Solved Hard drive clusters partly damaged virus - Help Please

B

byokley

Posts: 14   +0
First off, thank you. You have no idea how happy I was to find out that my hard drive is still there. I am not a computer guy so please be patient.

I followed the instructions on the Updated 5-step Viruses/Spyware/Malware Prelim removal instructions (https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/) Below are the logs.

Again, thanks guys, any help is very much appreciated!

Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.01.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Brian Yokley :: BRIANYOKLEY-PC [administrator]

Protection: Enabled

1/31/2012 11:59:26 PM
mbam-log-2012-01-31 (23-59-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 171988
Time elapsed: 15 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-3546445678-3021338262-797944043-1000\$RDH8XG2.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.

(end)
 
GMER Log

GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-01 00:31:02
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 TOSHIBA_MK2051GSY rev.LD001D
Running: g8mqqnd1.exe; Driver: C:\Users\BRIANY~1\AppData\Local\Temp\ugtdyaog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0x8CB8F68D]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0x8CB8F5E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8CB8F601]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8CB8F615]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8CB8F6C9]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0x8CB8F679]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0x8CB8F665]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x8CB8F63D]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8CB8F629]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8CB8F6F8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8CB8F6DF]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8CB8F6B5]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:4612] 9E75EF2E

---- EOF - GMER 1.0.15 ----
 
DDS Log

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Brian Yokley at 0:35:21 on 2012-02-01
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2233 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\OEM04Mon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\odFpWeGCGDBNMy.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\ProgramData\V3v12Zn5SU75vD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Brian Yokley\Desktop\g8mqqnd1.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~1\wzwmcie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRun: [odFpWeGCGDBNMy.exe] c:\programdata\odFpWeGCGDBNMy.exe
mRun: [OEM04Mon.exe] c:\windows\OEM04Mon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\briany~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: duke.edu\portal
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://centra.fuqua.duke.edu/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://portal.duke.edu/CACHE/stc/2/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}\0516373757478613 : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}\4455B454 : DhcpNameServer = 152.3.189.18 152.3.215.25
TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}\465656A7E65747A7 : DhcpNameServer = 192.168.2.1 68.87.73.246 68.87.71.230
TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}\6457175716021323 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}\76275656E66796C6C656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}\C4567656E646 : DhcpNameServer = 192.168.111.1
TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}\D6164747377716275707 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FAD3CB6B-AF67-4071-A15A-E998242FAC75} : DhcpNameServer = 172.20.72.47
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-7-13 343920]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-31 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-31 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-31 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-31 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-31 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-31 652360]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-1-6 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-1-6 147472]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-1-6 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-7-13 70728]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-1 67904]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-5-5 583360]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-31 20464]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-13 91832]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-13 43288]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\drivers\OEM04Vfx.sys [2007-3-5 7424]
R3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\drivers\OEM04Vid.sys [2007-10-10 234720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-10-2 105984]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-10-2 105984]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-13 66600]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-16 1343400]
.
=============== Created Last 30 ================
.
2012-02-01 04:58:22 -------- d--h--w- c:\users\brian yokley\appdata\roaming\Malwarebytes
2012-02-01 04:58:07 -------- d--h--w- c:\programdata\Malwarebytes
2012-02-01 04:58:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 04:58:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-01 04:53:37 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-01 04:53:35 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-01 04:52:34 41184 ----a-w- c:\windows\avastSS.scr
2012-02-01 04:52:22 -------- d--h--w- c:\programdata\AVAST Software
2012-02-01 04:52:22 -------- d-----w- c:\program files\AVAST Software
2012-01-31 22:04:01 340216 ---ha-w- c:\programdata\V3v12Zn5SU75vD.exe
2012-01-31 22:00:02 430328 ---ha-w- c:\programdata\odFpWeGCGDBNMy.exe
2012-01-31 13:33:38 -------- d--h--w- C:\42d5e9fedad7946d00744b
2012-01-31 13:31:40 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5eab48bf-54ae-4d67-b781-c5e40080e31f}\mpengine.dll
2012-01-31 13:25:52 -------- d--h--w- C:\6bea877153165f3ad17b86b1
2012-01-30 18:03:05 -------- d--h--w- C:\5a87b4e619f351e05fd5de
2012-01-27 16:37:00 -------- d--h--w- C:\3bddb1734610e4117feb8d5b
2012-01-26 18:30:16 -------- d--h--w- C:\23b9abdeb3bc23e759979e90
2012-01-26 04:30:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-01-26 04:30:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-01-26 04:30:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-01-26 04:30:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-01-26 04:30:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-01-26 04:30:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-01-26 04:30:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-01-25 16:32:59 -------- d--h--w- C:\99fc4c09caa172c224bd
2012-01-24 15:25:38 -------- d--h--w- C:\9f1d6f2f1d2153ace8cb33bfbca97c07
2012-01-23 18:32:46 -------- d--h--w- C:\a9461e9bf2498b5fd197
2012-01-19 20:54:47 -------- d--h--w- C:\f16f15f3dcf2c945c51b
2012-01-18 13:54:05 -------- d--h--w- C:\bdf131dbe0005a936de58e90f856
2012-01-18 00:29:43 -------- d-----w- c:\windows\system32\SPReview
2012-01-17 20:56:49 -------- d--h--w- C:\a1be0fc31e6d6654d64e
2012-01-16 11:05:01 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-16 11:05:00 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-16 11:04:59 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-16 11:04:57 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-16 11:04:57 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-16 11:04:55 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-16 11:04:55 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-16 11:04:54 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-16 11:04:53 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-16 11:04:52 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-12 01:22:06 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 01:22:03 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-12 01:22:01 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 01:22:01 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 01:13:39 -------- d--h--w- C:\1284a7f9e1730e7736b1e7
2012-01-07 15:53:47 -------- d--h--w- c:\program files\Micromax
2012-01-03 13:22:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-12-07 15:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-27 20:46:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 0:36:44.12 ===============
 
ATTACH log

ATTACH Log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 7/13/2010 5:51:15 PM
System Uptime: 2/1/2012 12:19:03 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0PU073
Processor: Intel(R) Core(TM)2 Duo CPU T9500 @ 2.60GHz | Microprocessor | 2574/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 169 GiB total, 99.523 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.519 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02091028&REV_12\4&2C68880C&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02091028&REV_12\4&2C68880C&0&0BF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02091028&REV_12\4&2C68880C&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02091028&REV_12\4&2C68880C&0&0AF0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP345: 1/25/2012 11:28:28 PM - Installed QuickTime
RP346: 1/26/2012 1:28:29 PM - Windows Update
RP347: 1/27/2012 11:35:06 AM - Windows Update
RP348: 1/27/2012 11:42:34 AM - Windows Update
RP349: 1/30/2012 1:01:17 PM - Windows Update
RP350: 1/31/2012 8:24:21 AM - Windows Update
RP351: 1/31/2012 8:31:05 AM - Windows Update
RP352: 1/31/2012 8:32:47 AM - Windows Update
RP353: 1/31/2012 11:51:58 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
avast! Free Antivirus
Centra Client
Cisco AnyConnect VPN Client
Cisco AnyConnect VPN Client Start Before Login Components
Dropbox
Glary Utilities Pro 2.30.0.1066
Java Auto Updater
Java(TM) 6 Update 26
Laptop Integrated Webcam Driver (1.03.01.1011)
Logitech Harmony Remote Software 7
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
OGA Notifier 2.0.0048.0
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Remote Control USB Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 5.5
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WinZip 15.5
WinZip Courier
.
==== Event Viewer Messages From Past Week ========
.
2/1/2012 12:21:15 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
1/31/2012 5:20:59 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
1/31/2012 2:31:28 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
1/31/2012 12:55:18 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
1/31/2012 12:54:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871).
1/30/2012 6:37:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
 
btw...

I guess I should also mention my symptoms:

1. Bunch of pop-ups with, "Failed to save all components to file..."
2. Message - "Hard Drive clusters are partly damamaged. Segment load failure..."
3. Pop ups that when clicked lead me to a page that wants me to enter cc info to buy some virus cleaner
4. Message - "RAM memory reliability is exetremely low. This problem may cause..."
5. All desktop icons missing
6. Background missing
7. Apparently no C: but C: is scanned during McAfee and Avast! scans...so it must be there somewhere

Hope this helps!
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

You're running two AV programs, MCAfee and Avast.
One of them has to go.
Your choice.

When done....

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Diabled Avast...TDSS following...thank you Broni!

12:56:58.0381 3248 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
12:56:58.0693 3248 ============================================================
12:56:58.0693 3248 Current date / time: 2012/02/01 12:56:58.0693
12:56:58.0693 3248 SystemInfo:
12:56:58.0693 3248
12:56:58.0693 3248 OS Version: 6.1.7600 ServicePack: 0.0
12:56:58.0693 3248 Product type: Workstation
12:56:58.0693 3248 ComputerName: BRIANYOKLEY-PC
12:56:58.0693 3248 UserName: Brian Yokley
12:56:58.0693 3248 Windows directory: C:\Windows
12:56:58.0693 3248 System windows directory: C:\Windows
12:56:58.0693 3248 Processor architecture: Intel x86
12:56:58.0693 3248 Number of processors: 2
12:56:58.0693 3248 Page size: 0x1000
12:56:58.0693 3248 Boot type: Normal boot
12:56:58.0693 3248 ============================================================
12:57:00.0862 3248 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:57:00.0893 3248 \Device\Harddisk0\DR0:
12:57:00.0908 3248 MBR used
12:57:00.0908 3248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000
12:57:00.0908 3248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x15182FF8
12:57:01.0002 3248 Initialize success
12:57:01.0002 3248 ============================================================
12:57:02.0500 1652 ============================================================
12:57:02.0500 1652 Scan started
12:57:02.0500 1652 Mode: Manual;
12:57:02.0500 1652 ============================================================
12:57:03.0545 1652 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
12:57:03.0545 1652 1394ohci - ok
12:57:03.0576 1652 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
12:57:03.0592 1652 ACPI - ok
12:57:03.0623 1652 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
12:57:03.0623 1652 AcpiPmi - ok
12:57:03.0638 1652 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:57:03.0654 1652 adp94xx - ok
12:57:03.0685 1652 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:57:03.0685 1652 adpahci - ok
12:57:03.0716 1652 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:57:03.0716 1652 adpu320 - ok
12:57:03.0841 1652 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
12:57:03.0904 1652 AFD - ok
12:57:03.0935 1652 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
12:57:03.0950 1652 agp440 - ok
12:57:03.0982 1652 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:57:03.0982 1652 aic78xx - ok
12:57:04.0028 1652 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
12:57:04.0028 1652 aliide - ok
12:57:04.0044 1652 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
12:57:04.0060 1652 amdagp - ok
12:57:04.0153 1652 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
12:57:04.0153 1652 amdide - ok
12:57:04.0184 1652 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:57:04.0184 1652 AmdK8 - ok
12:57:04.0216 1652 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:57:04.0231 1652 AmdPPM - ok
12:57:04.0247 1652 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
12:57:04.0262 1652 amdsata - ok
12:57:04.0278 1652 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:57:04.0294 1652 amdsbs - ok
12:57:04.0309 1652 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
12:57:04.0309 1652 amdxata - ok
12:57:04.0340 1652 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
12:57:04.0340 1652 AppID - ok
12:57:04.0450 1652 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:57:04.0465 1652 arc - ok
12:57:04.0496 1652 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:57:04.0496 1652 arcsas - ok
12:57:04.0528 1652 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
12:57:04.0621 1652 aswFsBlk - ok
12:57:04.0668 1652 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
12:57:04.0777 1652 aswMonFlt - ok
12:57:04.0871 1652 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
12:57:04.0949 1652 aswRdr - ok
12:57:05.0027 1652 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
12:57:05.0120 1652 aswSnx - ok
12:57:05.0183 1652 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
12:57:05.0276 1652 aswSP - ok
12:57:05.0354 1652 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
12:57:05.0432 1652 aswTdi - ok
12:57:05.0495 1652 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:57:05.0510 1652 AsyncMac - ok
12:57:05.0526 1652 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
12:57:05.0526 1652 atapi - ok
12:57:05.0588 1652 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:57:05.0588 1652 b06bdrv - ok
12:57:05.0620 1652 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:57:05.0635 1652 b57nd60x - ok
12:57:05.0698 1652 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:57:05.0698 1652 Beep - ok
12:57:05.0822 1652 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:57:05.0869 1652 blbdrive - ok
12:57:06.0166 1652 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
12:57:06.0306 1652 bowser - ok
12:57:06.0368 1652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:57:06.0368 1652 BrFiltLo - ok
12:57:06.0400 1652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:57:06.0400 1652 BrFiltUp - ok
12:57:06.0446 1652 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:57:06.0446 1652 Brserid - ok
12:57:06.0478 1652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:57:06.0493 1652 BrSerWdm - ok
12:57:06.0509 1652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:57:06.0509 1652 BrUsbMdm - ok
12:57:06.0556 1652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:57:06.0556 1652 BrUsbSer - ok
12:57:06.0634 1652 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
12:57:06.0634 1652 BthEnum - ok
12:57:06.0696 1652 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:57:06.0696 1652 BTHMODEM - ok
12:57:06.0743 1652 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
12:57:06.0758 1652 BthPan - ok
12:57:06.0790 1652 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
12:57:06.0868 1652 BTHPORT - ok
12:57:06.0930 1652 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
12:57:07.0055 1652 BTHUSB - ok
12:57:07.0117 1652 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:57:07.0117 1652 cdfs - ok
12:57:07.0226 1652 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
12:57:07.0242 1652 cdrom - ok
12:57:07.0273 1652 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:57:07.0273 1652 circlass - ok
12:57:07.0336 1652 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:57:07.0336 1652 CLFS - ok
12:57:07.0414 1652 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:57:07.0414 1652 CmBatt - ok
12:57:07.0429 1652 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
12:57:07.0445 1652 cmdide - ok
12:57:07.0523 1652 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
12:57:07.0710 1652 CNG - ok
12:57:07.0788 1652 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:57:07.0804 1652 Compbatt - ok
12:57:07.0850 1652 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:57:07.0850 1652 CompositeBus - ok
12:57:07.0913 1652 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:57:07.0928 1652 crcdisk - ok
12:57:08.0006 1652 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
12:57:08.0022 1652 CSC - ok
12:57:08.0084 1652 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
12:57:08.0209 1652 DfsC - ok
12:57:08.0256 1652 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:57:08.0272 1652 discache - ok
12:57:08.0365 1652 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:57:08.0365 1652 Disk - ok
12:57:08.0474 1652 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:57:08.0490 1652 drmkaud - ok
12:57:08.0537 1652 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
12:57:08.0708 1652 DXGKrnl - ok
12:57:08.0802 1652 easytether - ok
12:57:08.0927 1652 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:57:09.0020 1652 ebdrv - ok
12:57:09.0176 1652 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:57:09.0208 1652 elxstor - ok
12:57:09.0239 1652 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
12:57:09.0254 1652 ErrDev - ok
12:57:09.0286 1652 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:57:09.0301 1652 exfat - ok
12:57:09.0332 1652 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:57:09.0348 1652 fastfat - ok
12:57:09.0379 1652 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:57:09.0379 1652 fdc - ok
12:57:09.0426 1652 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:57:09.0442 1652 FileInfo - ok
12:57:09.0457 1652 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:57:09.0473 1652 Filetrace - ok
12:57:09.0566 1652 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:57:09.0582 1652 flpydisk - ok
12:57:09.0613 1652 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:57:09.0629 1652 FltMgr - ok
12:57:09.0660 1652 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:57:09.0676 1652 FsDepends - ok
12:57:09.0707 1652 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
12:57:09.0707 1652 Fs_Rec - ok
12:57:09.0754 1652 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
12:57:09.0988 1652 fvevol - ok
12:57:10.0034 1652 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:57:10.0050 1652 gagp30kx - ok
12:57:10.0066 1652 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:57:10.0081 1652 hcw85cir - ok
12:57:10.0144 1652 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
12:57:10.0159 1652 HdAudAddService - ok
12:57:10.0237 1652 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:57:10.0253 1652 HDAudBus - ok
12:57:10.0284 1652 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:57:10.0300 1652 HidBatt - ok
12:57:10.0331 1652 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:57:10.0331 1652 HidBth - ok
12:57:10.0362 1652 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:57:10.0378 1652 HidIr - ok
12:57:10.0409 1652 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
12:57:10.0424 1652 HidUsb - ok
12:57:10.0487 1652 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:57:10.0502 1652 HpSAMD - ok
12:57:10.0596 1652 HtcUsbMdmV32 (89e2296561fce84ac9f34ee7243d78ac) C:\Windows\system32\DRIVERS\HtcUsbMdmV32.sys
12:57:10.0830 1652 HtcUsbMdmV32 - ok
12:57:10.0892 1652 HtcVCom32 (89e2296561fce84ac9f34ee7243d78ac) C:\Windows\system32\DRIVERS\HtcVComV32.sys
12:57:11.0126 1652 HtcVCom32 - ok
12:57:11.0282 1652 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
12:57:11.0298 1652 HTTP - ok
12:57:11.0329 1652 hwdatacard - ok
12:57:11.0345 1652 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
12:57:11.0360 1652 hwpolicy - ok
12:57:11.0407 1652 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
12:57:11.0423 1652 i8042prt - ok
12:57:11.0470 1652 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
12:57:11.0485 1652 iaStorV - ok
12:57:11.0516 1652 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:57:11.0532 1652 iirsp - ok
12:57:11.0641 1652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
12:57:11.0657 1652 intelide - ok
12:57:11.0688 1652 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:57:11.0704 1652 intelppm - ok
12:57:11.0735 1652 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:57:11.0750 1652 IpFilterDriver - ok
12:57:11.0782 1652 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:57:11.0782 1652 IPMIDRV - ok
12:57:11.0813 1652 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:57:11.0828 1652 IPNAT - ok
12:57:11.0860 1652 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:57:11.0860 1652 IRENUM - ok
12:57:11.0891 1652 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
12:57:11.0906 1652 isapnp - ok
12:57:11.0922 1652 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
12:57:11.0953 1652 iScsiPrt - ok
12:57:12.0078 1652 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:57:12.0078 1652 kbdclass - ok
12:57:12.0109 1652 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
12:57:12.0125 1652 kbdhid - ok
12:57:12.0172 1652 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
12:57:12.0343 1652 KSecDD - ok
12:57:12.0406 1652 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
12:57:12.0593 1652 KSecPkg - ok
12:57:12.0764 1652 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:57:12.0764 1652 lltdio - ok
12:57:12.0811 1652 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:57:12.0827 1652 LSI_FC - ok
12:57:12.0842 1652 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:57:12.0858 1652 LSI_SAS - ok
12:57:12.0889 1652 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:57:12.0905 1652 LSI_SAS2 - ok
12:57:12.0936 1652 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:57:12.0936 1652 LSI_SCSI - ok
12:57:12.0983 1652 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:57:12.0998 1652 luafv - ok
12:57:13.0030 1652 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
12:57:13.0279 1652 MBAMProtector - ok
12:57:13.0435 1652 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:57:13.0451 1652 megasas - ok
12:57:13.0482 1652 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:57:13.0498 1652 MegaSR - ok
12:57:13.0545 1652 mfeapfk (5cbf9d2fab2abc461b2f67c802f52543) C:\Windows\system32\drivers\mfeapfk.sys
12:57:13.0669 1652 mfeapfk - ok
12:57:13.0716 1652 mfeavfk (10718b3eeb9e98c5b4aad7c0a23a9efa) C:\Windows\system32\drivers\mfeavfk.sys
12:57:13.0857 1652 mfeavfk - ok
12:57:13.0888 1652 mfebopk (e665cff48e376b48d2cc84be1559f131) C:\Windows\system32\drivers\mfebopk.sys
12:57:13.0997 1652 mfebopk - ok
12:57:14.0028 1652 mfehidk (e2f200d38b72e47b88489e2c97dfd6d8) C:\Windows\system32\drivers\mfehidk.sys
12:57:14.0122 1652 mfehidk - ok
12:57:14.0169 1652 mferkdet (ef04236d1a4f9f672b5258de83e2ee35) C:\Windows\system32\drivers\mferkdet.sys
12:57:14.0262 1652 mferkdet - ok
12:57:14.0340 1652 mfetdik (d5a4b1ae4958ccfc66c1d17c1f42ba08) C:\Windows\system32\drivers\mfetdik.sys
12:57:14.0434 1652 mfetdik - ok
12:57:14.0481 1652 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:57:14.0496 1652 Modem - ok
12:57:14.0527 1652 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:57:14.0527 1652 monitor - ok
12:57:14.0559 1652 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:57:14.0574 1652 mouclass - ok
12:57:14.0590 1652 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:57:14.0590 1652 mouhid - ok
12:57:14.0621 1652 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
12:57:14.0621 1652 mountmgr - ok
12:57:14.0637 1652 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
12:57:14.0652 1652 mpio - ok
12:57:14.0746 1652 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:57:14.0746 1652 mpsdrv - ok
12:57:14.0777 1652 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
12:57:14.0793 1652 MRxDAV - ok
12:57:14.0824 1652 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:57:15.0058 1652 mrxsmb - ok
12:57:15.0120 1652 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:57:15.0370 1652 mrxsmb10 - ok
12:57:15.0417 1652 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:57:15.0651 1652 mrxsmb20 - ok
12:57:15.0713 1652 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
12:57:15.0713 1652 msahci - ok
12:57:15.0744 1652 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
12:57:15.0760 1652 msdsm - ok
12:57:15.0853 1652 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:57:15.0869 1652 Msfs - ok
12:57:15.0900 1652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:57:15.0900 1652 mshidkmdf - ok
12:57:15.0916 1652 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
12:57:15.0931 1652 msisadrv - ok
12:57:15.0978 1652 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:57:15.0994 1652 MSKSSRV - ok
12:57:16.0009 1652 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:57:16.0025 1652 MSPCLOCK - ok
12:57:16.0041 1652 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:57:16.0056 1652 MSPQM - ok
12:57:16.0103 1652 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:57:16.0119 1652 MsRPC - ok
12:57:16.0134 1652 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
12:57:16.0150 1652 mssmbios - ok
12:57:16.0165 1652 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:57:16.0181 1652 MSTEE - ok
12:57:16.0197 1652 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:57:16.0197 1652 MTConfig - ok
12:57:16.0290 1652 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:57:16.0321 1652 Mup - ok
12:57:16.0571 1652 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:57:16.0602 1652 NativeWifiP - ok
12:57:16.0696 1652 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
12:57:16.0727 1652 NDIS - ok
12:57:16.0758 1652 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:57:16.0774 1652 NdisCap - ok
12:57:16.0805 1652 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:57:16.0821 1652 NdisTapi - ok
12:57:16.0899 1652 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
12:57:16.0914 1652 Ndisuio - ok
12:57:16.0930 1652 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
12:57:16.0945 1652 NdisWan - ok
12:57:17.0023 1652 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
12:57:17.0023 1652 NDProxy - ok
12:57:17.0055 1652 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:57:17.0070 1652 NetBIOS - ok
12:57:17.0101 1652 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
12:57:17.0117 1652 NetBT - ok
12:57:17.0304 1652 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
12:57:17.0429 1652 netw5v32 - ok
12:57:17.0538 1652 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:57:17.0554 1652 nfrd960 - ok
12:57:17.0632 1652 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:57:17.0632 1652 Npfs - ok
12:57:17.0663 1652 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:57:17.0679 1652 nsiproxy - ok
12:57:17.0741 1652 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
12:57:17.0913 1652 Ntfs - ok
12:57:18.0006 1652 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:57:18.0006 1652 Null - ok
12:57:18.0037 1652 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
12:57:18.0069 1652 nvraid - ok
12:57:18.0100 1652 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
12:57:18.0115 1652 nvstor - ok
12:57:18.0147 1652 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
12:57:18.0147 1652 nv_agp - ok
12:57:18.0209 1652 OEM04Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM04Vfx.sys
12:57:18.0318 1652 OEM04Vfx - ok
12:57:18.0365 1652 OEM04Vid (40e9bfd9f64dfb32c1eafbaa0576c55d) C:\Windows\system32\DRIVERS\OEM04Vid.sys
12:57:18.0490 1652 OEM04Vid - ok
12:57:18.0505 1652 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
12:57:18.0521 1652 ohci1394 - ok
12:57:18.0661 1652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:57:18.0677 1652 Parport - ok
12:57:18.0693 1652 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
12:57:18.0708 1652 partmgr - ok
12:57:18.0739 1652 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:57:18.0739 1652 Parvdm - ok
12:57:18.0771 1652 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
12:57:18.0802 1652 pci - ok
12:57:18.0833 1652 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
12:57:18.0833 1652 pciide - ok
12:57:18.0864 1652 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:57:18.0880 1652 pcmcia - ok
12:57:18.0911 1652 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:57:18.0927 1652 pcw - ok
12:57:18.0973 1652 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:57:18.0989 1652 PEAUTH - ok
12:57:19.0161 1652 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:57:19.0176 1652 PptpMiniport - ok
12:57:19.0207 1652 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:57:19.0223 1652 Processor - ok
12:57:19.0270 1652 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:57:19.0285 1652 Psched - ok
12:57:19.0348 1652 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:57:19.0395 1652 ql2300 - ok
12:57:19.0426 1652 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:57:19.0441 1652 ql40xx - ok
12:57:19.0551 1652 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:57:19.0551 1652 QWAVEdrv - ok
12:57:19.0582 1652 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:57:19.0597 1652 RasAcd - ok
12:57:19.0644 1652 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:57:19.0660 1652 RasAgileVpn - ok
12:57:19.0691 1652 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:57:19.0707 1652 Rasl2tp - ok
12:57:19.0738 1652 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:57:19.0753 1652 RasPppoe - ok
12:57:19.0878 1652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:57:19.0894 1652 RasSstp - ok
12:57:19.0925 1652 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
12:57:19.0941 1652 rdbss - ok
12:57:19.0972 1652 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:57:19.0987 1652 rdpbus - ok
12:57:20.0003 1652 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:57:20.0019 1652 RDPCDD - ok
12:57:20.0050 1652 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
12:57:20.0065 1652 RDPDR - ok
12:57:20.0097 1652 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:57:20.0112 1652 RDPENCDD - ok
12:57:20.0128 1652 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:57:20.0143 1652 RDPREFMP - ok
12:57:20.0175 1652 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
12:57:20.0190 1652 RDPWD - ok
12:57:20.0299 1652 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
12:57:20.0315 1652 rdyboost - ok
12:57:20.0409 1652 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
12:57:20.0424 1652 RFCOMM - ok
12:57:20.0471 1652 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
12:57:20.0705 1652 rismxdp - ok
12:57:20.0783 1652 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:57:20.0799 1652 rspndr - ok
12:57:20.0845 1652 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
12:57:20.0845 1652 s3cap - ok
12:57:20.0970 1652 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
12:57:20.0986 1652 sbp2port - ok
12:57:21.0017 1652 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
12:57:21.0017 1652 scfilter - ok
12:57:21.0079 1652 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
12:57:21.0329 1652 sdbus - ok
12:57:21.0360 1652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:57:21.0376 1652 secdrv - ok
12:57:21.0501 1652 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:57:21.0532 1652 Serenum - ok
12:57:21.0641 1652 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:57:21.0657 1652 Serial - ok
12:57:21.0672 1652 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:57:21.0688 1652 sermouse - ok
12:57:21.0735 1652 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
12:57:21.0750 1652 sffdisk - ok
12:57:21.0781 1652 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:57:21.0797 1652 sffp_mmc - ok
12:57:21.0813 1652 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:57:21.0937 1652 sffp_sd - ok
12:57:21.0969 1652 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:57:21.0969 1652 sfloppy - ok
12:57:22.0015 1652 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
12:57:22.0031 1652 sisagp - ok
12:57:22.0062 1652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:57:22.0078 1652 SiSRaid2 - ok
12:57:22.0171 1652 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:57:22.0187 1652 SiSRaid4 - ok
12:57:22.0218 1652 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:57:22.0234 1652 Smb - ok
12:57:22.0296 1652 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:57:22.0312 1652 spldr - ok
12:57:22.0359 1652 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
12:57:22.0593 1652 srv - ok
12:57:22.0795 1652 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
12:57:22.0936 1652 srv2 - ok
12:57:22.0967 1652 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
12:57:23.0232 1652 srvnet - ok
12:57:23.0295 1652 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:57:23.0310 1652 stexstor - ok
12:57:23.0388 1652 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
12:57:23.0404 1652 storflt - ok
12:57:23.0435 1652 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
12:57:23.0435 1652 storvsc - ok
12:57:23.0466 1652 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
12:57:23.0482 1652 swenum - ok
12:57:23.0607 1652 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
12:57:23.0716 1652 Tcpip - ok
12:57:23.0825 1652 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
12:57:23.0841 1652 TCPIP6 - ok
12:57:23.0887 1652 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
12:57:23.0903 1652 tcpipreg - ok
12:57:23.0919 1652 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
12:57:23.0919 1652 TDPIPE - ok
12:57:23.0934 1652 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
12:57:23.0950 1652 TDTCP - ok
12:57:23.0965 1652 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
12:57:23.0981 1652 tdx - ok
12:57:24.0012 1652 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
12:57:24.0012 1652 TermDD - ok
12:57:24.0075 1652 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:57:24.0075 1652 tssecsrv - ok
12:57:24.0231 1652 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
12:57:24.0246 1652 tunnel - ok
12:57:24.0262 1652 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:57:24.0277 1652 uagp35 - ok
12:57:24.0324 1652 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
12:57:24.0340 1652 udfs - ok
12:57:24.0387 1652 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:57:24.0402 1652 uliagpkx - ok
12:57:24.0449 1652 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
12:57:24.0465 1652 umbus - ok
12:57:24.0496 1652 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:57:24.0511 1652 UmPass - ok
12:57:24.0574 1652 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
12:57:24.0589 1652 usbaudio - ok
12:57:24.0699 1652 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
12:57:24.0823 1652 usbccgp - ok
12:57:24.0870 1652 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
12:57:24.0886 1652 usbcir - ok
12:57:24.0917 1652 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
12:57:25.0167 1652 usbehci - ok
12:57:25.0276 1652 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
12:57:25.0447 1652 usbhub - ok
12:57:25.0494 1652 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
12:57:25.0650 1652 usbohci - ok
12:57:25.0775 1652 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:57:25.0775 1652 usbprint - ok
12:57:25.0806 1652 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:57:25.0822 1652 USBSTOR - ok
12:57:25.0853 1652 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
12:57:26.0103 1652 usbuhci - ok
12:57:26.0165 1652 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
12:57:26.0399 1652 usbvideo - ok
12:57:26.0430 1652 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:57:26.0430 1652 vdrvroot - ok
12:57:26.0477 1652 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:57:26.0477 1652 vga - ok
12:57:26.0508 1652 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:57:26.0508 1652 VgaSave - ok
12:57:26.0617 1652 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
12:57:26.0633 1652 vhdmp - ok
12:57:26.0664 1652 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
12:57:26.0680 1652 viaagp - ok
12:57:26.0695 1652 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:57:26.0711 1652 ViaC7 - ok
12:57:26.0727 1652 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
12:57:26.0727 1652 viaide - ok
12:57:26.0758 1652 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
12:57:26.0758 1652 vmbus - ok
12:57:26.0789 1652 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
12:57:26.0789 1652 VMBusHID - ok
12:57:26.0820 1652 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
12:57:26.0820 1652 volmgr - ok
12:57:26.0851 1652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:57:26.0867 1652 volmgrx - ok
12:57:26.0976 1652 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
12:57:26.0992 1652 volsnap - ok
12:57:27.0023 1652 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
12:57:27.0117 1652 vpnva - ok
12:57:27.0163 1652 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:57:27.0163 1652 vsmraid - ok
12:57:27.0179 1652 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
12:57:27.0195 1652 vwifibus - ok
12:57:27.0210 1652 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:57:27.0226 1652 WacomPen - ok
12:57:27.0241 1652 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
12:57:27.0257 1652 WANARP - ok
12:57:27.0257 1652 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
12:57:27.0257 1652 Wanarpv6 - ok
12:57:27.0413 1652 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:57:27.0413 1652 Wd - ok
12:57:27.0444 1652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:57:27.0460 1652 Wdf01000 - ok
12:57:27.0522 1652 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:57:27.0522 1652 WfpLwf - ok
12:57:27.0538 1652 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:57:27.0553 1652 WIMMount - ok
12:57:27.0600 1652 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
12:57:27.0616 1652 WinUsb - ok
12:57:27.0725 1652 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:57:27.0741 1652 WmiAcpi - ok
12:57:27.0772 1652 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:57:27.0787 1652 ws2ifsl - ok
12:57:27.0819 1652 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
12:57:27.0819 1652 WudfPf - ok
12:57:27.0850 1652 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:57:27.0850 1652 WUDFRd - ok
12:57:27.0912 1652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:57:27.0959 1652 \Device\Harddisk0\DR0 - ok
12:57:27.0975 1652 Boot (0x1200) (315985281915fbb30e85ef04644ac8de) \Device\Harddisk0\DR0\Partition0
12:57:27.0975 1652 \Device\Harddisk0\DR0\Partition0 - ok
12:57:27.0990 1652 Boot (0x1200) (496d79fd46eceb724670b6b2d02c71d6) \Device\Harddisk0\DR0\Partition1
12:57:27.0990 1652 \Device\Harddisk0\DR0\Partition1 - ok
12:57:27.0990 1652 ============================================================
12:57:27.0990 1652 Scan finished
12:57:27.0990 1652 ============================================================
12:57:27.0990 4900 Detected object count: 0
12:57:27.0990 4900 Actual detected object count: 0
 
Diabled Avast
Click to expand...
Disabling is not enough.
You have to uninstall it.

==========================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Avast: Uninstalled

MBR:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-01 13:32:46
-----------------------------
13:32:46.940 OS Version: Windows 6.1.7600
13:32:46.940 Number of processors: 2 586 0x1706
13:32:46.940 ComputerName: BRIANYOKLEY-PC UserName: Brian Yokley
13:32:49.467 Initialize success
13:33:36.105 AVAST engine defs: 12020100
13:33:44.061 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
13:33:44.077 Disk 0 Vendor: TOSHIBA_MK2051GSY LD001D Size: 190782MB BusType: 11
13:33:44.092 Disk 0 MBR read successfully
13:33:44.092 Disk 0 MBR scan
13:33:44.108 Disk 0 Windows 7 default MBR code
13:33:44.108 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
13:33:44.170 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640
13:33:44.202 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 172805 MB offset 31569920
13:33:44.233 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 385476608
13:33:44.529 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 385478656
13:33:44.623 Disk 0 scanning sectors +390719488
13:33:44.732 Disk 0 scanning C:\Windows\system32\drivers
13:34:17.102 Service scanning
13:34:28.974 Modules scanning
13:34:33.841 Disk 0 MBR has been saved successfully to "C:\Users\Brian Yokley\Desktop\MBR.dat"
13:34:33.872 The log file has been saved successfully to "C:\Users\Brian Yokley\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-01 13:32:46
-----------------------------
13:32:46.940 OS Version: Windows 6.1.7600
13:32:46.940 Number of processors: 2 586 0x1706
13:32:46.940 ComputerName: BRIANYOKLEY-PC UserName: Brian Yokley
13:32:49.467 Initialize success
13:33:36.105 AVAST engine defs: 12020100
13:33:44.061 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
13:33:44.077 Disk 0 Vendor: TOSHIBA_MK2051GSY LD001D Size: 190782MB BusType: 11
13:33:44.092 Disk 0 MBR read successfully
13:33:44.092 Disk 0 MBR scan
13:33:44.108 Disk 0 Windows 7 default MBR code
13:33:44.108 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
13:33:44.170 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640
13:33:44.202 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 172805 MB offset 31569920
13:33:44.233 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 385476608
13:33:44.529 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 385478656
13:33:44.623 Disk 0 scanning sectors +390719488
13:33:44.732 Disk 0 scanning C:\Windows\system32\drivers
13:34:17.102 Service scanning
13:34:28.974 Modules scanning
13:34:33.872 Scanning: C:\Windows\system32\DRIVERS\tunnel.sys top\MBR.dat"
13:34:33.872 The log file has been saved successfully to "C:\Users\Brian Yokley\Desktop\aswMBR.txt"
13:34:40.686 Disk 0 trace - called modules:
13:34:40.748 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
13:34:40.764 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8653c948]
13:34:40.795 3 CLASSPNP.SYS[8320459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x860b2908]
13:34:42.292 AVAST engine scan C:\Windows
13:34:46.785 AVAST engine scan C:\Windows\system32
13:41:07.988 AVAST engine scan C:\Windows\system32\drivers
13:41:36.754 AVAST engine scan C:\Users\Brian Yokley
13:45:15.513 File: C:\Users\Brian Yokley\AppData\Local\Temp\fzyL1cuxqYNBhn.exe.tmp **INFECTED** Win32:FakeAlert-BXX [Trj]
13:54:06.944 AVAST engine scan C:\ProgramData
13:55:06.739 File: C:\ProgramData\odFpWeGCGDBNMy.exe **INFECTED** Win32:FakeAlert-BXX [Trj]
13:55:14.663 File: C:\ProgramData\V3v12Zn5SU75vD.exe **INFECTED** Win32:FakeAlert-BXX [Trj]
13:55:15.459 Scan finished successfully
13:55:30.997 Disk 0 MBR has been saved successfully to "C:\Users\Brian Yokley\Desktop\MBR.dat"
13:55:31.059 The log file has been saved successfully to "C:\Users\Brian Yokley\Desktop\aswMBR.txt"


Bootkit Remover:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`c3700000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Everything is BACK!

ComboFix 12-02-01.01 - Brian Yokley 02/01/2012 14:09:27.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2624 [GMT -5:00]
Running from: c:\users\Brian Yokley\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\odFpWeGCGDBNMy.exe
c:\programdata\V3v12Zn5SU75vD.exe
c:\users\Brian Yokley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Brian Yokley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Brian Yokley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Brian Yokley\Desktop\System Check.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 19:14 . 2012-02-01 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-01 04:58 . 2012-02-01 04:58 -------- d--h--w- c:\users\Brian Yokley\AppData\Roaming\Malwarebytes
2012-02-01 04:58 . 2012-02-01 04:58 -------- d--h--w- c:\programdata\Malwarebytes
2012-02-01 04:58 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 04:58 . 2012-02-01 04:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-01 04:52 . 2012-02-01 18:25 -------- d--h--w- c:\programdata\AVAST Software
2012-02-01 04:52 . 2012-02-01 04:52 -------- d-----w- c:\program files\AVAST Software
2012-01-31 13:33 . 2012-01-31 17:54 -------- d-----w- C:\42d5e9fedad7946d00744b
2012-01-31 13:31 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EAB48BF-54AE-4D67-B781-C5E40080E31F}\mpengine.dll
2012-01-31 13:25 . 2012-01-31 13:28 -------- d-----w- C:\6bea877153165f3ad17b86b1
2012-01-30 18:03 . 2012-01-30 18:05 -------- d-----w- C:\5a87b4e619f351e05fd5de
2012-01-27 16:37 . 2012-01-27 16:39 -------- d-----w- C:\3bddb1734610e4117feb8d5b
2012-01-26 18:30 . 2012-01-26 18:32 -------- d-----w- C:\23b9abdeb3bc23e759979e90
2012-01-26 04:30 . 2012-01-26 04:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-01-26 04:30 . 2012-01-26 04:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-01-26 04:30 . 2012-01-26 04:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-01-26 04:30 . 2012-01-26 04:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-01-26 04:30 . 2012-01-26 04:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-01-26 04:30 . 2012-01-26 04:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-01-26 04:30 . 2012-01-26 04:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-01-26 04:29 . 2012-01-26 04:30 -------- d-----w- c:\program files\QuickTime
2012-01-26 04:29 . 2012-01-26 04:29 -------- d--h--w- c:\programdata\Apple Computer
2012-01-26 04:27 . 2012-01-26 04:27 -------- d-----w- c:\program files\Common Files\Apple
2012-01-26 04:27 . 2012-01-26 04:27 -------- d-----w- c:\program files\Apple Software Update
2012-01-25 16:32 . 2012-01-25 16:35 -------- d-----w- C:\99fc4c09caa172c224bd
2012-01-24 15:25 . 2012-01-24 15:28 -------- d-----w- C:\9f1d6f2f1d2153ace8cb33bfbca97c07
2012-01-23 18:32 . 2012-01-23 18:35 -------- d-----w- C:\a9461e9bf2498b5fd197
2012-01-19 20:54 . 2012-01-19 20:56 -------- d-----w- C:\f16f15f3dcf2c945c51b
2012-01-18 13:54 . 2012-01-18 13:56 -------- d-----w- C:\bdf131dbe0005a936de58e90f856
2012-01-18 00:29 . 2012-01-18 00:29 -------- d-----w- c:\windows\system32\SPReview
2012-01-17 20:56 . 2012-01-17 20:59 -------- d-----w- C:\a1be0fc31e6d6654d64e
2012-01-16 11:05 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-16 11:05 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-16 11:04 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-16 11:04 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-16 11:04 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-16 11:04 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-16 11:04 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-16 11:04 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-16 11:04 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-16 11:04 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-12 01:22 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 01:22 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-12 01:22 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 01:22 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 01:13 . 2012-01-12 01:16 -------- d-----w- C:\1284a7f9e1730e7736b1e7
2012-01-07 15:53 . 2012-01-17 20:58 -------- d--h--w- c:\program files\Micromax
2012-01-03 13:22 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 15:08 . 2010-07-13 22:16 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-27 20:46 . 2011-09-21 15:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:23 . 2011-12-17 23:37 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:35 . 2011-12-17 23:38 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34 . 2011-12-17 23:38 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 04:30 . 2011-12-17 23:37 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 03:28 . 2011-12-17 23:38 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55 . 2011-12-17 23:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ---ha-w- c:\users\Brian Yokley\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ---ha-w- c:\users\Brian Yokley\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ---ha-w- c:\users\Brian Yokley\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM04Mon.exe"="c:\windows\OEM04Mon.exe" [2007-06-10 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-07 124240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-09-12 273528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Brian Yokley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV32.sys [2009-10-27 105984]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV32.sys [2009-10-27 105984]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-07 66600]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-16 1343400]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2010-01-07 22816]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-01-07 70728]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-01 67904]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\DRIVERS\OEM04Vfx.sys [2007-03-05 7424]
S3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\DRIVERS\OEM04Vid.sys [2007-10-10 234720]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-01 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-12-12 15:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: duke.edu\portal
TCP: DhcpNameServer = 192.168.1.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://portal.duke.edu/CACHE/stc/2/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
HKCU-Run-odFpWeGCGDBNMy.exe - c:\programdata\odFpWeGCGDBNMy.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-01 14:18:04
ComboFix-quarantined-files.txt 2012-02-01 19:18
.
Pre-Run: 109,366,644,736 bytes free
Post-Run: 110,004,580,352 bytes free
.
- - End Of File - - 50AE41216593D79F6C12A37ADF6EB4F1
 
Good news :)

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL:

OTL logfile created on: 2/1/2012 2:59:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brian Yokley\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 67.64% Memory free
6.99 Gb Paging File | 5.99 Gb Available in Paging File | 85.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.76 Gb Total Space | 102.50 Gb Free Space | 60.74% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.52 Gb Free Space | 63.46% Space Free | Partition Type: NTFS

Computer Name: BRIANYOKLEY-PC | User Name: Brian Yokley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/01 14:58:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brian Yokley\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/09/12 15:55:39 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/07/15 23:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/01 01:52:50 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2010/05/05 20:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010/01/06 19:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2010/01/06 19:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/01/06 19:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/01/06 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010/01/06 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/01/06 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009/08/25 15:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 15:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/08/25 15:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/06/10 16:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM04Mon.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2005/08/22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/10/01 01:52:50 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/07/16 12:00:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/05 20:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/01/06 19:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2010/01/06 19:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/01/06 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/01/06 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/05 20:46:36 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010/01/06 19:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/06 19:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/06 19:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/06 19:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/06 19:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/01/06 19:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/10/26 19:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32)
DRV - [2009/10/26 19:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcUsbMdmV32.sys -- (HtcUsbMdmV32)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2007/10/10 16:01:00 | 000,234,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM04Vid.sys -- (OEM04Vid)
DRV - [2007/03/05 09:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM04Vfx.sys -- (OEM04Vfx)
DRV - [2006/11/14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3546445678-3021338262-797944043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3546445678-3021338262-797944043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3546445678-3021338262-797944043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 36 17 CC D6 22 CB 01 [binary data]
IE - HKU\S-1-5-21-3546445678-3021338262-797944043-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/12 15:56:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/02/01 14:14:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3546445678-3021338262-797944043-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3546445678-3021338262-797944043-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-3546445678-3021338262-797944043-1000\..Trusted Domains: duke.edu ([portal] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://centra.fuqua.duke.edu/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://portal.duke.edu/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAD3CB6B-AF67-4071-A15A-E998242FAC75}: DhcpNameServer = 172.20.72.47
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/01 14:57:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brian Yokley\Desktop\OTL.exe
[2012/02/01 14:18:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/01 14:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/01 14:07:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/01 14:07:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/01 14:07:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/01 14:07:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/01 14:07:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/01 14:06:32 | 004,394,330 | R--- | C] (Swearware) -- C:\Users\Brian Yokley\Desktop\ComboFix.exe
[2012/02/01 13:32:21 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Brian Yokley\Desktop\aswMBR.exe
[2012/02/01 12:56:38 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brian Yokley\Desktop\tdsskiller.exe
[2012/01/31 23:58:22 | 000,000,000 | ---D | C] -- C:\Users\Brian Yokley\AppData\Roaming\Malwarebytes
[2012/01/31 23:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/31 23:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/31 23:58:04 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/31 23:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/31 23:53:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Brian Yokley\Desktop\dds.scr
[2012/01/31 23:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/31 23:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/31 23:51:58 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Brian Yokley\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/31 08:33:38 | 000,000,000 | ---D | C] -- C:\42d5e9fedad7946d00744b
[2012/01/31 08:25:52 | 000,000,000 | ---D | C] -- C:\6bea877153165f3ad17b86b1
[2012/01/30 13:03:05 | 000,000,000 | ---D | C] -- C:\5a87b4e619f351e05fd5de
[2012/01/27 11:37:00 | 000,000,000 | ---D | C] -- C:\3bddb1734610e4117feb8d5b
[2012/01/26 13:30:16 | 000,000,000 | ---D | C] -- C:\23b9abdeb3bc23e759979e90
[2012/01/25 23:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/25 23:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/25 23:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/01/25 23:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/01/25 23:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/25 11:32:59 | 000,000,000 | ---D | C] -- C:\99fc4c09caa172c224bd
[2012/01/24 10:25:38 | 000,000,000 | ---D | C] -- C:\9f1d6f2f1d2153ace8cb33bfbca97c07
[2012/01/23 23:29:26 | 000,000,000 | ---D | C] -- C:\Users\Brian Yokley\Desktop\2012 Spring 1
[2012/01/23 13:32:46 | 000,000,000 | ---D | C] -- C:\a9461e9bf2498b5fd197
[2012/01/19 15:54:47 | 000,000,000 | ---D | C] -- C:\f16f15f3dcf2c945c51b
[2012/01/18 08:54:05 | 000,000,000 | ---D | C] -- C:\bdf131dbe0005a936de58e90f856
[2012/01/17 19:29:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/01/17 16:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/17 16:25:17 | 000,000,000 | ---D | C] -- C:\Users\Brian Yokley\Desktop\G-Town
[2012/01/17 15:56:49 | 000,000,000 | ---D | C] -- C:\a1be0fc31e6d6654d64e
[2012/01/11 20:13:39 | 000,000,000 | ---D | C] -- C:\1284a7f9e1730e7736b1e7
[2012/01/07 10:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airtel
[2012/01/07 10:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\Micromax
[3 C:\Users\Brian Yokley\Desktop\*.tmp files -> C:\Users\Brian Yokley\Desktop\*.tmp -> ]
[1 C:\Users\Brian Yokley\*.tmp files -> C:\Users\Brian Yokley\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/01 14:58:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brian Yokley\Desktop\OTL.exe
[2012/02/01 14:14:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/01 14:07:12 | 004,394,330 | R--- | M] (Swearware) -- C:\Users\Brian Yokley\Desktop\ComboFix.exe
[2012/02/01 13:56:21 | 000,044,607 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\bootkit_remover.zip
[2012/02/01 13:55:31 | 000,000,512 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\MBR.dat
[2012/02/01 13:35:29 | 000,012,096 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 13:35:29 | 000,012,096 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 13:32:42 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Brian Yokley\Desktop\aswMBR.exe
[2012/02/01 13:27:11 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/02/01 13:26:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/01 13:26:50 | 2817,032,192 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/01 12:56:54 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brian Yokley\Desktop\tdsskiller.exe
[2012/02/01 00:35:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Brian Yokley\Desktop\dds.scr
[2012/02/01 00:29:36 | 000,302,592 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\g8mqqnd1.exe
[2012/01/31 23:58:12 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/31 23:53:45 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/31 23:53:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/31 23:53:04 | 000,302,592 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\p9kn6gpm.exe
[2012/01/31 23:52:01 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brian Yokley\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/31 23:51:36 | 064,207,032 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\setup_av_free.exe
[2012/01/31 23:40:44 | 002,040,508 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\tdsskiller.zip
[2012/01/31 17:04:10 | 000,000,679 | ---- | M] () -- C:\Users\Brian Yokley\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/18 20:19:24 | 000,620,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/18 20:19:24 | 000,104,578 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[3 C:\Users\Brian Yokley\Desktop\*.tmp files -> C:\Users\Brian Yokley\Desktop\*.tmp -> ]
[1 C:\Users\Brian Yokley\*.tmp files -> C:\Users\Brian Yokley\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/01 14:11:59 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/02/01 14:11:59 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/02/01 14:11:59 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/02/01 14:11:58 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/02/01 14:11:58 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/02/01 14:11:58 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/01 14:11:58 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/02/01 14:11:58 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/02/01 14:11:57 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/01 14:11:57 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/01 14:07:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/01 14:07:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/01 14:07:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/01 14:07:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/01 14:07:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/01 13:34:33 | 000,000,512 | ---- | C] () -- C:\Users\Brian Yokley\Desktop\MBR.dat
[2012/02/01 13:32:34 | 000,044,607 | ---- | C] () -- C:\Users\Brian Yokley\Desktop\bootkit_remover.zip
[2012/02/01 00:29:24 | 000,302,592 | ---- | C] () -- C:\Users\Brian Yokley\Desktop\g8mqqnd1.exe
[2012/01/31 23:52:55 | 000,302,592 | ---- | C] () -- C:\Users\Brian Yokley\Desktop\p9kn6gpm.exe
[2012/01/31 23:51:30 | 064,207,032 | ---- | C] () -- C:\Users\Brian Yokley\Desktop\setup_av_free.exe
[2012/01/31 23:40:37 | 002,040,508 | ---- | C] () -- C:\Users\Brian Yokley\Desktop\tdsskiller.zip
[2012/01/31 17:04:10 | 000,000,679 | ---- | C] () -- C:\Users\Brian Yokley\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/04/12 22:46:22 | 000,008,192 | ---- | C] () -- C:\Users\Brian Yokley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/07 19:33:53 | 000,007,598 | ---- | C] () -- C:\Users\Brian Yokley\AppData\Local\Resmon.ResmonCfg
[2011/01/07 19:55:50 | 000,000,248 | ---- | C] () -- C:\Windows\FaceFun.INI
[2009/09/16 16:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,409,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,620,036 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,104,578 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/05/06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2012/01/17 15:58:31 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\Amazon
[2011/01/14 19:07:06 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\BitTorrent
[2010/11/07 17:37:19 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\Centra
[2010/10/22 15:08:39 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\Downloaded Installations
[2011/12/06 18:06:34 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\Dropbox
[2010/11/16 16:44:41 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\EndNote
[2011/01/17 13:07:09 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\FrostWire
[2010/12/05 15:39:51 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\gtk-2.0
[2010/10/22 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\Nitro PDF
[2010/11/01 17:22:48 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\Registry Mechanic
[2011/03/23 13:13:22 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\TravelerSafe
[2012/02/01 13:27:11 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/10/24 22:07:25 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/07/13 20:27:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/02/01 14:18:04 | 000,012,301 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/05/20 12:35:06 | 000,005,356 | R--- | M] () -- C:\dell.sdr
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/02/01 13:26:50 | 2817,032,192 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/06/05 14:12:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/05 14:12:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/02/01 13:26:51 | 3756,044,288 | -HS- | M] () -- C:\pagefile.sys
[2012/02/01 12:57:28 | 000,081,096 | ---- | M] () -- C:\TDSSKiller.2.7.9.0_01.02.2012_12.56.58_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2009/06/22 18:08:30 | 000,090,112 | ---- | M] (Lexmark International Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\LMPRTPRC.DLL
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/13 17:00:18 | 000,000,221 | -HS- | M] () -- C:\Users\Brian Yokley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/01 13:32:42 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Brian Yokley\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Brian Yokley\Desktop\boot_cleaner.exe
[2012/02/01 14:07:12 | 004,394,330 | R--- | M] (Swearware) -- C:\Users\Brian Yokley\Desktop\ComboFix.exe
[2012/02/01 00:29:36 | 000,302,592 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\g8mqqnd1.exe
[2012/01/31 23:52:01 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brian Yokley\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/01 14:58:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brian Yokley\Desktop\OTL.exe
[2012/01/31 23:53:04 | 000,302,592 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\p9kn6gpm.exe
[2012/01/31 23:51:36 | 064,207,032 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\setup_av_free.exe
[2012/02/01 12:56:54 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brian Yokley\Desktop\tdsskiller.exe
[3 C:\Users\Brian Yokley\Desktop\*.tmp files -> C:\Users\Brian Yokley\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/07/14 21:28:20 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2010/07/14 21:28:10 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2010/07/13 19:32:10 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2010/07/13 19:32:10 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2010/07/14 21:28:10 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 19:05:52 | 000,000,402 | -HS- | M] () -- C:\Users\Brian Yokley\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
 
OTL Extras logfile created on: 2/1/2012 2:59:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brian Yokley\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 67.64% Memory free
6.99 Gb Paging File | 5.99 Gb Available in Paging File | 85.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.76 Gb Total Space | 102.50 Gb Free Space | 60.74% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.52 Gb Free Space | 63.46% Space Free | Partition Type: NTFS

Computer Name: BRIANYOKLEY-PC | User Name: Brian Yokley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{835A6F5F-BC13-48DF-BEBE-8D80B419D145}" = Cisco AnyConnect VPN Client
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B0931CBE-FBA6-4BB0-A959-45E2751EC169}" = Cisco AnyConnect VPN Client Start Before Login Components
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CentraClient" = Centra Client
"Creative OEM004" = Laptop Integrated Webcam Driver (1.03.01.1011)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Glary Utilities_is1" = Glary Utilities Pro 2.30.0.1066
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"RealPlayer 12.0" = RealPlayer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3546445678-3021338262-797944043-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/31/2012 9:28:27 AM | Computer Name = BrianYokley-PC | Source = MsiInstaller | ID = 1023
Description =

Error - 1/31/2012 1:54:42 PM | Computer Name = BrianYokley-PC | Source = MsiInstaller | ID = 1023
Description =

Error - 1/31/2012 6:20:59 PM | Computer Name = BrianYokley-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3576 (0xdf8) Thread address : 0x77596194 Thread message : Build VSCORE.14.1.0.524
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\ProgramData\McAfee\Common
Framework\Current\BOCVSE__1000\BocDet_VSE.McS by C:\Program Files\McAfee\Common
Framework\McScript_InUse.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 1/31/2012 6:20:59 PM | Computer Name = BrianYokley-PC | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 1/31/2012 9:23:30 PM | Computer Name = BrianYokley-PC | Source = McLogEvent | ID = 259
Description = The scan found detections. Scan engine version 5400.1158 DAT version
6606.

Error - 2/1/2012 1:23:23 AM | Computer Name = BrianYokley-PC | Source = Application Hang | ID = 1002
Description = The program p9kn6gpm.exe version 1.0.15.15641 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1598 Start
Time: 01cce0a18ab00978 Termination Time: 16 Application Path: C:\Users\Brian Yokley\Desktop\p9kn6gpm.exe

Report
Id: d56dec70-4c94-11e1-871e-001f3ad7bbd6

Error - 2/1/2012 1:23:37 AM | Computer Name = BrianYokley-PC | Source = Application Hang | ID = 1002
Description = The program p9kn6gpm.exe version 1.0.15.15641 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1514 Start
Time: 01cce0a1894e36cb Termination Time: 15 Application Path: C:\Users\Brian Yokley\Desktop\p9kn6gpm.exe

Report
Id: e2889c22-4c94-11e1-871e-001f3ad7bbd6

Error - 2/1/2012 10:24:54 AM | Computer Name = BrianYokley-PC | Source = MsiInstaller | ID = 1023
Description =

Error - 2/1/2012 11:44:02 AM | Computer Name = BrianYokley-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AvastSvc.exe, version: 6.0.1367.0, time
stamp: 0x4ed3caa7 Faulting module name: aswScan.dll, version: 6.0.1388.0, time stamp:
0x4f22f2db Exception code: 0xc0000005 Fault offset: 0x00007333 Faulting process id:
0x5c4 Faulting application start time: 0x01cce0a1100a2c4a Faulting application path:
C:\Program Files\AVAST Software\Avast\AvastSvc.exe Faulting module path: C:\Program
Files\AVAST Software\Avast\defs\12020100\aswScan.dll Report Id: 901a4604-4ceb-11e1-871e-001f3ad7bbd6

Error - 2/1/2012 11:45:00 AM | Computer Name = BrianYokley-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AvastSvc.exe, version: 6.0.1367.0, time
stamp: 0x4ed3caa7 Faulting module name: aswScan.dll, version: 6.0.1388.0, time stamp:
0x4f22f2db Exception code: 0xc0000005 Fault offset: 0x00007333 Faulting process id:
0xee4 Faulting application start time: 0x01cce0f85df68b55 Faulting application path:
C:\Program Files\AVAST Software\Avast\AvastSvc.exe Faulting module path: C:\Program
Files\AVAST Software\Avast\defs\12020100\aswScan.dll Report Id: b25b8549-4ceb-11e1-871e-001f3ad7bbd6

[ Cisco AnyConnect VPN Client Events ]
Error - 2/1/2012 1:35:31 AM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::Notify File: .\MainThread.cpp Line: 6000 Invoked
Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 2/1/2012 2:27:03 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 2/1/2012 2:27:03 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 2/1/2012 2:27:03 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 2/1/2012 2:27:04 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 2/1/2012 2:27:04 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 2/1/2012 2:27:04 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 2/1/2012 2:27:04 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 2/1/2012 2:27:04 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7411 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 2/1/2012 2:27:04 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 325 Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED

[ OSession Events ]
Error - 10/15/2010 3:23:16 AM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 52906
seconds with 360 seconds of active time. This session ended with a crash.

Error - 10/15/2010 3:23:20 AM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 62504
seconds with 3660 seconds of active time. This session ended with a crash.

Error - 11/29/2010 3:52:54 PM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 547
seconds with 120 seconds of active time. This session ended with a crash.

Error - 2/21/2011 5:39:29 PM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15219
seconds with 540 seconds of active time. This session ended with a crash.

Error - 4/12/2011 11:17:08 AM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4185
seconds with 3240 seconds of active time. This session ended with a crash.

Error - 4/15/2011 5:44:51 PM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 168026
seconds with 8040 seconds of active time. This session ended with a crash.

Error - 4/20/2011 12:24:29 PM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 43524
seconds with 960 seconds of active time. This session ended with a crash.

Error - 4/20/2011 4:09:19 PM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 7779
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 4/20/2011 5:00:34 PM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3058
seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/24/2011 8:26:21 PM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 10845
seconds with 660 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/31/2012 3:31:28 PM | Computer Name = BrianYokley-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/31/2012 6:20:59 PM | Computer Name = BrianYokley-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/31/2012 7:43:54 PM | Computer Name = BrianYokley-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:43:06 PM on ?1/?31/?2012 was unexpected.

Error - 2/1/2012 1:21:15 AM | Computer Name = BrianYokley-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 2/1/2012 10:25:24 AM | Computer Name = BrianYokley-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows
Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871).

Error - 2/1/2012 11:44:16 AM | Computer Name = BrianYokley-PC | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 2/1/2012 11:45:08 AM | Computer Name = BrianYokley-PC | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 2/1/2012 3:08:57 PM | Computer Name = BrianYokley-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/1/2012 3:12:06 PM | Computer Name = BrianYokley-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/1/2012 3:15:01 PM | Computer Name = BrianYokley-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
 
You didn't say:
Any current issues?
Click to expand...
p4494882.gif


===========================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/01/31 17:04:10 | 000,000,679 | ---- | C] () -- C:\Users\Brian Yokley\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2010/11/01 17:22:48 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\Registry Mechanic
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Users\Brian Yokley\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
C:\Users\Brian Yokley\AppData\Roaming\Registry Mechanic folder moved successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brian Yokley
->Temp folder emptied: 151645 bytes
->Temporary Internet Files folder emptied: 501506333 bytes
->Java cache emptied: 4249663 bytes
->Flash cache emptied: 274790 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 503016 bytes

Total Files Cleaned = 483.00 mb


[EMPTYJAVA]

User: All Users

User: Brian Yokley
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Brian Yokley
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02012012_164800

Files\Folders moved on Reboot...
C:\Users\Brian Yokley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4C51O99\partner[3].htm moved successfully.
C:\Users\Brian Yokley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4C51O99\topic176948[1].html moved successfully.
C:\Users\Brian Yokley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRRDV46I\partner[2].htm moved successfully.
C:\Users\Brian Yokley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HUT15K2\net[5].htm moved successfully.
C:\Users\Brian Yokley\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
 
Security Check:
Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee VirusScan Enterprise
McAfee AntiSpyware Enterprise Module
McAfee Agent
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
McAfee AntiSpyware Enterprise Module
Java(TM) 6 Update 30
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
McAfee VirusScan Enterprise engineserver.exe
McAfee VirusScan Enterprise vstskmgr.exe
McAfee VirusScan Enterprise mcshield.exe
McAfee VirusScan Enterprise mfeann.exe
McAfee VirusScan Enterprise shstat.exe
``````````End of Log````````````

Farbar Service Scanner Version: 01-02-2012 03
Ran by Brian Yokley (administrator) on 01-02-2012 at 17:33:23
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 11:54] - [2011-09-29 10:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\Windows\system32\dnsrslvr.dll
[2011-04-15 14:58] - [2011-03-03 00:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 18:53] - [2009-07-13 20:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 18:54] - [2009-07-13 20:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 18:23] - [2009-07-13 20:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 18:24] - [2009-07-13 20:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-02-09 22:05] - [2010-12-21 00:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-13 19:15] - [2009-07-13 20:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-13 18:30] - [2009-07-13 20:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2009-07-13 18:33] - [2009-07-13 20:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
ESET:

C:\Qoobox\Quarantine\C\ProgramData\odFpWeGCGDBNMy.exe.vir a variant of Win32/Kryptik.ZVF trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\V3v12Zn5SU75vD.exe.vir a variant of Win32/Kryptik.ZVF trojan cleaned by deleting - quarantined


The Computer is GREAT! No problems or issues AND I think that it is even a little faster than before!
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 1 installation and upgrading Internet Explorer to version 9!!!)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
B
Solved MachineLearning/Anomalous.94%
2
Replies
29
Views
11K
Broni
Broni

Latest posts

Back