 01:33:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/17 01:33:08 | 000,000,000 | ---D | M]

[2012/02/17 01:33:08 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2012/02/17 01:33:08 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/05 21:10:19 | 000,142,296 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- E:\Program Files\mozilla firefox\components\Scriptff.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 10:32:02 | 000,002,252 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/03/28 11:56:18 | 000,002,035 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\fcmdSrchFxt.xml
[2012/02/12 10:32:02 | 000,002,040 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - E:\Program Files\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111002181022.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - E:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - E:\Program Files\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - E:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Sullivan_ON_E\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Sullivan_ON_E\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\Sullivan_ON_E\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] E:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Energy Management] E:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] E:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [facemoods] E:\Program Files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [HandyShareStartup] E:\Program Files\ZOOM\HandyShare\HandyShare_startup.exe ()
O4 - HKLM..\Run: [IAAnotif] E:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IdeaNotesUser] E:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] E:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PLFSetL] File not found
O4 - HKLM..\Run: [RoxWatchTray] E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [snp2uvc] File not found
O4 - HKLM..\Run: [UpdateP2GShortCut] E:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] File not found
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - E:\Program Files\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/21 19:24:03 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/02/20 19:54:42 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- E:\Users\Sullivan\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/13 20:22:04 | 000,000,000 | -H-D | C] -- E:\Users\Sullivan\AppData\Roaming\DF366
[2012/02/13 20:21:27 | 000,000,000 | -H-D | C] -- E:\Users\Sullivan\AppData\Roaming\E89DF
[2012/02/13 20:15:13 | 000,000,000 | -H-D | C] -- E:\Program Files\DF366
[2012/02/13 20:14:37 | 000,000,000 | -H-D | C] -- E:\Program Files\LP
[2012/02/12 16:29:55 | 000,000,000 | -H-D | C] -- E:\Users\Sullivan\AppData\Local\fxMobileman
[2012/02/12 11:27:38 | 000,000,000 | -H-D | C] -- E:\Users\Sullivan\Desktop\CofCSpring2012
[2012/02/05 19:15:14 | 000,000,000 | -H-D | C] -- E:\Users\Sullivan\Desktop\MadoxPiano
[2011/02/06 14:04:12 | 000,018,944 | ---- | C] ( ) -- E:\windows\System32\implode.dll
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- E:\windows\System32\IGFXDEVLib.dll
[2009/11/09 04:54:58 | 000,196,608 | ---- | C] ( ) -- E:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2012/02/21 19:33:25 | 000,067,584 | --S- | M] () -- E:\windows\bootstat.dat
[2012/02/21 19:29:42 | 000,009,920 | -H-- | M] () -- E:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 19:29:42 | 000,009,920 | -H-- | M] () -- E:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 19:26:35 | 000,671,028 | ---- | M] () -- E:\windows\System32\perfh009.dat
[2012/02/21 19:26:35 | 000,124,186 | ---- | M] () -- E:\windows\System32\perfc009.dat
[2012/02/21 19:24:03 | 000,001,828 | ---- | M] () -- E:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012/02/21 19:24:03 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/02/21 19:21:56 | 000,000,886 | ---- | M] () -- E:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/21 19:21:19 | 2384,920,576 | -HS- | M] () -- E:\hiberfil.sys
[2012/02/21 19:17:21 | 000,000,890 | ---- | M] () -- E:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/20 20:31:55 | 000,002,239 | ---- | M] () -- E:\Users\Sullivan\Desktop\OneKey Recovery.lnk
[2012/02/20 20:01:24 | 001,008,141 | ---- | M] () -- E:\Users\Sullivan\Desktop\rkill.com
[2012/02/20 19:53:06 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- E:\Users\Sullivan\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/20 19:38:28 | 295,525,473 | ---- | M] () -- E:\windows\MEMORY.DMP
[2012/02/17 01:34:26 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI InterActive!
[2012/02/17 01:34:26 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/02/17 01:33:51 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/02/17 01:33:51 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/02/17 01:33:51 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/02/17 01:33:51 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/02/17 01:33:51 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZOOM
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Converter
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIXELA
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\MathType 6
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Idea Notes
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Idea Central
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\HM Testing
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diploma 6
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cucusoft iPod to Computer
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression 2
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA Audio Extractor
[2012/02/15 21:38:39 | 000,006,512 | ---- | M] () -- E:\bootsqm.dat
[2012/01/23 20:01:25 | 007,624,620 | ---- | M] () -- E:\Users\Sullivan\Documents\Backup-(2012-01-23).ipd

========== Files Created - No Company Name ==========

[2012/02/20 20:01:50 | 001,008,141 | ---- | C] () -- E:\Users\Sullivan\Desktop\rkill.com
[2012/02/15 21:38:39 | 000,006,512 | ---- | C] () -- E:\bootsqm.dat
[2012/01/23 20:01:25 | 007,624,620 | ---- | C] () -- E:\Users\Sullivan\Documents\Backup-(2012-01-23).ipd
[2011/08/27 16:25:00 | 000,000,209 | ---- | C] () -- E:\windows\IC32.INI
[2011/02/06 14:04:17 | 000,039,936 | ---- | C] () -- E:\windows\System32\Crxlat32.dll
[2011/02/06 14:04:16 | 000,131,072 | ---- | C] () -- E:\windows\System32\P2sodbc.dll
[2011/02/06 14:04:16 | 000,054,272 | ---- | C] () -- E:\windows\System32\P2irdao.dll
[2011/02/06 14:04:16 | 000,050,176 | ---- | C] () -- E:\windows\System32\P2ctdao.dll
[2011/02/06 14:04:12 | 000,748,160 | ---- | C] () -- E:\windows\System32\Co2c40en.dll
[2011/02/06 14:04:11 | 000,409,600 | ---- | C] () -- E:\windows\System32\Tx32.dll
[2011/02/06 14:04:11 | 000,210,944 | ---- | C] () -- E:\windows\System32\msvcrt10.dll
[2011/02/06 14:04:11 | 000,000,151 | ---- | C] () -- E:\windows\System32\ic32.ini
[2011/02/06 14:04:10 | 000,032,768 | ---- | C] () -- E:\windows\System32\textbmp.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- E:\windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- E:\windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- E:\windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- E:\windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- E:\windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- E:\windows\System32\iglhcp32.dll
[2010/03/12 10:36:43 | 000,057,344 | ---- | C] () -- E:\windows\System32\ff_vfw.dll
[2009/11/09 04:56:59 | 002,110,728 | ---- | C] () -- E:\windows\System32\Apblend.dll
[2009/11/09 04:56:59 | 001,410,312 | ---- | C] () -- E:\windows\System32\IcnOvrly.dll
[2009/11/09 04:56:59 | 001,171,456 | ---- | C] () -- E:\windows\System32\PicNotify.dll
[2009/11/09 04:56:59 | 000,660,744 | ---- | C] () -- E:\windows\System32\EncIcons.dll
[2009/11/09 04:56:59 | 000,513,288 | ---- | C] () -- E:\windows\System32\SimpleExt.dll
[2009/11/09 04:56:48 | 001,044,480 | ---- | C] () -- E:\windows\System32\3DImageRenderer.dll
[2009/11/09 04:56:16 | 000,057,344 | ---- | C] () -- E:\windows\AsfHelper.dll
[2009/11/09 04:56:16 | 000,054,800 | ---- | C] () -- E:\windows\System32\drivers\funfrm.sys
[2009/11/09 04:54:58 | 001,759,616 | ---- | C] () -- E:\windows\System32\drivers\snp2uvc.sys
[2009/11/09 04:54:58 | 000,028,544 | ---- | C] () -- E:\windows\System32\drivers\sncduvc.sys
[2009/11/09 04:54:58 | 000,015,497 | ---- | C] () -- E:\windows\snp2uvc.ini
[2009/11/09 04:53:34 | 000,140,288 | ---- | C] () -- E:\windows\System32\igfxtvcx.dll
[2009/11/09 04:49:42 | 000,016,648 | R--- | C] () -- E:\windows\System32\LogAPI.dll
[2009/11/09 04:47:44 | 000,134,592 | ---- | C] () -- E:\windows\System32\igfcg500.bin
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- E:\windows\bootstat.dat
[2009/07/13 23:33:53 | 000,502,272 | ---- | C] () -- E:\windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,671,028 | ---- | C] () -- E:\windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- E:\windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,124,186 | ---- | C] () -- E:\windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- E:\windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- E:\windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- E:\windows\System32\dssec.dat
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- E:\windows\System32\DShowRdpFilter.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- E:\windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- E:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\windows\System32\mlang.dat
[2008/06/30 15:29:21 | 000,631,472 | ---- | C] () -- E:\windows\System32\brgrt.DLL
[2007/11/21 11:57:29 | 000,581,872 | ---- | C] () -- E:\windows\System32\WODCERTIFICATE.DLL
[1999/08/31 15:00:20 | 000,009,152 | ---- | C] () -- E:\windows\System32\drivers\TICalc.sys

========== LOP Check ==========

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/02/17 01:23:12 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonBJ
[2012/02/17 01:23:16 | 000,000,000 | -H-D | M] -- E:\ProgramData\DDNI
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/11/09 04:56:16 | 000,000,000 | -H-D | M] -- E:\ProgramData\EasyCapture
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2009/11/09 05:00:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\GuardID Systems
[2010/03/13 05:49:29 | 000,000,000 | -H-D | M] -- E:\ProgramData\iBackup
[2010/03/13 05:50:23 | 000,000,000 | -H-D | M] -- E:\ProgramData\iPodtoComputer
[2009/11/09 05:01:08 | 000,000,000 | -H-D | M] -- E:\ProgramData\IsolatedStorage
[2010/03/13 11:06:22 | 000,000,000 | -H-D | M] -- E:\ProgramData\Pixela
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Renaissance Learning
[2010/03/12 10:41:18 | 000,000,000 | -H-D | M] -- E:\ProgramData\Research In Motion
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2012/02/17 01:33:18 | 000,000,000 | -H-D | M] -- E:\ProgramData\{0769790C-DF98-48E4-8259-ECB2F6CC0E75}
[2012/02/17 01:33:18 | 000,000,000 | ---D | M] -- E:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2012/02/17 01:23:48 | 000,000,000 | ---D | M] -- E:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/12 10:47:47 | 000,000,000 | -H-D | M] -- E:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/21 20:50:57 | 000,032,586 | ---- | M] () -- E:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> E:\ProgramData\Temp:8CE646EE
< End of report >
 
Do this on the computer you are posting from:
Copy the text in the codebox below:


Code: 
:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Sullivan_ON_E\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Sullivan_ON_E\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2012/02/13 20:22:04 | 000,000,000 | -H-D | C] -- E:\Users\Sullivan\AppData\Roaming\DF366
[2012/02/13 20:21:27 | 000,000,000 | -H-D | C] -- E:\Users\Sullivan\AppData\Roaming\E89DF
[2012/02/13 20:15:13 | 000,000,000 | -H-D | C] -- E:\Program Files\DF366
@Alternate Data Stream - 123 bytes -> E:\ProgramData\Temp:8CE646EE

:Services

:Reg

:Files

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Remove the CD and shut down computer manually.
  • Attempt to reboot normally into Windows.
 
Log file from fix

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\Sullivan_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\Sullivan_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
E:\Users\Sullivan\AppData\Roaming\DF366 folder moved successfully.
E:\Users\Sullivan\AppData\Roaming\E89DF folder moved successfully.
E:\Program Files\DF366 folder moved successfully.
ADS E:\ProgramData\Temp:8CE646EE deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 02212012_204305
 
OK ...

I booted it up and its still the same. When I enabled my internet connection it started up with the data transfer again, yet IE doesn't really work. I've had my internet connection disabled since yesterday to stop the data transfer. Malwarebytes installation is still Access Denied.
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Nirkmd

Combofix is running...but keeps popping up"

Windows cannot find 'NIRKMD'. Make sure you typrd the name correctly, and then try again.

I just click ok and then it goes to the next stage ...
 
Combofix Log

Please advise ...Combo Fix Log:

ComboFix 12-02-21.01 - Sullivan 02/21/2012 21:25:05.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3033.2032 [GMT -5:00]
Running from: c:\users\Sullivan\Desktop\ComboFix.exe
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.8.1\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.8.1\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.8.1\uninstall.exe
c:\program files\LP
c:\program files\LP\E86E\42DA.tmp
c:\program files\LP\E86E\9913.tmp
c:\program files\LP\E86E\A40B.tmp
c:\program files\LP\E86E\AC09.tmp
c:\program files\LP\E86E\B222.tmp
c:\users\Sullivan\AppData\Local\Temp\7zS36B2\HPSLPSVC32.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 02:39 . 2012-02-22 02:41 -------- d-----w- c:\users\Sullivan\AppData\Local\temp
2012-02-22 02:39 . 2012-02-22 02:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-22 01:43 . 2012-02-22 01:43 -------- d-----w- C:\_OTL
2012-02-12 21:29 . 2012-02-15 03:42 -------- d--h--w- c:\users\Sullivan\AppData\Local\fxMobileman
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2010-05-03 04:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:23 . 2011-12-14 22:26 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-06-06 02:10 . 2011-06-06 02:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2011-10-02 22:10 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-15 4081480]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"HandyShareStartup"="c:\program files\ZOOM\HandyShare\HandyShare_startup.exe" [2010-10-06 1729024]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-24 1195408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.4.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe [2010-3-13 253952]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-20 03:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 136176]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-07 1343400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S1 funfrm;funfrm; [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-07-20 171872]
S2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [2010-07-23 163680]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 95200]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 13:15]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 13:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14597
mStart Page = hxxp://lenovo.live.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Sullivan\AppData\Roaming\Mozilla\Firefox\Profiles\7frfk11a.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_US&apn_uid=29749e57-4bb1-474b-875b-aefa7f8deeed&apn_ptnrs=FV&apn_sauid=DB55345B-172C-40B2-9A5C-F772B6E46E51&apn_dtid=YYYYYYYYUS&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-PLFSetL - c:\windows\PLFSetL.exe
HKLM-Run-VeriFaceManager - c:\program files\Lenovo\VeriFace\PManage.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.8.1\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conhost.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-02-21 21:50:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-22 02:50
.
Pre-Run: 95,004,246,016 bytes free
Post-Run: 95,404,027,904 bytes free
.
- - End Of File - - 6396EBDACC17976DF6CEA6DBEC6F46D5
 
After I installed Avast ...

...my computer will not boot up in normal mode. It keeps giving me a blue screen memory dump. So I started it in safe mode and ran Avast and clean a couple of things and then tried to boot it up normally this morning and still the memory dump.

I thank you so much for hanging with me on this. Any suggestions?
 
While in safe mode....

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Log ...

OK ... it rebooted and hasnt dumped my memory .... here's the log from tdskiller ...

13:02:02.0625 0864 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
13:02:02.0656 0864 ============================================================
13:02:02.0656 0864 Current date / time: 2012/02/22 13:02:02.0656
13:02:02.0656 0864 SystemInfo:
13:02:02.0656 0864
13:02:02.0656 0864 OS Version: 6.1.7600 ServicePack: 0.0
13:02:02.0656 0864 Product type: Workstation
13:02:02.0656 0864 ComputerName: SULLIVAN-PC
13:02:02.0656 0864 UserName: Sullivan
13:02:02.0656 0864 Windows directory: C:\windows
13:02:02.0656 0864 System windows directory: C:\windows
13:02:02.0656 0864 Processor architecture: Intel x86
13:02:02.0656 0864 Number of processors: 2
13:02:02.0656 0864 Page size: 0x1000
13:02:02.0656 0864 Boot type: Safe boot
13:02:02.0656 0864 ============================================================
13:02:03.0249 0864 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:02:03.0264 0864 \Device\Harddisk0\DR0:
13:02:03.0264 0864 MBR used
13:02:03.0264 0864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
13:02:03.0264 0864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1775FAC0
13:02:03.0280 0864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x177C52C0, BlocksNum 0x3C7E000
13:02:03.0342 0864 Initialize success
13:02:03.0342 0864 ============================================================
13:02:05.0589 1424 ============================================================
13:02:05.0589 1424 Scan started
13:02:05.0589 1424 Mode: Manual;
13:02:05.0589 1424 ============================================================
13:02:06.0338 1424 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
13:02:06.0338 1424 1394ohci - ok
13:02:06.0462 1424 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
13:02:06.0478 1424 ACPI - ok
13:02:06.0572 1424 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
13:02:06.0572 1424 AcpiPmi - ok
13:02:06.0665 1424 ACPIVPC (87114efedeb94af49323ca61f344716d) C:\windows\system32\DRIVERS\AcpiVpc.sys
13:02:06.0665 1424 ACPIVPC - ok
13:02:06.0790 1424 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
13:02:06.0806 1424 adp94xx - ok
13:02:06.0915 1424 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
13:02:06.0930 1424 adpahci - ok
13:02:07.0024 1424 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
13:02:07.0024 1424 adpu320 - ok
13:02:07.0118 1424 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\windows\system32\drivers\Afc.sys
13:02:07.0118 1424 Afc - ok
13:02:07.0227 1424 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
13:02:07.0227 1424 AFD - ok
13:02:07.0289 1424 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
13:02:07.0289 1424 agp440 - ok
13:02:07.0430 1424 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
13:02:07.0430 1424 aic78xx - ok
13:02:07.0539 1424 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
13:02:07.0539 1424 aliide - ok
13:02:07.0586 1424 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
13:02:07.0586 1424 amdagp - ok
13:02:07.0664 1424 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
13:02:07.0679 1424 amdide - ok
13:02:07.0757 1424 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
13:02:07.0757 1424 AmdK8 - ok
13:02:07.0820 1424 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
13:02:07.0820 1424 AmdPPM - ok
13:02:07.0882 1424 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
13:02:07.0898 1424 amdsata - ok
13:02:08.0007 1424 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
13:02:08.0007 1424 amdsbs - ok
13:02:08.0054 1424 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
13:02:08.0054 1424 amdxata - ok
13:02:08.0178 1424 ApfiltrService (0f83cb9bcb247869bcad28026b8f134b) C:\windows\system32\DRIVERS\Apfiltr.sys
13:02:08.0178 1424 ApfiltrService - ok
13:02:08.0288 1424 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
13:02:08.0288 1424 AppID - ok
13:02:08.0475 1424 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
13:02:08.0475 1424 arc - ok
13:02:08.0522 1424 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
13:02:08.0522 1424 arcsas - ok
13:02:08.0646 1424 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\windows\system32\drivers\aswFsBlk.sys
13:02:08.0646 1424 aswFsBlk - ok
13:02:08.0740 1424 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\windows\system32\drivers\aswMonFlt.sys
13:02:08.0740 1424 aswMonFlt - ok
13:02:08.0818 1424 aswRdr (352d5a48ebab35a7693b048679304831) C:\windows\system32\drivers\aswRdr.sys
13:02:08.0818 1424 aswRdr - ok
13:02:08.0927 1424 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\windows\system32\drivers\aswSnx.sys
13:02:08.0943 1424 aswSnx - ok
13:02:09.0068 1424 aswSP (010012597333da1f46c3243f33f8409e) C:\windows\system32\drivers\aswSP.sys
13:02:09.0068 1424 aswSP - ok
13:02:09.0177 1424 aswTdi (f9f84364416658e9786235904d448d37) C:\windows\system32\drivers\aswTdi.sys
13:02:09.0177 1424 aswTdi - ok
13:02:09.0270 1424 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
13:02:09.0270 1424 AsyncMac - ok
13:02:09.0395 1424 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
13:02:09.0395 1424 atapi - ok
13:02:09.0536 1424 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
13:02:09.0551 1424 b06bdrv - ok
13:02:09.0660 1424 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\windows\system32\DRIVERS\b57nd60x.sys
13:02:09.0660 1424 b57nd60x - ok
13:02:09.0863 1424 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\windows\system32\DRIVERS\bcmwl6.sys
13:02:09.0926 1424 BCM43XX - ok
13:02:10.0066 1424 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
13:02:10.0066 1424 Beep - ok
13:02:10.0160 1424 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
13:02:10.0160 1424 blbdrive - ok
13:02:10.0300 1424 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
13:02:10.0300 1424 bowser - ok
13:02:10.0362 1424 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
13:02:10.0362 1424 BrFiltLo - ok
13:02:10.0425 1424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
13:02:10.0425 1424 BrFiltUp - ok
13:02:10.0503 1424 Bridge0 (b35bb97b6dd9913093579f5c83962636) C:\windows\system32\drivers\WDBridge.sys
13:02:10.0503 1424 Bridge0 - ok
13:02:10.0628 1424 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
13:02:10.0628 1424 BridgeMP - ok
13:02:10.0752 1424 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
13:02:10.0752 1424 Brserid - ok
13:02:10.0799 1424 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
13:02:10.0799 1424 BrSerWdm - ok
13:02:10.0877 1424 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
13:02:10.0877 1424 BrUsbMdm - ok
13:02:10.0908 1424 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
13:02:10.0908 1424 BrUsbSer - ok
13:02:11.0002 1424 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
13:02:11.0002 1424 BthEnum - ok
13:02:11.0064 1424 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
13:02:11.0064 1424 BTHMODEM - ok
13:02:11.0127 1424 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
13:02:11.0127 1424 BthPan - ok
13:02:11.0220 1424 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys
13:02:11.0220 1424 BTHPORT - ok
13:02:11.0298 1424 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys
13:02:11.0298 1424 BTHUSB - ok
13:02:11.0470 1424 catchme - ok
13:02:11.0579 1424 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
13:02:11.0579 1424 cdfs - ok
13:02:11.0688 1424 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
13:02:11.0688 1424 cdrom - ok
13:02:11.0829 1424 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\windows\system32\drivers\cfwids.sys
13:02:11.0829 1424 cfwids - ok
13:02:11.0876 1424 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
13:02:11.0876 1424 circlass - ok
13:02:11.0954 1424 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
13:02:11.0954 1424 CLFS - ok
13:02:12.0078 1424 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
13:02:12.0078 1424 CmBatt - ok
13:02:12.0125 1424 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
13:02:12.0125 1424 cmdide - ok
13:02:12.0219 1424 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
13:02:12.0219 1424 CNG - ok
13:02:12.0328 1424 CnxtHdAudService (7c47786b58ae503777dbd12fae20ed42) C:\windows\system32\drivers\CHDRT32.sys
13:02:12.0344 1424 CnxtHdAudService - ok
13:02:12.0453 1424 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
13:02:12.0453 1424 Compbatt - ok
13:02:12.0515 1424 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
13:02:12.0515 1424 CompositeBus - ok
13:02:12.0609 1424 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
13:02:12.0609 1424 crcdisk - ok
13:02:12.0765 1424 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
13:02:12.0765 1424 DfsC - ok
13:02:12.0796 1424 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
13:02:12.0812 1424 discache - ok
13:02:12.0905 1424 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
13:02:12.0905 1424 Disk - ok
13:02:12.0983 1424 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
13:02:12.0983 1424 drmkaud - ok
13:02:13.0092 1424 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
13:02:13.0124 1424 DXGKrnl - ok
13:02:13.0280 1424 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
13:02:13.0342 1424 ebdrv - ok
13:02:13.0482 1424 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
13:02:13.0498 1424 elxstor - ok
13:02:13.0560 1424 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
13:02:13.0560 1424 ErrDev - ok
13:02:13.0638 1424 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
13:02:13.0638 1424 exfat - ok
13:02:13.0685 1424 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
13:02:13.0685 1424 fastfat - ok
13:02:13.0763 1424 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
13:02:13.0763 1424 fdc - ok
13:02:13.0826 1424 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
13:02:13.0826 1424 FileInfo - ok
13:02:13.0872 1424 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
13:02:13.0872 1424 Filetrace - ok
13:02:13.0935 1424 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
13:02:13.0935 1424 flpydisk - ok
13:02:14.0013 1424 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
13:02:14.0028 1424 FltMgr - ok
13:02:14.0106 1424 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
13:02:14.0106 1424 FsDepends - ok
13:02:14.0184 1424 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
13:02:14.0184 1424 Fs_Rec - ok
13:02:14.0309 1424 funfrm (f626f291e3f56e8969e35945552feca3) C:\windows\system32\drivers\funfrm.sys
13:02:14.0325 1424 funfrm - ok
13:02:14.0387 1424 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
13:02:14.0387 1424 fvevol - ok
13:02:14.0496 1424 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
13:02:14.0496 1424 gagp30kx - ok
13:02:14.0574 1424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
13:02:14.0574 1424 GEARAspiWDM - ok
13:02:14.0684 1424 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\windows\system32\drivers\grmnusb.sys
13:02:14.0684 1424 grmnusb - ok
13:02:14.0808 1424 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
13:02:14.0824 1424 hcw85cir - ok
13:02:14.0871 1424 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
13:02:14.0886 1424 HdAudAddService - ok
13:02:14.0964 1424 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
13:02:14.0964 1424 HDAudBus - ok
13:02:15.0011 1424 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
13:02:15.0011 1424 HidBatt - ok
13:02:15.0058 1424 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
13:02:15.0074 1424 HidBth - ok
13:02:15.0120 1424 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
13:02:15.0120 1424 HidIr - ok
13:02:15.0214 1424 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
13:02:15.0214 1424 HidUsb - ok
13:02:15.0292 1424 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
13:02:15.0308 1424 HpSAMD - ok
13:02:15.0417 1424 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
13:02:15.0432 1424 HTTP - ok
13:02:15.0495 1424 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
13:02:15.0495 1424 hwpolicy - ok
13:02:15.0573 1424 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
13:02:15.0588 1424 i8042prt - ok
13:02:15.0682 1424 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
13:02:15.0698 1424 iaStor - ok
13:02:15.0791 1424 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
13:02:15.0791 1424 iaStorV - ok
13:02:16.0088 1424 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\windows\system32\DRIVERS\igdkmd32.sys
13:02:16.0244 1424 igfx - ok
13:02:16.0368 1424 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
13:02:16.0368 1424 iirsp - ok
13:02:16.0400 1424 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
13:02:16.0400 1424 intelide - ok
13:02:16.0509 1424 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
13:02:16.0509 1424 intelppm - ok
13:02:16.0618 1424 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:02:16.0618 1424 IpFilterDriver - ok
13:02:16.0696 1424 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
13:02:16.0696 1424 IPMIDRV - ok
13:02:16.0758 1424 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
13:02:16.0758 1424 IPNAT - ok
13:02:16.0883 1424 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
13:02:16.0883 1424 IRENUM - ok
13:02:16.0914 1424 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
13:02:16.0914 1424 isapnp - ok
13:02:16.0977 1424 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
13:02:16.0992 1424 iScsiPrt - ok
13:02:17.0055 1424 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\windows\system32\DRIVERS\k57nd60x.sys
13:02:17.0055 1424 k57nd60x - ok
13:02:17.0148 1424 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
13:02:17.0148 1424 kbdclass - ok
13:02:17.0211 1424 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
13:02:17.0211 1424 kbdhid - ok
13:02:17.0320 1424 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys
13:02:17.0320 1424 KSecDD - ok
13:02:17.0398 1424 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
13:02:17.0414 1424 KSecPkg - ok
13:02:17.0554 1424 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
13:02:17.0554 1424 lltdio - ok
13:02:17.0663 1424 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
13:02:17.0663 1424 LSI_FC - ok
13:02:17.0757 1424 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
13:02:17.0757 1424 LSI_SAS - ok
13:02:17.0804 1424 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
13:02:17.0804 1424 LSI_SAS2 - ok
13:02:17.0882 1424 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
13:02:17.0882 1424 LSI_SCSI - ok
13:02:18.0006 1424 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
13:02:18.0006 1424 luafv - ok
13:02:18.0162 1424 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
13:02:18.0162 1424 megasas - ok
13:02:18.0256 1424 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
13:02:18.0256 1424 MegaSR - ok
13:02:18.0381 1424 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\windows\system32\drivers\mfeapfk.sys
13:02:18.0381 1424 mfeapfk - ok
13:02:18.0459 1424 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\windows\system32\drivers\mfeavfk.sys
13:02:18.0474 1424 mfeavfk - ok
13:02:18.0568 1424 mfebopk (a528b15e330edb83ea649be318d841d5) C:\windows\system32\drivers\mfebopk.sys
13:02:18.0568 1424 mfebopk - ok
13:02:18.0646 1424 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\windows\system32\drivers\mfefirek.sys
13:02:18.0662 1424 mfefirek - ok
13:02:18.0740 1424 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\windows\system32\drivers\mfehidk.sys
13:02:18.0740 1424 mfehidk - ok
13:02:18.0833 1424 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\windows\system32\DRIVERS\mfenlfk.sys
13:02:18.0833 1424 mfenlfk - ok
13:02:18.0911 1424 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\windows\system32\drivers\mferkdet.sys
13:02:18.0911 1424 mferkdet - ok
13:02:19.0005 1424 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\windows\system32\drivers\mfewfpk.sys
13:02:19.0020 1424 mfewfpk - ok
13:02:19.0083 1424 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
13:02:19.0083 1424 Modem - ok
13:02:19.0145 1424 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
13:02:19.0161 1424 monitor - ok
13:02:19.0254 1424 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
13:02:19.0254 1424 mouclass - ok
13:02:19.0395 1424 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
13:02:19.0395 1424 mouhid - ok
13:02:19.0457 1424 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
13:02:19.0457 1424 mountmgr - ok
13:02:19.0504 1424 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
13:02:19.0504 1424 mpio - ok
13:02:19.0582 1424 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
13:02:19.0582 1424 mpsdrv - ok
13:02:19.0660 1424 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
13:02:19.0660 1424 MRxDAV - ok
13:02:19.0785 1424 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
13:02:19.0785 1424 mrxsmb - ok
13:02:19.0847 1424 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:02:19.0863 1424 mrxsmb10 - ok
13:02:19.0956 1424 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:02:19.0956 1424 mrxsmb20 - ok
13:02:20.0003 1424 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
13:02:20.0003 1424 msahci - ok
13:02:20.0066 1424 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
13:02:20.0066 1424 msdsm - ok
13:02:20.0175 1424 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
13:02:20.0175 1424 Msfs - ok
13:02:20.0222 1424 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
13:02:20.0222 1424 mshidkmdf - ok
13:02:20.0284 1424 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
13:02:20.0284 1424 msisadrv - ok
13:02:20.0378 1424 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
13:02:20.0378 1424 MSKSSRV - ok
13:02:20.0440 1424 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
13:02:20.0440 1424 MSPCLOCK - ok
13:02:20.0471 1424 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
13:02:20.0471 1424 MSPQM - ok
13:02:20.0518 1424 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
13:02:20.0518 1424 MsRPC - ok
13:02:20.0580 1424 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
13:02:20.0580 1424 mssmbios - ok
13:02:20.0690 1424 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
13:02:20.0690 1424 MSTEE - ok
13:02:20.0721 1424 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
13:02:20.0721 1424 MTConfig - ok
13:02:20.0799 1424 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
13:02:20.0799 1424 Mup - ok
13:02:20.0877 1424 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
13:02:20.0877 1424 NativeWifiP - ok
13:02:20.0970 1424 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
13:02:20.0986 1424 NDIS - ok
13:02:21.0064 1424 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
13:02:21.0064 1424 NdisCap - ok
13:02:21.0173 1424 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
13:02:21.0173 1424 NdisTapi - ok
13:02:21.0251 1424 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
13:02:21.0251 1424 Ndisuio - ok
13:02:21.0298 1424 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
13:02:21.0298 1424 NdisWan - ok
13:02:21.0345 1424 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
13:02:21.0345 1424 NDProxy - ok
13:02:21.0423 1424 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
13:02:21.0423 1424 NetBIOS - ok
13:02:21.0470 1424 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
13:02:21.0470 1424 NetBT - ok
13:02:21.0641 1424 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\windows\system32\DRIVERS\netw5v32.sys
13:02:21.0735 1424 netw5v32 - ok
13:02:21.0828 1424 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
13:02:21.0828 1424 nfrd960 - ok
13:02:21.0922 1424 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
13:02:21.0922 1424 Npfs - ok
13:02:21.0953 1424 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
13:02:21.0953 1424 nsiproxy - ok
13:02:22.0078 1424 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
13:02:22.0094 1424 Ntfs - ok
13:02:22.0172 1424 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
13:02:22.0172 1424 Null - ok
13:02:22.0218 1424 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
13:02:22.0218 1424 nvraid - ok
13:02:22.0312 1424 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
13:02:22.0312 1424 nvstor - ok
13:02:22.0374 1424 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
13:02:22.0374 1424 nv_agp - ok
13:02:22.0437 1424 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
13:02:22.0437 1424 ohci1394 - ok
13:02:22.0562 1424 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
13:02:22.0562 1424 Parport - ok
13:02:22.0640 1424 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
13:02:22.0655 1424 partmgr - ok
13:02:22.0718 1424 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
13:02:22.0718 1424 Parvdm - ok
13:02:22.0764 1424 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
13:02:22.0780 1424 pci - ok
13:02:22.0858 1424 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
13:02:22.0858 1424 pciide - ok
13:02:22.0920 1424 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
13:02:22.0920 1424 pcmcia - ok
13:02:22.0998 1424 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
13:02:22.0998 1424 pcw - ok
13:02:23.0030 1424 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
13:02:23.0061 1424 PEAUTH - ok
13:02:23.0201 1424 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
13:02:23.0201 1424 PptpMiniport - ok
13:02:23.0264 1424 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
13:02:23.0264 1424 Processor - ok
13:02:23.0373 1424 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
13:02:23.0373 1424 Psched - ok
13:02:23.0498 1424 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\windows\system32\Drivers\PxHelp20.sys
13:02:23.0498 1424 PxHelp20 - ok
13:02:23.0622 1424 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
13:02:23.0654 1424 ql2300 - ok
13:02:23.0732 1424 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
13:02:23.0732 1424 ql40xx - ok
13:02:23.0810 1424 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
13:02:23.0810 1424 QWAVEdrv - ok
13:02:23.0856 1424 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
13:02:23.0856 1424 RasAcd - ok
13:02:23.0950 1424 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
13:02:23.0966 1424 RasAgileVpn - ok
13:02:24.0059 1424 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
13:02:24.0059 1424 Rasl2tp - ok
13:02:24.0200 1424 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
13:02:24.0200 1424 RasPppoe - ok
13:02:24.0293 1424 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
13:02:24.0293 1424 RasSstp - ok
13:02:24.0340 1424 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
13:02:24.0340 1424 rdbss - ok
13:02:24.0402 1424 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
13:02:24.0402 1424 rdpbus - ok
13:02:24.0465 1424 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
13:02:24.0465 1424 RDPCDD - ok
13:02:24.0574 1424 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
13:02:24.0574 1424 RDPENCDD - ok
13:02:24.0590 1424 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
13:02:24.0590 1424 RDPREFMP - ok
13:02:24.0699 1424 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
13:02:24.0699 1424 RDPWD - ok
13:02:24.0808 1424 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
13:02:24.0808 1424 rdyboost - ok
13:02:24.0917 1424 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
13:02:24.0917 1424 RFCOMM - ok
13:02:25.0026 1424 RimUsb (f17713d108aca124a139fde877eef68a) C:\windows\system32\Drivers\RimUsb.sys
13:02:25.0026 1424 RimUsb - ok
13:02:25.0120 1424 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
13:02:25.0120 1424 RimVSerPort - ok
13:02:25.0214 1424 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
13:02:25.0214 1424 ROOTMODEM - ok
13:02:25.0338 1424 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
13:02:25.0338 1424 rspndr - ok
13:02:25.0448 1424 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\System32\Drivers\RtsUStor.sys
13:02:25.0463 1424 RSUSBSTOR - ok
13:02:25.0541 1424 RtsUIR - ok
13:02:25.0619 1424 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
13:02:25.0619 1424 sbp2port - ok
13:02:25.0697 1424 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
13:02:25.0697 1424 scfilter - ok
13:02:25.0822 1424 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
13:02:25.0822 1424 secdrv - ok
13:02:25.0931 1424 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
13:02:25.0931 1424 Serenum - ok
13:02:25.0994 1424 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
13:02:25.0994 1424 Serial - ok
13:02:26.0056 1424 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
13:02:26.0056 1424 sermouse - ok
13:02:26.0150 1424 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
13:02:26.0150 1424 sffdisk - ok
13:02:26.0228 1424 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
13:02:26.0228 1424 sffp_mmc - ok
13:02:26.0274 1424 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
13:02:26.0274 1424 sffp_sd - ok
13:02:26.0352 1424 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
13:02:26.0352 1424 sfloppy - ok
13:02:26.0462 1424 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
13:02:26.0462 1424 sisagp - ok
13:02:26.0555 1424 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
13:02:26.0555 1424 SiSRaid2 - ok
13:02:26.0618 1424 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
13:02:26.0618 1424 SiSRaid4 - ok
13:02:26.0742 1424 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
13:02:26.0742 1424 Smb - ok
13:02:26.0898 1424 SNP2UVC (473f35e2a378b854731e67c377a3bea7) C:\windows\system32\DRIVERS\snp2uvc.sys
13:02:26.0930 1424 SNP2UVC - ok
13:02:27.0008 1424 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
13:02:27.0008 1424 spldr - ok
13:02:27.0164 1424 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
13:02:27.0164 1424 srv - ok
13:02:27.0257 1424 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
13:02:27.0273 1424 srv2 - ok
13:02:27.0320 1424 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
13:02:27.0320 1424 srvnet - ok
13:02:27.0476 1424 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
13:02:27.0476 1424 stexstor - ok
13:02:27.0585 1424 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
13:02:27.0585 1424 swenum - ok
13:02:27.0772 1424 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
13:02:27.0803 1424 Tcpip - ok
13:02:27.0928 1424 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
13:02:27.0944 1424 TCPIP6 - ok
13:02:28.0037 1424 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
13:02:28.0037 1424 tcpipreg - ok
13:02:28.0068 1424 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
13:02:28.0068 1424 TDPIPE - ok
13:02:28.0131 1424 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
13:02:28.0131 1424 TDTCP - ok
13:02:28.0178 1424 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
13:02:28.0178 1424 tdx - ok
13:02:28.0240 1424 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
13:02:28.0240 1424 TermDD - ok
13:02:28.0365 1424 TICalc (0dabaa63799b0bf20f95c73ce5d9ca87) C:\windows\system32\drivers\TICalc.sys
13:02:28.0365 1424 TICalc - ok
13:02:28.0490 1424 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
13:02:28.0490 1424 tssecsrv - ok
13:02:28.0583 1424 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
13:02:28.0583 1424 tunnel - ok
13:02:28.0646 1424 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
13:02:28.0646 1424 uagp35 - ok
13:02:28.0708 1424 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
13:02:28.0708 1424 udfs - ok
13:02:28.0770 1424 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
13:02:28.0770 1424 uliagpkx - ok
13:02:28.0848 1424 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
13:02:28.0848 1424 umbus - ok
13:02:28.0880 1424 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
13:02:28.0880 1424 UmPass - ok
13:02:28.0989 1424 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
13:02:28.0989 1424 usbccgp - ok
13:02:29.0036 1424 USBCCID - ok
13:02:29.0098 1424 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
13:02:29.0098 1424 usbcir - ok
13:02:29.0176 1424 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys
13:02:29.0176 1424 usbehci - ok
13:02:29.0270 1424 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
13:02:29.0285 1424 usbhub - ok
13:02:29.0348 1424 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
13:02:29.0348 1424 usbohci - ok
13:02:29.0457 1424 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
13:02:29.0457 1424 usbprint - ok
13:02:29.0535 1424 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:02:29.0535 1424 USBSTOR - ok
13:02:29.0566 1424 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\DRIVERS\usbuhci.sys
13:02:29.0566 1424 usbuhci - ok
13:02:29.0691 1424 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
13:02:29.0691 1424 usbvideo - ok
13:02:29.0738 1424 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
13:02:29.0738 1424 vdrvroot - ok
13:02:29.0847 1424 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
13:02:29.0847 1424 vga - ok
13:02:29.0894 1424 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
13:02:29.0894 1424 VgaSave - ok
13:02:29.0972 1424 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
13:02:29.0972 1424 vhdmp - ok
13:02:30.0034 1424 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
13:02:30.0034 1424 viaagp - ok
13:02:30.0096 1424 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
13:02:30.0096 1424 ViaC7 - ok
13:02:30.0143 1424 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
13:02:30.0143 1424 viaide - ok
13:02:30.0190 1424 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
13:02:30.0190 1424 volmgr - ok
13:02:30.0252 1424 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
13:02:30.0252 1424 volmgrx - ok
13:02:30.0315 1424 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
13:02:30.0330 1424 volsnap - ok
13:02:30.0440 1424 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
13:02:30.0440 1424 vsmraid - ok
13:02:30.0518 1424 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
13:02:30.0518 1424 vwifibus - ok
13:02:30.0611 1424 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
13:02:30.0611 1424 vwififlt - ok
13:02:30.0658 1424 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
13:02:30.0658 1424 WacomPen - ok
13:02:30.0752 1424 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
13:02:30.0752 1424 WANARP - ok
13:02:30.0767 1424 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
13:02:30.0767 1424 Wanarpv6 - ok
13:02:30.0892 1424 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
13:02:30.0892 1424 Wd - ok
13:02:30.0986 1424 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
13:02:30.0986 1424 Wdf01000 - ok
13:02:31.0110 1424 wdmirror (ea4e9dd00e69b35f9bd3d39acb113e3f) C:\windows\system32\DRIVERS\WDMirror.sys
13:02:31.0110 1424 wdmirror - ok
13:02:31.0220 1424 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
13:02:31.0220 1424 WfpLwf - ok
13:02:31.0282 1424 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\windows\system32\DRIVERS\wimfltr.sys
13:02:31.0282 1424 WimFltr - ok
13:02:31.0344 1424 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
13:02:31.0344 1424 WIMMount - ok
13:02:31.0485 1424 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
13:02:31.0485 1424 WinUsb - ok
13:02:31.0563 1424 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
13:02:31.0563 1424 WmiAcpi - ok
13:02:31.0703 1424 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
13:02:31.0703 1424 ws2ifsl - ok
13:02:31.0766 1424 wsvd (baedc491374defd5e76336901d6d397d) C:\windows\system32\DRIVERS\wsvd.sys
13:02:31.0766 1424 wsvd - ok
13:02:31.0844 1424 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
13:02:31.0844 1424 WudfPf - ok
13:02:31.0937 1424 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
13:02:31.0937 1424 WUDFRd - ok
13:02:31.0984 1424 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
13:02:31.0984 1424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:02:31.0984 1424 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:02:32.0000 1424 Boot (0x1200) (e6e6769161a62cd25275a00ecf6f34a2) \Device\Harddisk0\DR0\Partition0
13:02:32.0000 1424 \Device\Harddisk0\DR0\Partition0 - ok
13:02:32.0015 1424 Boot (0x1200) (3d705971e7c0b87a6eb5e46de300c4da) \Device\Harddisk0\DR0\Partition1
13:02:32.0015 1424 \Device\Harddisk0\DR0\Partition1 - ok
13:02:32.0031 1424 Boot (0x1200) (8eb76115317b6f406c5dc758358da6b6) \Device\Harddisk0\DR0\Partition2
13:02:32.0031 1424 \Device\Harddisk0\DR0\Partition2 - ok
13:02:32.0031 1424 ============================================================
13:02:32.0031 1424 Scan finished
13:02:32.0031 1424 ============================================================
13:02:32.0046 2036 Detected object count: 1
13:02:32.0046 2036 Actual detected object count: 1
13:03:04.0416 2036 \Device\Harddisk0\DR0\# - copied to quarantine
13:03:04.0416 2036 \Device\Harddisk0\DR0 - copied to quarantine
13:03:04.0448 2036 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
13:03:04.0463 2036 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
13:03:04.0463 2036 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
13:03:04.0463 2036 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
13:03:04.0463 2036 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
13:03:04.0479 2036 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
13:03:04.0479 2036 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
13:03:04.0479 2036 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
13:03:04.0494 2036 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
13:03:04.0494 2036 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
13:03:04.0494 2036 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
13:03:04.0494 2036 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
13:03:04.0494 2036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
13:03:04.0494 2036 \Device\Harddisk0\DR0 - ok
13:03:04.0526 2036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
13:03:15.0882 1612 Deinitialize success
 
I assume it booted fine to normal mode?

Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=====================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Malwarebytes

My new malwarebytes download will not finish installing. It says "access denied" at the very end. I do have an older version (the mbam.exe file does not have the MWB icon associated with it, but i clicked and it ran. I updated the database, ran the quick scan, restarted (successfully in normal mode) and here is the log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.22.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Sullivan :: SULLIVAN-PC [administrator]

2/22/2012 1:39:43 PM
mbam-log-2012-02-22 (13-39-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194635
Time elapsed: 9 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\config\systemprofile\AppData\Roaming\E89DF\D66E8.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

(end)


Thanks,

SJ
 
aswMBR log - Thanks

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-22 14:20:03
-----------------------------
14:20:03.463 OS Version: Windows 6.1.7600
14:20:03.463 Number of processors: 2 586 0x170A
14:20:03.467 ComputerName: SULLIVAN-PC UserName: Sullivan
14:20:12.804 Initialize success
14:20:14.007 AVAST engine defs: 12022200
14:20:30.313 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:20:30.316 Disk 0 Vendor: FUJITSU_ 0084 Size: 238475MB BusType: 3
14:20:30.350 Disk 0 MBR read successfully
14:20:30.353 Disk 0 MBR scan
14:20:30.357 Disk 0 Windows 7 default MBR code
14:20:30.370 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
14:20:30.386 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 192191 MB offset 411648
14:20:30.390 Disk 0 Partition - 00 0F Extended LBA 30973 MB offset 394021568
14:20:30.421 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 457454272
14:20:30.452 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 30972 MB offset 394023616
14:20:30.463 Disk 0 scanning sectors +488397168
14:20:30.757 Disk 0 scanning C:\windows\system32\drivers
14:20:47.312 Service scanning
14:21:24.507 Modules scanning
14:21:39.162 Disk 0 trace - called modules:
14:21:39.184 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll dxgkrnl.sys igdkmd32.sys dxgmms1.sys
14:21:39.191 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87057760]
14:21:39.198 3 CLASSPNP.SYS[8ba0459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86262028]
14:21:40.087 AVAST engine scan C:\windows
14:21:48.700 AVAST engine scan C:\windows\system32
14:26:33.811 AVAST engine scan C:\windows\system32\drivers
14:26:47.080 AVAST engine scan C:\Users\Sullivan
14:54:17.984 AVAST engine scan C:\ProgramData
14:58:56.153 Scan finished successfully
15:21:16.360 Disk 0 MBR has been saved successfully to "C:\Users\Sullivan\Desktop\MBR.dat"
15:21:16.375 The log file has been saved successfully to "C:\Users\Sullivan\Desktop\aswMBR.txt"
 
Looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I will be out of town ...

and away from my computer until Saturday. I will then pick it back up and continue these processes and post those logs.

I am, again, much appreciative for all the help and I will update you this weekend. You are a very knowledgeable, kind person.

SJ
 
You must log in or register to reply here.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
478
eriksnyman1
E
M
Virus warning popup
Replies
1
Views
541
Mark Fuller
M
B
Windows 11 not connecting remotely to server
Replies
0
Views
455
blakhatter
B

Latest posts

Back