[Referring for driver assist] System Check issue

[cbusch]

System check started on my computer yesterday and will not let me do anything. The computer will start in normal mode but will then turn off and restart. I was able to enter the system in safe mode but am lost from what to do from here.Can I download the required software from here or should i download onto another computer, safe to disk and try loading it onto the infected computer Am currently on another computer.

I do not have any of the programs listed in 5 preliminary removal instructions posted by kimland.

I have Bullguard for antivirus and Ad-Aware for malware.

Thanks in advance for the help
Chris

Logfile created: 1/19/2012 22:12:26
Ad-Aware version: 8.2.6
User performing scan: Chris

*********************** Definitions database information ***********************
Lavasoft definition file: 149.1007
Genotype definition file version: 2011/09/21 13:57:35

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 356538
Objects detected: 3


Type Detected
==========================
Processes.......: 0
Registry entries: 2
Hostfile entries: 0
Files...........: 1
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0



Quarantined items:
Description: c:\programdata\qimmtimicgl.exe Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 6646606 Family ID: 936 MD5: 3d68d51b0a99b49116327caa1b277987
Description: HKLM:Software\Microsoft\Windows\CurrentVersion\Run:QimMTimICgL.exe Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 6646606 Family ID: 936
Description: HKU:.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\SystemisableTaskMgr Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 35459 Family ID: 936

Scan and cleaning complete: Finished correctly after 7449 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Fri Mar 26 23:40:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Fri Mar 26 05:40:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Fri Mar 26 11:40:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Fri Mar 26 17:40:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Fri Mar 26 23:40:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: true
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: false
ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: false
ID: usespywareheuristics, enabled:1, value: false
ID: modules, enabled:1
ID: processprotection, enabled:0, value: true
ID: onaccessprotection, enabled:0, value: false
ID: registryprotection, enabled:0, value: false
ID: networkprotection, enabled:0, value: false


****************************** System information ******************************
Computer name: CHRIS-PC
Processor name: AMD Turion(tm) 64 X2 Mobile Technology TL-60
Processor identifier: x86 Family 15 Model 104 Stepping 2
Processor speed: ~2000MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 26626, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3,3DNow]
Physical memory available: 1276010496 bytes
Physical memory total: 2078466048 bytes
Virtual memory available: 1597091840 bytes
Virtual memory total: 2147352576 bytes
Memory load: 38%
Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Windows startup mode:

Running processes:
PID: 404 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 472 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 508 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 516 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 544 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 588 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 604 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 612 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 752 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 808 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 844 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 928 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 956 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1012 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1080 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1144 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1160 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1412 name: C:\Windows\explorer.exe owner: Chris domain: Chris-PC
PID: 1448 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1552 name: C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1568 name: C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1596 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1976 name: C:\Windows\HelpPane.exe owner: Chris domain: Chris-PC
PID: 1048 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1360 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1444 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2040 name: C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe owner: SYSTEM domain: NT AUTHORITY
PID: 296 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Chris domain: Chris-PC
PID: 1560 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Chris domain: Chris-PC
PID: 1332 name: C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1812 name: C:\Program Files\Java\jre6\bin\java.exe owner: SYSTEM domain: NT AUTHORITY

Startup items:
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: NvSvc
imagepath: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Name: SynTPStart
imagepath: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
Name: QPService
imagepath: "C:\Program Files\HP\QuickPlay\QPService.exe"
Name: QlbCtrl
imagepath: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
Name: Windows Defender
imagepath: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Name: ccApp
imagepath: "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Name:
imagepath: C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: BFE
displayname: Base Filtering Engine
Name: BsMain
displayname: BullGuard main service
Name: BsScanner
displayname: BullGuard scanning service
Name: BsUpdate
displayname: BullGuard update service
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: EapHost
displayname: Extensible Authentication Protocol
Name: Eventlog
displayname: Windows Event Log
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: KeyIso
displayname: CNG Key Isolation
Name: LanmanWorkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: MpsSvc
displayname: Windows Firewall
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List Service
Name: NlaSvc
displayname: Network Location Awareness
Name: nsi
displayname: Network Store Interface Service
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPsec Policy Agent
Name: ProfSvc
displayname: User Profile Service
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: Wlansvc
displayname: WLAN AutoConfig
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework

 

[Bobbye]

Welcome to TechSpot, Chris. Unfortunately I can't work from the AdAware log.

If you have an internet connection, you can download the scan directly to this machine. Run in Normal Mode> if possible. If the system won't continue, boot into Safe Mode to run the scans.
====================================
It appears that the Task Manager is disabled. Please do this:
Press Windows+R key> type cmd> OK

If your task manager is disabled,copy and run this command

Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr

Press Enter
=====================================
If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners

• System Check is a fake (Rogue) computer analysis and optimization program.
• The 'alerts' tell you the problems have lead to corrupt and missing data
• It will display false error messages and security warnings.
• It "hides" Icons, desktop, programs and files so that they appear to be missing and some programs can't be run
• This can be installed through hacked sites that exploit vulnerabilities on the system or through fake online scanner pages
• The malware is configured to automatically start when you logon to Windows.
• It can also be started if you click on any of these alerts.

Note: You may not experience all of the above, but it is important to tell me what problems you do have.
===========================================
Please follow these steps: Preliminary Virus and Malware Removal.
(These steps have been updated since kimsland was active. Be sure to follow this current thread)

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
=================================
I you have a problem with a particular program, stop and advise me what the program and problem is. I don't have enough information to determine if this is a System Check issue
====================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[cbusch]

Cant install Comodo

I cannot access the internet from the infected computer at all, so I have saved all downloaded files to disk. I have tried to load the Comodo onto the computer but get this message, "Error:1601. The windows installer service could not be accessed. This can occur if the windows installer is not correctly installed. Contact support for assistance"

What would you like for me to do at this point?
thanks

 

[cbusch]

logs

Please disregard the previous message about Comodo.
Here are my logs.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.20.03

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19170
Chris :: CHRIS-PC [administrator]

1/20/2012 7:28:30 PM
mbam-log-2012-01-20 (19-28-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189427
Time elapsed: 6 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winupd (Trojan.Agent) -> Data: C:\Users\Chris\AppData\Local\Temp:winupd.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Users\Chris\AppData\Roaming\37C52\64F7F.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|E68.exe (Backdoor.CycBot.Gen) -> Data: C:\Users\Chris\AppData\Roaming\Microsoft\7F03\E68.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:58283 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\ProgramData\4AFmHttlyLUqzq.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Roaming\37C52\190AA.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\37C52\64F7F.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Windows\Temp\aonscrmxew.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\notepad.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\iexplore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\users\chris\appdata\local\temp:winupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\users\chris\appdata\local\temp:winupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Gmer log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-20 21:16:04
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542525K9SA00 rev.BBFOC32P
Running: 4pkugrmt.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kgloqpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


DDS logs

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_26
Run by Chris at 21:18:35 on 2012-01-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1361 [GMT -6:00]
.
AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
FW: BullGuard Firewall *Enabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\SvcHost.exe -k BullGuard_Main
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\helppane.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NWEReboot]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\BullGuard.exe" -boot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\program files\bullguard ltd\bullguard\antiphishing\ie\BGAntiphishingIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\BGLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{1D4AF8BE-0FBC-416C-AE65-D02186603897} : DhcpNameServer = 74.84.119.150 97.64.179.250
TCP: Interfaces\{DFACDC83-31CD-4383-AFC1-4556B6F8A4DD} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{F86A6400-A3BE-4203-AC39-D3469AF7E33E} : DhcpNameServer = 74.84.119.150 97.64.179.250
AppInit_DLLs: BgGamingMonitor.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\iotrglgz.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-2 64288]
R2 BsMain;BullGuard main service;c:\windows\system32\SvcHost.exe -k BullGuard_Main [2008-1-20 21504]
R2 BsScanner;BullGuard scanning service;c:\program files\bullguard ltd\bullguard\BullGuardScanner.exe [2011-11-9 174944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1355968]
S1 AFW;Agnitum Firewall Driver;c:\windows\system32\drivers\afw.sys [2011-11-9 34920]
S1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [2011-11-9 61152]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\drivers\NSKernel.sys [2011-11-9 216136]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\drivers\NSNetmon.sys [2011-11-9 20040]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 BsBackup;BullGuard backup service;c:\windows\system32\SvcHost.exe -k BullGuard_Backup [2008-1-20 21504]
S2 BsBhvScan;BullGuard behavioural detection service;c:\program files\bullguard ltd\bullguard\BullGuardBhvScanner.exe [2011-11-9 299360]
S2 BsFileScan;BullGuard on-access service;c:\windows\system32\SvcHost.exe -k BullGuard [2008-1-20 21504]
S2 BsFire;BullGuard firewall service;c:\windows\system32\SvcHost.exe -k BullGuard [2008-1-20 21504]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\system32\SvcHost.exe -k BullGuard_Proxy [2008-1-20 21504]
S2 BsUpdate;BullGuard update service;c:\program files\bullguard ltd\bullguard\BullGuardUpdate.exe [2012-1-17 276832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-24 149864]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2011-11-9 328296]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2008-2-22 180272]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-10-27 23936]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-2-22 1245064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-21 01:42:12 54016 ----a-w- c:\windows\system32\drivers\xrodgxfx.sys
2012-01-20 22:38:56 -------- d-----w- c:\users\chris\appdata\roaming\Malwarebytes
2012-01-20 22:38:42 -------- d-----w- c:\programdata\Malwarebytes
2012-01-20 22:38:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-20 22:38:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-20 22:33:56 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-20 22:33:56 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-20 22:33:47 41184 ----a-w- c:\windows\avastSS.scr
2012-01-20 22:33:37 -------- d-----w- c:\programdata\AVAST Software
2012-01-20 22:33:37 -------- d-----w- c:\program files\AVAST Software
2012-01-20 22:12:41 -------- d-----w- c:\programdata\CPA_VA
2012-01-20 22:02:30 -------- d-----w- c:\users\chris\appdata\local\Comodo
2012-01-20 22:01:40 -------- d-----w- c:\programdata\Comodo
2012-01-20 22:01:34 -------- d-----w- c:\program files\Comodo
2012-01-20 12:31:16 -------- d-----w- c:\users\chris\appdata\roaming\52F32
2012-01-20 12:30:31 -------- d-----w- c:\users\chris\appdata\roaming\37C52
2012-01-20 04:27:02 -------- d-----w- c:\program files\52F32
2012-01-20 04:26:13 -------- d-----w- c:\program files\LP
2012-01-18 02:08:49 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{053bdba5-d136-427f-8617-bae88db502dc}\mpengine.dll
2012-01-11 03:54:38 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 03:54:38 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 03:54:32 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 03:54:25 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 03:54:11 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 03:54:02 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 03:53:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 03:53:47 497152 ----a-w- c:\windows\system32\qdvd.dll
.
==================== Find3M ====================
.
2012-01-20 19:47:52 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-01-18 01:58:26 100216 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2011-12-12 03:12:23 53088 ----a-w- c:\windows\system32\BGLsp.dll
2011-11-26 22:50:12 20040 ----a-w- c:\windows\system32\drivers\NSNetmon.sys
2011-11-26 22:49:53 216136 ----a-w- c:\windows\system32\drivers\NSKernel.sys
2011-11-26 22:49:50 308296 ----a-w- c:\windows\system32\drivers\Trufos.sys
2011-11-24 15:05:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 20:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-09 14:29:50 328296 ----a-w- c:\windows\system32\drivers\afwcore.sys
2011-11-09 14:29:48 34920 ----a-w- c:\windows\system32\drivers\afw.sys
2011-11-09 14:29:08 61152 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 21:19:53.42 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/24/2008 12:52:05 AM
System Uptime: 1/20/2012 7:44:57 PM (2 hours ago)
.
Motherboard: Quanta | | 30EA
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket S1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 60.781 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.995 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player
AIM 6
AIO_Scan
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Bonjour
BufferChm
BullGuard
C5200
C5200_doccd
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
Cards_Calendar_OrderGift_DoMorePlugout
ccCommon
Compatibility Pack for the 2007 Office system
Component Framework
Conexant HD Audio
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
DVD Suite
EA Link
eSupportQFolder
Family Tree Heritage
Family Tree Heritage Collaboration Support
Fax
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 9.0
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 9.0
HP Memories Disc
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 B2
HP Smart Web Printing
HP Solution Center 9.0
HP Total Care Advisor
HP Update
HP User Guides 0091
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
iPod for Windows 2005-02-07
iTunes
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6
LabelPrint
LiveUpdate (Symantec Corporation)
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MovieEdit Task
Mozilla Firefox 8.0 (x86 en-US)
MpcStar 4.9
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NetWaiting
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
OpenOffice.org 2.2
PanoStandAlone
Passage Express
PDF-XChange 3
PhotoStitch
Power2Go
PowerDirector
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
Punch! Weekend Project
QuickPlay SlingPlayer 0.4.6
QuickTime
RAW Image Task 2.1
RCA Digital Cable Modem
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
SolutionCenter
SPBBC 32bit
Status
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
The Sims™ Life Stories
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WeatherBug Gadget
WebReg
Yahoo! Toolbar
.
==== End Of File ===========================


thanks for the help

 

[Bobbye]

Chris, let's go over couple of things: What indication did you get of a System Check infection?
For instance, are you experiencing these:

# The 'alerts' tell you the problems have lead to corrupt and missing data
# It will display false error messages and security warnings.
# It "hides" Icons, desktop, programs and files so that they appear to be missing and some programs can't be run

There is also a bad proxy> are you experiencing any redirects in searches? We can fix that: Reset your browser proxies

• For Firefox:
  o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
  o Click on the "Network" tab, and then on the "Settings" button.
  o Please make sure that the "No Proxy" option is selected.
• For Internet Explorer:
  o Open Internet Explorer.
  o Click on "Tools" and then select "Internet Options".
  o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
  o Uncheck "Use a Proxy server for your LAN".
  o Click OK to close the Local Area Network (LAN) Settings window.
  o Click OK to close the Internet Options window.

=======================================
You have an assortment of malware- including a Backdoor.bot. I'm going to have you run Combofix to see if it picks up System Check processes:

Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe
  
  & follow the prompts.
• If prompted for Recovery Console, please allow.
• Once installed, you should see a blue screen prompt that says:
  • The Recovery Console was successfully installed.[/b]
  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• .Close/disable all anti virus and anti malware programs
  (If you need help with this, please see HERE)
• .Close any open browsers.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=================================
About some of the processes running:
I was okay with Norton Confidential- until I got to the installed programs and saw:
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center

Please run this to remove the Internet Security with the Antivirus: Norton Removal Tool
Reboot the computer when finished.
============================
Do you know what these files are?

2012-01-20 12:31:16 -------- d-----w- c:\users\chris\appdata\roaming\52F32
2012-01-20 12:30:31 -------- d-----w- c:\users\chris\appdata\roaming\37C52
2012-01-20 04:27:02 -------- d-----w- c:\program files\52F32
2012-01-20 04:26:13 -------- d-----w- c:\program files\LP

It's the same day you installed Comodo. (wish you hadn't done that now)
==================================
Clarification please: you are working in Safe Mode because the system crashes right after start- is that correct?
--------------------
You have this running: mRun: [NWEReboot]
nwereboot is a process belonging to Ahead Nero and acts as a temporary file whilst CD writing is in process. This program is a non-essential process. When you say you downloaded to disc, do you mean a CD? Is this a process you're using? Because otherwise, CD writing shouldn't be running while scanning.
=================================
I will give you some script for removals after I see the Combofix log. It will also tell me the nature of the malware. Please leave the log in your next reply.

 

[cbusch]

combo fix problem

I received all of the prompts you mentioned and System check installed itself on my desktop and ran its scan saying it found all kinds of system, memory, and speed issues.

I have corrected the proxy issue in firefox and internet explorer

I am currently trying to run Combofix but it is warning me that Bullguard, my antivirus software, is still running. I have disabled the software. Should i do an uninstall of it since it doesn't seem to be responding to my changes or how would you like me to continue?

I will be running the Norton removal tool after I get direction from you regarding the Combofix. OR can I do this out of the order you said? I have never used norton it was pre-installed on the computer

I do not know the four files that downloaded on 1-20-2012

I have no access to my computer in normal mode. Windows will start but then goes into a loop going no further and just keeps restarting. I can only access in safe mode


yes I am downloading the info to CD and then loading them onto the infected computer

 

[Bobbye]

Bullguard Antivirus and Firewall:

• Disable BullGuard's firewall and antivirus from BullGuard's Console.
• Double-click the BullGuard icon in your system tray (bottom right corner, just next to the clock).
• Click on Antivirus section on the left pane
• Click on Protection tab > Disable Antivirus option (click Turn it off)
• Disable the BullGuard Click on the the Firewall section
• Click on Overview tab > Disable Firewall option. (click Turn it off)

Exit the Bullguard console.
Reverse to re-enable
===========================================
If you still get the message from Combofix, bypass it and run the scan.
============================================
I will take you to task over this though:
Install Date: 5/24/2008> if Norton was pre-loaded, that means that you've had it's full security suite running for 4 years> It means that your system has been more vulnerable because it has multiple AV and Firewall.

Please run the Norton Uninstall after you have run Combofix.

I will remove the unknown entries with script after Combofix has been run.

 

[cbusch]

combo fix problem

I have the internet working on the infected computer now and downloaded combofix, but it did not ask for a location to save, but I got it to run. I started the run and got this message within a minute in the blue box:

"Access denied administrative permission needed to use the selected application use administrative prompt to complete task" It did that message twice and then another message popped up saying "Attempting to create new restore point. then stated scanning for files infected."

I then get a pop up box that says:
"combofix- zero access
Infected with rootkit.zeroaccess!
It has installed itself into tcp/ipstack
this is a particularly difficult infection

A Windows pop up box then pops up saying;
pev.3xe has stopped working, problem caused program to stop working
windows will close program and notify you when a solution is available

i then get the message:
"combofix has detected the presence of rootkit activity and needs to reboot computer"

the computer then reboots.

I go back into safe mode and try and run the uninstall instructions for combofix, so I can do a reinstall but the program is not found in the run menu. I searched for the program in the C: drive and and find combofix,at first when i opened the file it had multiple files in the folder approximately 30 files dating all the way back to 2000.


i was doing a reply to this and another program Internet Security 2012 began to run on my computer along with System Check. I disconnected from the internet and restarted the infected machine. I am now missing Avast and Malwarebytes from the desktop and Internet Security has an icon on my desktop while System Check has a tray icon on the left side of my task bar right next to the start menu
After Internet security 2012 and system check are now showing up on the desktop and in the task bar I open C: and the files that were in the combofix file are gone and now what is in the file is what would normally be under my computer (Local disk C, Persario D, CD drive and bullguard online drive)



Norton was installed on the computer when i purchased it but I had never started the trial that was given with the purchase because I had a paid version of bullguard still in use and never started Norton and completely forgot it was on the computer, so I had never run the program. Would this still cause complications with the other antivirus and spyware programs on the computer.

What would you like for me to do next?
thanks for working with me on this

 

[Bobbye]

Would this still cause complications with the other antivirus and spyware programs on the computer.

Yes, please uninstall Norton now. Although you never used it you did not uninstall it and there are process running for the program.
====================================
Browsers have a default location to send downloads. Most of us have at on deskstop- it's easier to find and use. It is alto remove when finished. When you save, the window that comes up has a location set in it> it' will be the default if you have it set. If not, download will go somewhere in Programs. For our purchases, the desktop is most convenient.
======================================
Do what you can in normal Mode. The exception is f you need to be in Safe Mode with Networking. and you \\instructed about this you are instructed explicitly to do otherwise,, such as when you need to be in Safe Mode with Networking and we instruct you explicitly to boot into Safe Mode With Networking

 

[cbusch]

norton removed

I cannot access the computer in any mode except for safe mode as previous stated, the machine will go into a endless loop of starting and restarting and now safe mode is the only mode that does not crash. I'm a little confused with your last statement could you please clarify
"The exception is f you need to be in Safe Mode with Networking. and you \\instructed about this you are instructed explicitly to do otherwise,, such as when you need to be in Safe Mode with Networking and we instruct you explicitly to boot into Safe Mode With Networking"

i removed the norton programs and tried to run combofix. Approximately 20-30 after starting the scan i get a Microsoft Windows pop up box that says "pev3xe has stopped working, A problem caused the program to stop working correctly. Window will close the program and notify you if a solution is available"

what would you like me to do?
thanks

 

[Bobbye]

About these:

1. Pev.3XE has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.
2. "combofix has detected the presence of rootkit activity and needs to reboot computer"
3. warning me that Bullguard, my antivirus software, is still running.

For #1: Close the message box and attempt to proceed with Combofix. Pev is in Combofix but the scan can run without it.
For #2: Reboot the computer.
For #3: IF security has been disabled, bypass the message and continue with scan.

If you also get a message about "access denied- need privilege", before you double click on Combofix to run, do a right click> Run as Administrator. Then proceed.
---------------------------------
If none of the above works and Combofix still refuses to run:
Delete Combofix file, download fresh one, but rename combofix.exe to
friday.exe BEFORE saving it to your desktop.
Do NOT run it yet.
-------------------------------------
Download and run the below tool named Rkill from one of the links below:
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

• Rkill.com
• Rkill.scr
• Rkill.exe
  
• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed

Note: If the window shows a message that says "Error deleting file", please re-run the tool again .

• Go right to the double click on friday.exe to run.

If a Combofix scan still won't run, leave it for now. I'll have you run another scan.
Everything above in Safe Mode or Safe Mode with Networking.
====================================
About the reboot loop. The reboot loop usually follows a failed Windows Update.

One of the fixes is to do a System Restore to date right before the failed update. Unfortuntunately, the system does not show any entries in ==== System Restore Points ===================
This does not say "NO Restore Points" but it does not show any either

The Attach.txt log from DDS does not show errors from the Event Viewer before ==== End Of File ===========================

I would have expected to see errors documenting failure to update.

The only suggestion I have to stop the reboot loop will be limited to whether there are actually some restore points on the system:
Start Windows :

1. Insert the Windows Vista or Windows 7 installation disc in the drive, and then restart the computer.
2. When you are prompted to start from the disc, press any key.
3. When you are prompted, configure the Language to install, Time and currency format, and Keyboard or input method options that you want, and then click Next.
4. On the next page, click Repair your computer.

Select a restore point:

1. On the System Recovery Options page, click the version of the Windows operating system that you want to repair, and then click Next.
2. On the System Recovery Options page, click System Restore.
3. On the System Restore page, click Next.
4. Select a restore point at which you know that the operating system was working, and then click Next.

The restore point should be a date before the first time that you experienced the problem that is described in the "Symptoms" section. To select a date, use the Choose a different restore point option, and then click Next.
5. If you are prompted to specify which disk to restore, select the hard disk on which the operating system is installed, and then click Next.
6 O.n the Confirm your restore point page, click Finish.
7. When the restoration process is complete, click Restart.
(Courtesy Microsoft)
============================================
If you cannot overcome either of the issues above- go on to next reply:

 

[Bobbye]

Rogue Antispyware, Antivirus, Security, Home Security , Internet Security 2012

1. Pretends to be a security update for Windows installed via Automatic Updates. It will then install itself as a single executable that has a random consisting of three characters
2. Clicking on any executable loads the malware
3. Display fake security alerts on the infected computer.
4. May not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer
5. Changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program.

To fix #5, you start here: Download a Registry file that will fix these changes.
Please download FixNCR.reg and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.

• Insert the removable device into the infected computer and open the folder the drive letter associated with it.(Usually C)
• Double click the FixNCR.reg file
• You should now be able to run the .exe files.

-------------------------------------
If you have 'missing' icons, programs, files, etc: Download Unhide.exe and save to the desktop.

• Double-click on Unhide.exe icon to run the program.
• This program will remove the +H, or hidden, attribute from all the files on your hard drives.

Note: the above does not remove the malware- only the attributes 'hiding' features.
=============================================
To end the processes that belong to the rogue program:
Please click on RKill

• At the download page, click on Download now button for iExplore.exe download link and save to the desktop
• Double click on the iExplore.exe icon
• Please be patient- it may take a bit.
• The black Window will close when through and you can continue.

Note: If you get a message that RKill is malware, ignore it> it's from the malware.
=======================================
Do not reboot your computer after running RKill as the malware programs will start again.
================================

• Download the file TDSSKiller.zip and save to the desktop.
  (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
• Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
• Double click on TDSSKiller.exe. to run the scan
• When the scan is over, the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
• Select the action Quarantine to quarantine detected objects.
  The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
• After clicking Next, the utility applies selected actions and outputs the result. Save the log.
• A reboot is required after disinfection.

============================================
If there is a reboot after TDSSKiller, be sure to boot back into Safe Mode with Networking
===========================================
Update and rescan with Malwarebytes:

• Select Perform Full Scan on the Scanner tab
• Click on the Scan button.
• When scan has finished, you will see this image:
  
  
• Click on OK to close box and continue.
• Click on the Show Results button.
• Click on the Remove Selected button to remove all the listed malware.
• At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.

==============================
This should remove the major offender. Try to reboot the Computer into Normal Mode.

 

[cbusch]

I tried all of the steps in your response #11 and could not get them to work so I went onto #12


For some reason the internet will not work on the computer again.

The icons are back on my computer.

I have run Rkill.com but am not sure if it worked reading the log.

I also got tddskiller.exe to run. Here are the logs

I also have a new pop up box coming up saying the Recycle bin on c:\ is corrupted. Do you want to empty the recycle bin for this drive? What would you like me to do?

I still cannot get the computer to start in anything but safe mode or safe mode with networking but eh networking doesn't work

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19170
Chris :: CHRIS-PC [administrator]

1/24/2012 2:46:05 PM
mbam-log-2012-01-24 (14-46-05).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 405974
Time elapsed: 1 hour(s), 3 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security 2012 (Trojan.FakeAlert) -> Data: C:\ProgramData\isecurity.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winupd (Trojan.Agent) -> Data: C:\Users\Chris\AppData\Local\Temp:winupd.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Users\Chris\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\ProgramData\isecurity.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUQS2IER\nopbigstars_net[3].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\4C6A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\5908.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\mvcbnddgf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\users\chris\appdata\local\temp:winupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\dplaysvr.exe (Trojan.QHost.BG) -> Quarantined and deleted successfully.

(end)


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/24/2012 at 16:06:48.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 01/24/2012 at 16:06:56.

 

[cbusch]

log continued

14:00:21.0063 1188 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
14:00:21.0079 1188 ============================================================
14:00:21.0079 1188 Current date / time: 2012/01/24 14:00:21.0079
14:00:21.0079 1188 SystemInfo:
14:00:21.0079 1188
14:00:21.0079 1188 OS Version: 6.0.6002 ServicePack: 2.0
14:00:21.0079 1188 Product type: Workstation
14:00:21.0079 1188 ComputerName: CHRIS-PC
14:00:21.0079 1188 UserName: Chris
14:00:21.0079 1188 Windows directory: C:\Windows
14:00:21.0079 1188 System windows directory: C:\Windows
14:00:21.0079 1188 Processor architecture: Intel x86
14:00:21.0079 1188 Number of processors: 2
14:00:21.0079 1188 Page size: 0x1000
14:00:21.0079 1188 Boot type: Safe boot with network
14:00:21.0079 1188 ============================================================
14:00:21.0437 1188 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:00:21.0437 1188 Drive \Device\Harddisk1\DR1 - Size: 0x78748E00 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:00:21.0500 1188 Initialize success
14:00:44.0260 1116 ============================================================
14:00:44.0260 1116 Scan started
14:00:44.0260 1116 Mode: Manual;
14:00:44.0260 1116 ============================================================
14:00:44.0744 1116 .tdx - ok
14:00:44.0900 1116 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:00:44.0900 1116 ACPI - ok
14:00:45.0071 1116 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:00:45.0087 1116 adp94xx - ok
14:00:45.0212 1116 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:00:45.0227 1116 adpahci - ok
14:00:45.0352 1116 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:00:45.0352 1116 adpu160m - ok
14:00:45.0493 1116 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:00:45.0493 1116 adpu320 - ok
14:00:45.0680 1116 AFD (112b72544a3e4293e7332d123eae305e) C:\Windows\system32\drivers\afd.sys
14:00:45.0680 1116 AFD ( Virus.Win32.ZAccess.k ) - infected
14:00:45.0680 1116 AFD - detected Virus.Win32.ZAccess.k (0)
14:00:45.0805 1116 AFS - ok
14:00:45.0945 1116 AFW (5c4125d2af6ddbb6422ce5f6e9be7098) C:\Windows\system32\DRIVERS\afw.sys
14:00:45.0945 1116 AFW - ok
14:00:46.0085 1116 afwcore (c223c5327ff06330b0251f1830fee1af) C:\Windows\system32\DRIVERS\afwcore.sys
14:00:46.0085 1116 afwcore - ok
14:00:46.0179 1116 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:00:46.0179 1116 agp440 - ok
14:00:46.0241 1116 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:00:46.0241 1116 aic78xx - ok
14:00:46.0273 1116 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:00:46.0273 1116 aliide - ok
14:00:46.0304 1116 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:00:46.0319 1116 amdagp - ok
14:00:46.0429 1116 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:00:46.0429 1116 amdide - ok
14:00:46.0569 1116 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:00:46.0569 1116 AmdK7 - ok
14:00:46.0694 1116 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
14:00:46.0694 1116 AmdK8 - ok
14:00:46.0865 1116 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:00:46.0865 1116 arc - ok
14:00:47.0006 1116 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:00:47.0006 1116 arcsas - ok
14:00:47.0162 1116 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:00:47.0162 1116 AsyncMac - ok
14:00:47.0318 1116 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:00:47.0318 1116 atapi - ok
14:00:47.0474 1116 athr (0437199c88f6e88a387cfec8a8886a6e) C:\Windows\system32\DRIVERS\athr.sys
14:00:47.0489 1116 athr - ok
14:00:47.0677 1116 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:00:47.0677 1116 BCM43XV - ok
14:00:47.0770 1116 BdSpy (71a1694e482231ebfd51c52ce8c9ddf7) C:\Windows\system32\DRIVERS\BdSpy.sys
14:00:47.0770 1116 BdSpy - ok
14:00:47.0801 1116 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:00:47.0801 1116 Beep - ok
14:00:47.0848 1116 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:00:47.0864 1116 blbdrive - ok
14:00:47.0942 1116 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:00:47.0942 1116 bowser - ok
14:00:48.0004 1116 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:00:48.0004 1116 BrFiltLo - ok
14:00:48.0051 1116 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:00:48.0051 1116 BrFiltUp - ok
14:00:48.0082 1116 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:00:48.0082 1116 Brserid - ok
14:00:48.0207 1116 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:00:48.0207 1116 BrSerWdm - ok
14:00:48.0332 1116 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:00:48.0332 1116 BrUsbMdm - ok
14:00:48.0457 1116 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:00:48.0457 1116 BrUsbSer - ok
14:00:48.0644 1116 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:00:48.0644 1116 BTHMODEM - ok
14:00:48.0800 1116 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:00:48.0800 1116 cdfs - ok
14:00:48.0878 1116 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:00:48.0878 1116 cdrom - ok
14:00:48.0925 1116 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:00:48.0925 1116 circlass - ok
14:00:48.0971 1116 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:00:48.0971 1116 CLFS - ok
14:00:49.0143 1116 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:00:49.0143 1116 CmBatt - ok
14:00:49.0268 1116 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:00:49.0268 1116 cmdide - ok
14:00:49.0424 1116 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:00:49.0424 1116 Compbatt - ok
14:00:49.0533 1116 CO_Mon - ok
14:00:49.0658 1116 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:00:49.0658 1116 crcdisk - ok
14:00:49.0767 1116 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:00:49.0767 1116 Crusoe - ok
14:00:49.0954 1116 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:00:49.0954 1116 DfsC - ok
14:00:50.0141 1116 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:00:50.0141 1116 disk - ok
14:00:50.0313 1116 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
14:00:50.0313 1116 Dot4 - ok
14:00:50.0453 1116 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:00:50.0453 1116 Dot4Print - ok
14:00:50.0594 1116 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
14:00:50.0594 1116 dot4usb - ok
14:00:50.0765 1116 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:00:50.0765 1116 drmkaud - ok
14:00:50.0875 1116 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:00:50.0890 1116 DXGKrnl - ok
14:00:50.0984 1116 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:00:50.0984 1116 E1G60 - ok
14:00:51.0077 1116 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:00:51.0077 1116 Ecache - ok
14:00:51.0187 1116 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:00:51.0187 1116 elxstor - ok
14:00:51.0265 1116 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:00:51.0265 1116 ErrDev - ok
14:00:51.0405 1116 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:00:51.0421 1116 exfat - ok
14:00:51.0577 1116 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:00:51.0577 1116 fastfat - ok
14:00:51.0717 1116 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:00:51.0717 1116 fdc - ok
14:00:51.0873 1116 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:00:51.0873 1116 FileInfo - ok
14:00:51.0935 1116 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:00:51.0935 1116 Filetrace - ok
14:00:51.0967 1116 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:00:51.0967 1116 flpydisk - ok
14:00:52.0013 1116 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:00:52.0029 1116 FltMgr - ok
14:00:52.0169 1116 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:00:52.0169 1116 Fs_Rec - ok
14:00:52.0294 1116 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:00:52.0294 1116 gagp30kx - ok
14:00:52.0466 1116 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:00:52.0466 1116 GEARAspiWDM - ok
14:00:52.0528 1116 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
14:00:52.0528 1116 HBtnKey - ok
14:00:52.0559 1116 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
14:00:52.0559 1116 HdAudAddService - ok
14:00:52.0591 1116 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:00:52.0591 1116 HDAudBus - ok
14:00:52.0622 1116 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:00:52.0622 1116 HidBth - ok
14:00:52.0747 1116 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:00:52.0747 1116 HidIr - ok
14:00:52.0887 1116 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:00:52.0887 1116 HidUsb - ok
14:00:52.0996 1116 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:00:52.0996 1116 HpCISSs - ok
14:00:53.0059 1116 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:00:53.0059 1116 HpqKbFiltr - ok
14:00:53.0090 1116 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\Windows\system32\DRIVERS\HPZid412.sys
14:00:53.0090 1116 HPZid412 - ok
14:00:53.0230 1116 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\Windows\system32\DRIVERS\HPZipr12.sys
14:00:53.0230 1116 HPZipr12 - ok
14:00:53.0386 1116 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\Windows\system32\DRIVERS\HPZius12.sys
14:00:53.0386 1116 HPZius12 - ok
14:00:53.0542 1116 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:00:53.0558 1116 HSFHWAZL - ok
14:00:53.0714 1116 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:00:53.0729 1116 HSF_DPV - ok
14:00:53.0854 1116 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:00:53.0854 1116 HSXHWAZL - ok
14:00:53.0948 1116 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:00:53.0948 1116 HTTP - ok
14:00:54.0010 1116 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:00:54.0010 1116 i2omp - ok
14:00:54.0088 1116 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:00:54.0088 1116 i8042prt - ok
14:00:54.0135 1116 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:00:54.0151 1116 iaStorV - ok
14:00:54.0182 1116 IDSvix86 - ok
14:00:54.0291 1116 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:00:54.0291 1116 iirsp - ok
14:00:54.0431 1116 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:00:54.0431 1116 intelide - ok
14:00:54.0587 1116 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:00:54.0587 1116 intelppm - ok
14:00:54.0743 1116 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:00:54.0743 1116 IpFilterDriver - ok
14:00:54.0853 1116 IpInIp - ok
14:00:54.0931 1116 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:00:54.0931 1116 IPMIDRV - ok
14:00:54.0977 1116 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:00:54.0977 1116 IPNAT - ok
14:00:55.0009 1116 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:00:55.0009 1116 IRENUM - ok
14:00:55.0040 1116 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:00:55.0040 1116 isapnp - ok
14:00:55.0196 1116 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:00:55.0211 1116 iScsiPrt - ok
14:00:55.0336 1116 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:00:55.0336 1116 iteatapi - ok
14:00:55.0477 1116 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:00:55.0477 1116 iteraid - ok
14:00:55.0601 1116 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:00:55.0601 1116 kbdclass - ok
14:00:55.0757 1116 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:00:55.0757 1116 kbdhid - ok
14:00:55.0898 1116 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
14:00:55.0898 1116 KSecDD - ok
14:00:56.0007 1116 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
14:00:56.0007 1116 Lbd - ok
14:00:56.0038 1116 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:00:56.0038 1116 lltdio - ok
14:00:56.0085 1116 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:00:56.0085 1116 LSI_FC - ok
14:00:56.0101 1116 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:00:56.0101 1116 LSI_SAS - ok
14:00:56.0194 1116 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:00:56.0194 1116 LSI_SCSI - ok
14:00:56.0225 1116 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:00:56.0225 1116 luafv - ok
14:00:56.0257 1116 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:00:56.0272 1116 mdmxsdk - ok
14:00:56.0397 1116 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:00:56.0397 1116 megasas - ok
14:00:56.0537 1116 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:00:56.0537 1116 MegaSR - ok
14:00:56.0662 1116 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:00:56.0662 1116 Modem - ok
14:00:56.0787 1116 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:00:56.0787 1116 monitor - ok
14:00:56.0959 1116 motccgp (c741717b0a18813dd7d12085937cee72) C:\Windows\system32\DRIVERS\motccgp.sys
14:00:56.0959 1116 motccgp - ok
14:00:57.0052 1116 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
14:00:57.0052 1116 motccgpfl - ok
14:00:57.0099 1116 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\Windows\system32\DRIVERS\motmodem.sys
14:00:57.0099 1116 motmodem - ok
14:00:57.0130 1116 motport (54fee02961c70fd9d4d7e2f87afa23fa) C:\Windows\system32\DRIVERS\motport.sys
14:00:57.0130 1116 motport - ok
14:00:57.0161 1116 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:00:57.0161 1116 mouclass - ok
14:00:57.0286 1116 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:00:57.0286 1116 mouhid - ok
14:00:57.0411 1116 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:00:57.0411 1116 MountMgr - ok
14:00:57.0551 1116 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:00:57.0551 1116 mpio - ok
14:00:57.0692 1116 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:00:57.0692 1116 mpsdrv - ok
14:00:57.0817 1116 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:00:57.0817 1116 Mraid35x - ok
14:00:57.0957 1116 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:00:57.0957 1116 MRxDAV - ok
14:00:58.0129 1116 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:00:58.0129 1116 mrxsmb - ok
14:00:58.0285 1116 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:00:58.0300 1116 mrxsmb10 - ok
14:00:58.0425 1116 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:00:58.0441 1116 mrxsmb20 - ok
14:00:58.0565 1116 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:00:58.0565 1116 msahci - ok
14:00:58.0690 1116 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:00:58.0690 1116 msdsm - ok
14:00:58.0831 1116 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:00:58.0831 1116 Msfs - ok
14:00:58.0955 1116 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:00:58.0955 1116 msisadrv - ok
14:00:59.0033 1116 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:00:59.0049 1116 MSKSSRV - ok
14:00:59.0080 1116 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:00:59.0080 1116 MSPCLOCK - ok
14:00:59.0111 1116 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:00:59.0111 1116 MSPQM - ok
14:00:59.0158 1116 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:00:59.0158 1116 MsRPC - ok
14:00:59.0283 1116 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:00:59.0283 1116 mssmbios - ok
14:00:59.0408 1116 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:00:59.0408 1116 MSTEE - ok
14:00:59.0564 1116 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:00:59.0564 1116 Mup - ok
14:00:59.0689 1116 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:00:59.0689 1116 NativeWifiP - ok
14:00:59.0720 1116 NAVENG - ok
14:00:59.0720 1116 NAVEX15 - ok
14:00:59.0876 1116 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:00:59.0876 1116 NDIS - ok
14:00:59.0938 1116 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:00:59.0938 1116 NdisTapi - ok
14:00:59.0969 1116 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:00:59.0969 1116 Ndisuio - ok
14:01:00.0032 1116 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:01:00.0032 1116 NdisWan - ok
14:01:00.0063 1116 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:01:00.0063 1116 NDProxy - ok
14:01:00.0203 1116 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:01:00.0203 1116 NetBIOS - ok
14:01:00.0344 1116 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:01:00.0344 1116 netbt - ok
14:01:00.0484 1116 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:01:00.0484 1116 nfrd960 - ok
14:01:00.0656 1116 NovaShieldFilterDriver (f49032bb622c3677dd1a84815c958f07) C:\Windows\system32\DRIVERS\NSKernel.sys
14:01:00.0656 1116 NovaShieldFilterDriver - ok
14:01:00.0781 1116 NovaShieldTDIDriver (6c67f5abfccd2f6e6930f5ffa3579d8c) C:\Windows\system32\DRIVERS\NSNetmon.sys
14:01:00.0781 1116 NovaShieldTDIDriver - ok
14:01:00.0952 1116 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:01:00.0952 1116 Npfs - ok
14:01:01.0030 1116 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:01:01.0030 1116 nsiproxy - ok
14:01:01.0108 1116 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:01:01.0124 1116 Ntfs - ok
14:01:01.0202 1116 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:01:01.0217 1116 ntrigdigi - ok
14:01:01.0233 1116 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:01:01.0233 1116 Null - ok
14:01:01.0311 1116 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:01:01.0327 1116 NVENETFD - ok
14:01:01.0576 1116 nvlddmkm (3c65f41ebb779a0f16ff965bfd0df179) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:01:01.0763 1116 nvlddmkm - ok
14:01:01.0841 1116 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:01:01.0841 1116 nvraid - ok
14:01:01.0873 1116 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
14:01:01.0873 1116 nvsmu - ok
14:01:01.0904 1116 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:01:01.0904 1116 nvstor - ok
14:01:01.0935 1116 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:01:01.0935 1116 nv_agp - ok
14:01:01.0951 1116 NwlnkFlt - ok
14:01:01.0966 1116 NwlnkFwd - ok
14:01:02.0107 1116 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:01:02.0107 1116 ohci1394 - ok
14:01:02.0247 1116 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:01:02.0247 1116 Parport - ok
14:01:02.0372 1116 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:01:02.0372 1116 partmgr - ok
14:01:02.0512 1116 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:01:02.0512 1116 Parvdm - ok
14:01:02.0668 1116 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:01:02.0668 1116 pci - ok
14:01:02.0824 1116 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:01:02.0824 1116 pciide - ok
14:01:02.0965 1116 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:01:02.0965 1116 pcmcia - ok
14:01:03.0136 1116 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:01:03.0136 1116 PEAUTH - ok
14:01:03.0323 1116 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:01:03.0323 1116 PptpMiniport - ok
14:01:03.0464 1116 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:01:03.0464 1116 Processor - ok
14:01:03.0620 1116 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:01:03.0620 1116 PSched - ok
14:01:03.0807 1116 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:01:03.0823 1116 ql2300 - ok
14:01:03.0963 1116 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:01:03.0963 1116 ql40xx - ok
14:01:04.0057 1116 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:01:04.0057 1116 QWAVEdrv - ok
14:01:04.0072 1116 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:01:04.0072 1116 RasAcd - ok
14:01:04.0103 1116 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:01:04.0103 1116 Rasl2tp - ok
14:01:04.0166 1116 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:01:04.0166 1116 RasPppoe - ok
14:01:04.0322 1116 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:01:04.0322 1116 RasSstp - ok
14:01:04.0478 1116 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:01:04.0478 1116 rdbss - ok
14:01:04.0618 1116 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:01:04.0618 1116 RDPCDD - ok
14:01:04.0759 1116 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:01:04.0759 1116 rdpdr - ok
14:01:04.0899 1116 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:01:04.0899 1116 RDPENCDD - ok
14:01:05.0039 1116 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:01:05.0055 1116 RDPWD - ok
14:01:05.0211 1116 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
14:01:05.0211 1116 rimmptsk - ok
14:01:05.0336 1116 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
14:01:05.0336 1116 rimsptsk - ok
14:01:05.0445 1116 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
14:01:05.0445 1116 rismxdp - ok
14:01:05.0570 1116 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:01:05.0585 1116 rspndr - ok
14:01:05.0710 1116 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:01:05.0710 1116 sbp2port - ok
14:01:05.0897 1116 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
14:01:05.0897 1116 sdbus - ok
14:01:06.0007 1116 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:01:06.0007 1116 secdrv - ok
14:01:06.0163 1116 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:01:06.0163 1116 Serenum - ok
14:01:06.0241 1116 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:01:06.0241 1116 Serial - ok
14:01:06.0272 1116 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:01:06.0272 1116 sermouse - ok
14:01:06.0303 1116 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
14:01:06.0303 1116 sffdisk - ok
14:01:06.0319 1116 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:01:06.0334 1116 sffp_mmc - ok
14:01:06.0397 1116 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:01:06.0397 1116 sffp_sd - ok
14:01:06.0521 1116 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:01:06.0521 1116 sfloppy - ok
14:01:06.0662 1116 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:01:06.0677 1116 sisagp - ok
14:01:06.0802 1116 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:01:06.0802 1116 SiSRaid2 - ok
14:01:06.0943 1116 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:01:06.0958 1116 SiSRaid4 - ok
14:01:07.0114 1116 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:01:07.0114 1116 Smb - ok
14:01:07.0177 1116 SPBBCDrv - ok
14:01:07.0301 1116 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:01:07.0301 1116 spldr - ok
14:01:07.0395 1116 SRTSP - ok
14:01:07.0411 1116 SRTSPL - ok
14:01:07.0426 1116 SRTSPX - ok
14:01:07.0489 1116 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:01:07.0504 1116 srv - ok
14:01:07.0660 1116 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:01:07.0660 1116 srv2 - ok
14:01:07.0801 1116 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:01:07.0816 1116 srvnet - ok
14:01:07.0957 1116 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:01:07.0957 1116 swenum - ok
14:01:08.0097 1116 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:01:08.0097 1116 Symc8xx - ok
14:01:08.0144 1116 SymEvent - ok
14:01:08.0159 1116 SymIM - ok
14:01:08.0175 1116 SymIMMP - ok
14:01:08.0206 1116 SYMREDRV - ok
14:01:08.0222 1116 SYMTDI - ok
14:01:08.0253 1116 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:01:08.0253 1116 Sym_hi - ok
14:01:08.0284 1116 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:01:08.0284 1116 Sym_u3 - ok
14:01:08.0425 1116 SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys
14:01:08.0425 1116 SynTP - ok
14:01:08.0612 1116 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:01:08.0627 1116 Tcpip - ok
14:01:08.0815 1116 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:01:08.0830 1116 Tcpip6 - ok
14:01:08.0971 1116 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:01:08.0971 1116 tcpipreg - ok
14:01:09.0111 1116 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:01:09.0111 1116 TDPIPE - ok
14:01:09.0189 1116 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:01:09.0189 1116 TDTCP - ok
14:01:09.0236 1116 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:01:09.0236 1116 tdx - ok
14:01:09.0298 1116 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:01:09.0298 1116 TermDD - ok
14:01:09.0485 1116 Trufos (b1f9b01f90f08ed91af5a7d3ed66148c) C:\Windows\system32\DRIVERS\Trufos.sys
14:01:09.0501 1116 Trufos - ok
14:01:09.0641 1116 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:01:09.0641 1116 tssecsrv - ok
14:01:09.0782 1116 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:01:09.0782 1116 tunmp - ok
14:01:09.0922 1116 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:01:09.0922 1116 tunnel - ok
14:01:10.0000 1116 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:01:10.0000 1116 uagp35 - ok
14:01:10.0047 1116 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:01:10.0047 1116 udfs - ok
14:01:10.0094 1116 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:01:10.0094 1116 uliagpkx - ok
14:01:10.0141 1116 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:01:10.0141 1116 uliahci - ok
14:01:10.0297 1116 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:01:10.0297 1116 UlSata - ok
14:01:10.0437 1116 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:01:10.0453 1116 ulsata2 - ok
14:01:10.0562 1116 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:01:10.0577 1116 umbus - ok
14:01:10.0718 1116 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:01:10.0718 1116 USBAAPL - ok
14:01:10.0874 1116 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:01:10.0874 1116 usbccgp - ok
14:01:11.0030 1116 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:01:11.0030 1116 usbcir - ok
14:01:11.0108 1116 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:01:11.0108 1116 usbehci - ok
14:01:11.0170 1116 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:01:11.0170 1116 usbhub - ok
14:01:11.0201 1116 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:01:11.0201 1116 usbohci - ok
14:01:11.0233 1116 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:01:11.0233 1116 usbprint - ok
14:01:11.0373 1116 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:01:11.0373 1116 usbscan - ok
14:01:11.0545 1116 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:01:11.0545 1116 USBSTOR - ok
14:01:11.0685 1116 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:01:11.0685 1116 usbuhci - ok
14:01:11.0825 1116 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:01:11.0841 1116 usbvideo - ok
14:01:11.0997 1116 USB_RNDIS (67f9476e17aedc647176cdacd3b5857a) C:\Windows\system32\DRIVERS\usb8023k.sys
14:01:11.0997 1116 USB_RNDIS - ok
14:01:12.0137 1116 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:01:12.0137 1116 vga - ok
14:01:12.0215 1116 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:01:12.0215 1116 VgaSave - ok
14:01:12.0247 1116 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:01:12.0247 1116 viaagp - ok
14:01:12.0278 1116 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:01:12.0278 1116 ViaC7 - ok
14:01:12.0309 1116 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:01:12.0309 1116 viaide - ok
14:01:12.0434 1116 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:01:12.0434 1116 volmgr - ok
14:01:12.0605 1116 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:01:12.0605 1116 volmgrx - ok
14:01:12.0777 1116 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:01:12.0777 1116 volsnap - ok
14:01:12.0902 1116 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:01:12.0902 1116 vsmraid - ok
14:01:13.0042 1116 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:01:13.0058 1116 WacomPen - ok
14:01:13.0167 1116 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:01:13.0167 1116 Wanarp - ok
14:01:13.0183 1116 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:01:13.0183 1116 Wanarpv6 - ok
14:01:13.0307 1116 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:01:13.0307 1116 Wd - ok
14:01:13.0448 1116 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:01:13.0448 1116 Wdf01000 - ok
14:01:13.0541 1116 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:01:13.0557 1116 winachsf - ok
14:01:13.0682 1116 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:01:13.0682 1116 WmiAcpi - ok
14:01:13.0838 1116 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:01:13.0838 1116 WpdUsb - ok
14:01:13.0978 1116 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:01:13.0978 1116 ws2ifsl - ok
14:01:14.0056 1116 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:01:14.0056 1116 WUDFRd - ok
14:01:14.0103 1116 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
14:01:14.0103 1116 XAudio - ok
14:01:14.0165 1116 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
14:01:14.0212 1116 \Device\Harddisk0\DR0 - ok
14:01:14.0228 1116 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
14:01:16.0989 1116 \Device\Harddisk1\DR1 - ok
14:01:17.0005 1116 Boot (0x1200) (e0a49e3dbf2293699724acec678b9d73) \Device\Harddisk0\DR0\Partition0
14:01:17.0005 1116 \Device\Harddisk0\DR0\Partition0 - ok
14:01:17.0005 1116 Boot (0x1200) (7d4780d34bc4c0f86c07e44981dd3358) \Device\Harddisk0\DR0\Partition1
14:01:17.0005 1116 \Device\Harddisk0\DR0\Partition1 - ok
14:01:17.0020 1116 Boot (0x1200) (c5c58cfe4ed9a0bcc121849ac564c355) \Device\Harddisk1\DR1\Partition0
14:01:17.0020 1116 \Device\Harddisk1\DR1\Partition0 - ok
14:01:17.0020 1116 ============================================================
14:01:17.0020 1116 Scan finished
14:01:17.0020 1116 ============================================================
14:01:17.0036 1628 Detected object count: 1
14:01:17.0036 1628 Actual detected object count: 1
14:05:06.0449 1628 C:\Windows\system32\drivers\afd.sys - copied to quarantine
14:05:06.0449 1628 AFD ( Virus.Win32.ZAccess.k ) - User select action: Quarantine
14:08:09.0079 0252 ============================================================
14:08:09.0079 0252 Scan started
14:08:09.0079 0252 Mode: Manual;
14:08:09.0079 0252 ============================================================
14:08:09.0453 0252 .tdx - ok
14:08:09.0625 0252 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:08:09.0625 0252 ACPI - ok
14:08:09.0765 0252 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:08:09.0765 0252 adp94xx - ok
14:08:09.0905 0252 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:08:09.0905 0252 adpahci - ok
14:08:10.0030 0252 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:08:10.0030 0252 adpu160m - ok
14:08:10.0171 0252 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:08:10.0171 0252 adpu320 - ok
14:08:10.0342 0252 AFD (112b72544a3e4293e7332d123eae305e) C:\Windows\system32\drivers\afd.sys
14:08:10.0342 0252 AFD ( Virus.Win32.ZAccess.k ) - infected
14:08:10.0342 0252 AFD - detected Virus.Win32.ZAccess.k (0)
14:08:10.0451 0252 AFS - ok
14:08:10.0576 0252 AFW (5c4125d2af6ddbb6422ce5f6e9be7098) C:\Windows\system32\DRIVERS\afw.sys
14:08:10.0576 0252 AFW - ok
14:08:10.0701 0252 afwcore (c223c5327ff06330b0251f1830fee1af) C:\Windows\system32\DRIVERS\afwcore.sys
14:08:10.0701 0252 afwcore - ok
14:08:10.0826 0252 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:08:10.0826 0252 agp440 - ok
14:08:10.0982 0252 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:08:10.0982 0252 aic78xx - ok
14:08:11.0107 0252 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:08:11.0107 0252 aliide - ok
14:08:11.0247 0252 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:08:11.0247 0252 amdagp - ok
14:08:11.0372 0252 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:08:11.0372 0252 amdide - ok
14:08:11.0497 0252 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:08:11.0497 0252 AmdK7 - ok
14:08:11.0637 0252 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
14:08:11.0637 0252 AmdK8 - ok
14:08:11.0762 0252 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:08:11.0762 0252 arc - ok
14:08:11.0902 0252 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:08:11.0902 0252 arcsas - ok
14:08:12.0043 0252 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:08:12.0043 0252 AsyncMac - ok
14:08:12.0136 0252 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:08:12.0136 0252 atapi - ok
14:08:12.0199 0252 athr (0437199c88f6e88a387cfec8a8886a6e) C:\Windows\system32\DRIVERS\athr.sys
14:08:12.0199 0252 athr - ok
14:08:12.0355 0252 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:08:12.0370 0252 BCM43XV - ok
14:08:12.0511 0252 BdSpy (71a1694e482231ebfd51c52ce8c9ddf7) C:\Windows\system32\DRIVERS\BdSpy.sys
14:08:12.0511 0252 BdSpy - ok
14:08:12.0620 0252 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:08:12.0620 0252 Beep - ok
14:08:12.0760 0252 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:08:12.0760 0252 blbdrive - ok
14:08:12.0916 0252 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:08:12.0916 0252 bowser - ok
14:08:13.0025 0252 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:08:13.0025 0252 BrFiltLo - ok
14:08:13.0150 0252 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:08:13.0150 0252 BrFiltUp - ok
14:08:13.0228 0252 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:08:13.0228 0252 Brserid - ok
14:08:13.0244 0252 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:08:13.0244 0252 BrSerWdm - ok
14:08:13.0259 0252 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:08:13.0259 0252 BrUsbMdm - ok
14:08:13.0275 0252 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:08:13.0275 0252 BrUsbSer - ok
14:08:13.0337 0252 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:08:13.0337 0252 BTHMODEM - ok
14:08:13.0384 0252 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:08:13.0384 0252 cdfs - ok
14:08:13.0493 0252 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:08:13.0509 0252 cdrom - ok
14:08:13.0634 0252 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:08:13.0634 0252 circlass - ok
14:08:13.0727 0252 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:08:13.0743 0252 CLFS - ok
14:08:13.0790 0252 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:08:13.0790 0252 CmBatt - ok
14:08:13.0821 0252 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:08:13.0821 0252 cmdide - ok
14:08:13.0946 0252 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:08:13.0946 0252 Compbatt - ok
14:08:14.0055 0252 CO_Mon - ok
14:08:14.0133 0252 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:08:14.0133 0252 crcdisk - ok
14:08:14.0149 0252 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:08:14.0164 0252 Crusoe - ok
14:08:14.0227 0252 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:08:14.0227 0252 DfsC - ok
14:08:14.0383 0252 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:08:14.0383 0252 disk - ok
14:08:14.0523 0252 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
14:08:14.0523 0252 Dot4 - ok
14:08:14.0679 0252 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:08:14.0679 0252 Dot4Print - ok
14:08:14.0819 0252 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
14:08:14.0819 0252 dot4usb - ok
14:08:14.0960 0252 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:08:14.0960 0252 drmkaud - ok
14:08:15.0116 0252 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:08:15.0116 0252 DXGKrnl - ok
14:08:15.0194 0252 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:08:15.0194 0252 E1G60 - ok
14:08:15.0256 0252 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:08:15.0256 0252 Ecache - ok
14:08:15.0303 0252 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:08:15.0303 0252 elxstor - ok
14:08:15.0334 0252 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:08:15.0334 0252 ErrDev - ok
14:08:15.0490 0252 exfat (22b408651f9123527bcee54b4f6c5cae)

 

[cbusch]

C:\Windows\system32\drivers\exfat.sys
14:08:15.0490 0252 exfat - ok
14:08:15.0646 0252 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:08:15.0646 0252 fastfat - ok
14:08:15.0771 0252 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:08:15.0771 0252 fdc - ok
14:08:15.0911 0252 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:08:15.0911 0252 FileInfo - ok
14:08:16.0036 0252 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:08:16.0036 0252 Filetrace - ok
14:08:16.0161 0252 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:08:16.0161 0252 flpydisk - ok
14:08:16.0255 0252 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:08:16.0270 0252 FltMgr - ok
14:08:16.0301 0252 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:08:16.0301 0252 Fs_Rec - ok
14:08:16.0333 0252 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:08:16.0333 0252 gagp30kx - ok
14:08:16.0379 0252 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:08:16.0379 0252 GEARAspiWDM - ok
14:08:16.0411 0252 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
14:08:16.0411 0252 HBtnKey - ok
14:08:16.0535 0252 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
14:08:16.0535 0252 HdAudAddService - ok
14:08:16.0645 0252 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:08:16.0645 0252 HDAudBus - ok
14:08:16.0769 0252 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:08:16.0769 0252 HidBth - ok
14:08:16.0910 0252 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:08:16.0910 0252 HidIr - ok
14:08:17.0035 0252 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:08:17.0035 0252 HidUsb - ok
14:08:17.0175 0252 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:08:17.0175 0252 HpCISSs - ok
14:08:17.0253 0252 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:08:17.0253 0252 HpqKbFiltr - ok
14:08:17.0284 0252 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\Windows\system32\DRIVERS\HPZid412.sys
14:08:17.0300 0252 HPZid412 - ok
14:08:17.0331 0252 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\Windows\system32\DRIVERS\HPZipr12.sys
14:08:17.0331 0252 HPZipr12 - ok
14:08:17.0362 0252 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\Windows\system32\DRIVERS\HPZius12.sys
14:08:17.0362 0252 HPZius12 - ok
14:08:17.0503 0252 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:08:17.0518 0252 HSFHWAZL - ok
14:08:17.0674 0252 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:08:17.0674 0252 HSF_DPV - ok
14:08:17.0799 0252 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:08:17.0799 0252 HSXHWAZL - ok
14:08:17.0955 0252 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:08:17.0955 0252 HTTP - ok
14:08:18.0080 0252 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:08:18.0080 0252 i2omp - ok
14:08:18.0205 0252 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:08:18.0205 0252 i8042prt - ok
14:08:18.0298 0252 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:08:18.0298 0252 iaStorV - ok
14:08:18.0345 0252 IDSvix86 - ok
14:08:18.0361 0252 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:08:18.0361 0252 iirsp - ok
14:08:18.0392 0252 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:08:18.0392 0252 intelide - ok
14:08:18.0517 0252 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:08:18.0517 0252 intelppm - ok
14:08:18.0657 0252 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:08:18.0657 0252 IpFilterDriver - ok
14:08:18.0766 0252 IpInIp - ok
14:08:18.0907 0252 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:08:18.0907 0252 IPMIDRV - ok
14:08:19.0063 0252 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:08:19.0063 0252 IPNAT - ok
14:08:19.0125 0252 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:08:19.0125 0252 IRENUM - ok
14:08:19.0172 0252 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:08:19.0172 0252 isapnp - ok
14:08:19.0250 0252 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:08:19.0250 0252 iScsiPrt - ok
14:08:19.0250 0252 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:08:19.0265 0252 iteatapi - ok
14:08:19.0297 0252 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:08:19.0297 0252 iteraid - ok
14:08:19.0421 0252 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:08:19.0421 0252 kbdclass - ok
14:08:19.0577 0252 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:08:19.0577 0252 kbdhid - ok
14:08:19.0718 0252 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
14:08:19.0718 0252 KSecDD - ok
14:08:19.0874 0252 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
14:08:19.0874 0252 Lbd - ok
14:08:20.0014 0252 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:08:20.0014 0252 lltdio - ok
14:08:20.0139 0252 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:08:20.0139 0252 LSI_FC - ok
14:08:20.0264 0252 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:08:20.0279 0252 LSI_SAS - ok
14:08:20.0342 0252 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:08:20.0342 0252 LSI_SCSI - ok
14:08:20.0373 0252 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:08:20.0373 0252 luafv - ok
14:08:20.0404 0252 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:08:20.0404 0252 mdmxsdk - ok
14:08:20.0420 0252 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:08:20.0420 0252 megasas - ok
14:08:20.0560 0252 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:08:20.0560 0252 MegaSR - ok
14:08:20.0685 0252 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:08:20.0685 0252 Modem - ok
14:08:20.0810 0252 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:08:20.0810 0252 monitor - ok
14:08:20.0950 0252 motccgp (c741717b0a18813dd7d12085937cee72) C:\Windows\system32\DRIVERS\motccgp.sys
14:08:20.0950 0252 motccgp - ok
14:08:21.0106 0252 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
14:08:21.0106 0252 motccgpfl - ok
14:08:21.0231 0252 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\Windows\system32\DRIVERS\motmodem.sys
14:08:21.0231 0252 motmodem - ok
14:08:21.0309 0252 motport (54fee02961c70fd9d4d7e2f87afa23fa) C:\Windows\system32\DRIVERS\motport.sys
14:08:21.0309 0252 motport - ok
14:08:21.0340 0252 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:08:21.0340 0252 mouclass - ok
14:08:21.0371 0252 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:08:21.0371 0252 mouhid - ok
14:08:21.0403 0252 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:08:21.0403 0252 MountMgr - ok
14:08:21.0512 0252 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:08:21.0527 0252 mpio - ok
14:08:21.0590 0252 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:08:21.0590 0252 mpsdrv - ok
14:08:21.0637 0252 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:08:21.0637 0252 Mraid35x - ok
14:08:21.0683 0252 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:08:21.0683 0252 MRxDAV - ok
14:08:21.0746 0252 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:08:21.0746 0252 mrxsmb - ok
14:08:21.0871 0252 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:08:21.0871 0252 mrxsmb10 - ok
14:08:22.0011 0252 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:08:22.0027 0252 mrxsmb20 - ok
14:08:22.0151 0252 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:08:22.0151 0252 msahci - ok
14:08:22.0276 0252 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:08:22.0276 0252 msdsm - ok
14:08:22.0417 0252 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:08:22.0417 0252 Msfs - ok
14:08:22.0541 0252 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:08:22.0541 0252 msisadrv - ok
14:08:22.0666 0252 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:08:22.0666 0252 MSKSSRV - ok
14:08:22.0807 0252 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:08:22.0807 0252 MSPCLOCK - ok
14:08:22.0931 0252 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:08:22.0931 0252 MSPQM - ok
14:08:23.0087 0252 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:08:23.0087 0252 MsRPC - ok
14:08:23.0212 0252 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:08:23.0212 0252 mssmbios - ok
14:08:23.0275 0252 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:08:23.0275 0252 MSTEE - ok
14:08:23.0337 0252 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:08:23.0337 0252 Mup - ok
14:08:23.0399 0252 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:08:23.0415 0252 NativeWifiP - ok
14:08:23.0431 0252 NAVENG - ok
14:08:23.0431 0252 NAVEX15 - ok
14:08:23.0587 0252 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:08:23.0587 0252 NDIS - ok
14:08:23.0727 0252 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:08:23.0727 0252 NdisTapi - ok
14:08:23.0789 0252 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:08:23.0789 0252 Ndisuio - ok
14:08:23.0852 0252 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:08:23.0852 0252 NdisWan - ok
14:08:23.0867 0252 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:08:23.0867 0252 NDProxy - ok
14:08:23.0899 0252 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:08:23.0899 0252 NetBIOS - ok
14:08:23.0961 0252 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:08:23.0961 0252 netbt - ok
14:08:24.0101 0252 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:08:24.0101 0252 nfrd960 - ok
14:08:24.0211 0252 NovaShieldFilterDriver (f49032bb622c3677dd1a84815c958f07) C:\Windows\system32\DRIVERS\NSKernel.sys
14:08:24.0211 0252 NovaShieldFilterDriver - ok
14:08:24.0257 0252 NovaShieldTDIDriver (6c67f5abfccd2f6e6930f5ffa3579d8c) C:\Windows\system32\DRIVERS\NSNetmon.sys
14:08:24.0257 0252 NovaShieldTDIDriver - ok
14:08:24.0320 0252 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:08:24.0320 0252 Npfs - ok
14:08:24.0351 0252 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:08:24.0351 0252 nsiproxy - ok
14:08:24.0460 0252 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:08:24.0476 0252 Ntfs - ok
14:08:24.0601 0252 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:08:24.0601 0252 ntrigdigi - ok
14:08:24.0741 0252 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:08:24.0741 0252 Null - ok
14:08:24.0881 0252 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:08:24.0881 0252 NVENETFD - ok
14:08:25.0193 0252 nvlddmkm (3c65f41ebb779a0f16ff965bfd0df179) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:08:25.0240 0252 nvlddmkm - ok
14:08:25.0318 0252 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:08:25.0318 0252 nvraid - ok
14:08:25.0365 0252 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
14:08:25.0365 0252 nvsmu - ok
14:08:25.0396 0252 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:08:25.0396 0252 nvstor - ok
14:08:25.0412 0252 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:08:25.0412 0252 nv_agp - ok
14:08:25.0427 0252 NwlnkFlt - ok
14:08:25.0443 0252 NwlnkFwd - ok
14:08:25.0459 0252 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:08:25.0459 0252 ohci1394 - ok
14:08:25.0599 0252 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:08:25.0599 0252 Parport - ok
14:08:25.0724 0252 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:08:25.0724 0252 partmgr - ok
14:08:25.0864 0252 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:08:25.0864 0252 Parvdm - ok
14:08:26.0020 0252 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:08:26.0020 0252 pci - ok
14:08:26.0176 0252 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:08:26.0176 0252 pciide - ok
14:08:26.0317 0252 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:08:26.0317 0252 pcmcia - ok
14:08:26.0410 0252 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:08:26.0426 0252 PEAUTH - ok
14:08:26.0597 0252 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:08:26.0597 0252 PptpMiniport - ok
14:08:26.0738 0252 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:08:26.0738 0252 Processor - ok
14:08:26.0894 0252 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:08:26.0894 0252 PSched - ok
14:08:27.0081 0252 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:08:27.0097 0252 ql2300 - ok
14:08:27.0237 0252 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:08:27.0237 0252 ql40xx - ok
14:08:27.0331 0252 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:08:27.0331 0252 QWAVEdrv - ok
14:08:27.0346 0252 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:08:27.0346 0252 RasAcd - ok
14:08:27.0377 0252 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:08:27.0377 0252 Rasl2tp - ok
14:08:27.0440 0252 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:08:27.0440 0252 RasPppoe - ok
14:08:27.0596 0252 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:08:27.0596 0252 RasSstp - ok
14:08:27.0752 0252 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:08:27.0752 0252 rdbss - ok
14:08:27.0877 0252 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:08:27.0892 0252 RDPCDD - ok
14:08:28.0017 0252 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:08:28.0033 0252 rdpdr - ok
14:08:28.0157 0252 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:08:28.0157 0252 RDPENCDD - ok
14:08:28.0298 0252 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:08:28.0298 0252 RDPWD - ok
14:08:28.0438 0252 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
14:08:28.0438 0252 rimmptsk - ok
14:08:28.0547 0252 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
14:08:28.0547 0252 rimsptsk - ok
14:08:28.0657 0252 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
14:08:28.0657 0252 rismxdp - ok
14:08:28.0797 0252 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:08:28.0797 0252 rspndr - ok
14:08:28.0937 0252 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:08:28.0937 0252 sbp2port - ok
14:08:29.0093 0252 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
14:08:29.0093 0252 sdbus - ok
14:08:29.0156 0252 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:08:29.0171 0252 secdrv - ok
14:08:29.0203 0252 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:08:29.0203 0252 Serenum - ok
14:08:29.0234 0252 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:08:29.0234 0252 Serial - ok
14:08:29.0249 0252 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:08:29.0249 0252 sermouse - ok
14:08:29.0281 0252 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
14:08:29.0281 0252 sffdisk - ok
14:08:29.0374 0252 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:08:29.0374 0252 sffp_mmc - ok
14:08:29.0437 0252 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:08:29.0437 0252 sffp_sd - ok
14:08:29.0483 0252 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:08:29.0483 0252 sfloppy - ok
14:08:29.0515 0252 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:08:29.0515 0252 sisagp - ok
14:08:29.0655 0252 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:08:29.0655 0252 SiSRaid2 - ok
14:08:29.0795 0252 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:08:29.0795 0252 SiSRaid4 - ok
14:08:29.0951 0252 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:08:29.0951 0252 Smb - ok
14:08:30.0014 0252 SPBBCDrv - ok
14:08:30.0123 0252 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:08:30.0139 0252 spldr - ok
14:08:30.0232 0252 SRTSP - ok
14:08:30.0248 0252 SRTSPL - ok
14:08:30.0263 0252 SRTSPX - ok
14:08:30.0326 0252 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:08:30.0326 0252 srv - ok
14:08:30.0419 0252 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:08:30.0419 0252 srv2 - ok
14:08:30.0451 0252 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:08:30.0451 0252 srvnet - ok
14:08:30.0497 0252 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:08:30.0497 0252 swenum - ok
14:08:30.0638 0252 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:08:30.0638 0252 Symc8xx - ok
14:08:30.0747 0252 SymEvent - ok
14:08:30.0856 0252 SymIM - ok
14:08:30.0965 0252 SymIMMP - ok
14:08:31.0075 0252 SYMREDRV - ok
14:08:31.0184 0252 SYMTDI - ok
14:08:31.0324 0252 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:08:31.0324 0252 Sym_hi - ok
14:08:31.0402 0252 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:08:31.0402 0252 Sym_u3 - ok
14:08:31.0449 0252 SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys
14:08:31.0449 0252 SynTP - ok
14:08:31.0543 0252 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:08:31.0543 0252 Tcpip - ok
14:08:31.0714 0252 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:08:31.0714 0252 Tcpip6 - ok
14:08:31.0870 0252 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:08:31.0870 0252 tcpipreg - ok
14:08:31.0995 0252 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:08:32.0011 0252 TDPIPE - ok
14:08:32.0135 0252 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:08:32.0135 0252 TDTCP - ok
14:08:32.0276 0252 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:08:32.0276 0252 tdx - ok
14:08:32.0416 0252 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:08:32.0416 0252 TermDD - ok
14:08:32.0603 0252 Trufos (b1f9b01f90f08ed91af5a7d3ed66148c) C:\Windows\system32\DRIVERS\Trufos.sys
14:08:32.0603 0252 Trufos - ok
14:08:32.0728 0252 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:08:32.0728 0252 tssecsrv - ok
14:08:32.0869 0252 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:08:32.0869 0252 tunmp - ok
14:08:33.0025 0252 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:08:33.0025 0252 tunnel - ok
14:08:33.0103 0252 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:08:33.0103 0252 uagp35 - ok
14:08:33.0149 0252 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:08:33.0149 0252 udfs - ok
14:08:33.0196 0252 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:08:33.0196 0252 uliagpkx - ok
14:08:33.0227 0252 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:08:33.0243 0252 uliahci - ok
14:08:33.0383 0252 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:08:33.0383 0252 UlSata - ok
14:08:33.0477 0252 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:08:33.0493 0252 ulsata2 - ok
14:08:33.0524 0252 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:08:33.0524 0252 umbus - ok
14:08:33.0571 0252 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:08:33.0571 0252 USBAAPL - ok
14:08:33.0711 0252 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:08:33.0711 0252 usbccgp - ok
14:08:33.0851 0252 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:08:33.0851 0252 usbcir - ok
14:08:33.0976 0252 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:08:33.0976 0252 usbehci - ok
14:08:34.0132 0252 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:08:34.0132 0252 usbhub - ok
14:08:34.0226 0252 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:08:34.0226 0252 usbohci - ok
14:08:34.0273 0252 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:08:34.0273 0252 usbprint - ok
14:08:34.0319 0252 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:08:34.0319 0252 usbscan - ok
14:08:34.0351 0252 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:08:34.0351 0252 USBSTOR - ok
14:08:34.0429 0252 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:08:34.0429 0252 usbuhci - ok
14:08:34.0491 0252 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:08:34.0491 0252 usbvideo - ok
14:08:34.0538 0252 USB_RNDIS (67f9476e17aedc647176cdacd3b5857a) C:\Windows\system32\DRIVERS\usb8023k.sys
14:08:34.0538 0252 USB_RNDIS - ok
14:08:34.0678 0252 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:08:34.0678 0252 vga - ok
14:08:34.0803 0252 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:08:34.0803 0252 VgaSave - ok
14:08:34.0943 0252 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:08:34.0943 0252 viaagp - ok
14:08:35.0068 0252 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:08:35.0068 0252 ViaC7 - ok
14:08:35.0209 0252 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:08:35.0209 0252 viaide - ok
14:08:35.0349 0252 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:08:35.0349 0252 volmgr - ok
14:08:35.0505 0252 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:08:35.0505 0252 volmgrx - ok
14:08:35.0614 0252 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:08:35.0614 0252 volsnap - ok
14:08:35.0661 0252 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:08:35.0661 0252 vsmraid - ok
14:08:35.0692 0252 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:08:35.0692 0252 WacomPen - ok
14:08:35.0801 0252 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:08:35.0801 0252 Wanarp - ok
14:08:35.0817 0252 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:08:35.0817 0252 Wanarpv6 - ok
14:08:35.0942 0252 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:08:35.0942 0252 Wd - ok
14:08:36.0067 0252 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:08:36.0082 0252 Wdf01000 - ok
14:08:36.0160 0252 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:08:36.0160 0252 winachsf - ok
14:08:36.0301 0252 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:08:36.0301 0252 WmiAcpi - ok
14:08:36.0457 0252 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:08:36.0457 0252 WpdUsb - ok
14:08:36.0535 0252 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:08:36.0535 0252 ws2ifsl - ok
14:08:36.0581 0252 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:08:36.0581 0252 WUDFRd - ok
14:08:36.0628 0252 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
14:08:36.0628 0252 XAudio - ok
14:08:36.0659 0252 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
14:08:36.0706 0252 \Device\Harddisk0\DR0 - ok
14:08:36.0722 0252 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
14:08:38.0859 0252 \Device\Harddisk1\DR1 - ok
14:08:38.0859 0252 Boot (0x1200) (e0a49e3dbf2293699724acec678b9d73) \Device\Harddisk0\DR0\Partition0
14:08:38.0859 0252 \Device\Harddisk0\DR0\Partition0 - ok
14:08:38.0875 0252 Boot (0x1200) (7d4780d34bc4c0f86c07e44981dd3358) \Device\Harddisk0\DR0\Partition1
14:08:38.0875 0252 \Device\Harddisk0\DR0\Partition1 - ok
14:08:38.0875 0252 Boot (0x1200) (c5c58cfe4ed9a0bcc121849ac564c355) \Device\Harddisk1\DR1\Partition0
14:08:38.0875 0252 \Device\Harddisk1\DR1\Partition0 - ok
14:08:38.0875 0252 ============================================================
14:08:38.0875 0252 Scan finished
14:08:38.0875 0252 ============================================================
14:08:38.0890 1908 Detected object count: 1
14:08:38.0890 1908 Actual detected object count: 1
14:08:54.0459 1908 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\afd.sys) error 1813
14:08:54.0771 1908 Backup copy found, using it..
14:08:54.0818 1908 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
14:08:58.0546 1908 AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure
14:09:15.0691 0964 Deinitialize success

 

[Bobbye]

Chris, I am somewhat confused

"I still cannot get the computer to start in anything but safe mode or safe mode with networking but eh networking doesn't work"

But the MBAM log you left in same reply shows:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)

You describe the endless loop in Normal Mode
Just let me know as there are some scan that require internet access, some need to run in Safe Mode with Networking.
===========================================
At any rate, there is no improvement in Mbam. I'd like you to run the following as best you can:

• Download OTL from one of the links below and save it to your desktop.
  OTL.exe
  OTL.com
  OTL.scr
  You just need one. Sometimes the file extension gets blocked.
  
  Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
• Double click the OTL icon to run it.
  
• The opened console will resemble this:
  
• Set Output at the top to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Copy the entries in the Codebox below> Paste in the Custom Scan box.
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  userinit.exe
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  Make sure all other windows are closed and to let it run uninterrupted.
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

 

[cbusch]

otl logs

Sorry this took so long, have been out of town for work.
Here are the two logs
OTL logfile created on: 1/29/2012 10:36:35 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 79.82% Memory free
2.11 Gb Paging File | 1.89 Gb Available in Paging File | 89.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.36 Gb Total Space | 67.08 Gb Free Space | 30.30% Space Free | Partition Type: NTFS
Drive D: | 11.52 Gb Total Space | 1.99 Gb Free Space | 17.31% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.85 Gb Free Space | 99.02% Space Free | Partition Type: FAT32

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate) -- File not found
SRV - (LiveUpdate Notice) -- File not found
SRV - (GameConsoleService) -- File not found
SRV - (comHost) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (ccSetMgr) -- File not found
SRV - (ccEvtMgr) -- File not found
SRV - (Automatic LiveUpdate Scheduler) -- File not found
SRV - (BsScanner) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
SRV - (BsFire) -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll (BullGuard Ltd.)
SRV - (BsUpdate) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
SRV - (BsMailProxy) -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll (BullGuard Ltd.)
SRV - (BsMain) -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SRV - (BsBhvScan) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd.)
SRV - (BsBackup) -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll (BullGuard Ltd.)
SRV - (BsFileScan) -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (NovaShieldTDIDriver) -- C:\Windows\System32\drivers\NSNetmon.sys (NovaShield, Inc.)
DRV - (NovaShieldFilterDriver) -- C:\Windows\System32\drivers\NSKernel.sys (NovaShield, Inc.)
DRV - (Trufos) -- C:\Windows\System32\drivers\Trufos.sys (BitDefender S.R.L.)
DRV - (afwcore) -- C:\Windows\System32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (AFW) -- C:\Windows\System32\drivers\afw.sys (Agnitum Ltd.)
DRV - (BdSpy) -- C:\Windows\System32\drivers\BdSpy.sys (BullGuard Ltd.)
DRV - (AFD) -- C:\Windows\system32\drivers\afd.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (AFS) -- C:\Windows\System32\drivers\AFS.SYS1 (Oak Technology Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023k.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\ [2012/01/17 21:25:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 20:00:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/28 18:42:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2011/11/24 07:56:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2011/11/24 07:55:49 | 000,000,000 | ---D | M]

[2008/07/26 23:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/11/03 22:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\iotrglgz.default\extensions
[2011/06/17 16:44:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\iotrglgz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/10 20:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/10 20:00:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/20 20:43:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 20:00:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/20 07:51:44 | 000,000,884 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 94.63.240.131 www.google.com
O1 - Hosts: 94.63.240.132 www.bing.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" File not found
O4 - HKLM..\Run: [isCfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D4AF8BE-0FBC-416C-AE65-D02186603897}: DhcpNameServer = 74.84.119.150 97.64.179.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFACDC83-31CD-4383-AFC1-4556B6F8A4DD}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F86A6400-A3BE-4203-AC39-D3469AF7E33E}: DhcpNameServer = 74.84.119.150 97.64.179.250
O20 - AppInit_DLLs: (BgGamingMonitor.dll) -C:\Windows\System32\BgGamingMonitor.dll (BullGuard Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/22 10:09:01 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{3fb54265-a212-11de-b759-001e6864f7f0}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 22:20:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/01/24 16:44:58 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2012/01/24 14:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/24 14:45:22 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/24 14:45:22 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2012/01/24 14:18:03 | 000,000,000 | --SD | C] -- C:\friday.exe
[2012/01/24 14:17:21 | 004,388,468 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\friday.exe.exe
[2012/01/24 14:08:58 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\83125545.sys
[2012/01/24 14:05:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/24 13:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/01/23 23:12:02 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/22 15:46:57 | 000,360,328 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\j5y4pU9pi86IiN.exe
[2012/01/22 15:46:31 | 000,451,464 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\PIFoHdCpFL.exe
[2012/01/21 21:32:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/21 21:32:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/21 21:32:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/21 21:32:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/21 21:05:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/20 16:38:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2012/01/20 16:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/20 16:33:57 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/20 16:33:57 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/20 16:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/20 16:33:56 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/20 16:33:56 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/20 16:33:56 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/20 16:33:56 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/20 16:33:47 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/20 16:33:47 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/20 16:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/20 16:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/20 16:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/01/20 16:02:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Comodo
[2012/01/20 16:02:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/01/20 16:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/01/20 16:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/01/20 16:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/01/20 06:39:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/20 06:31:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\52F32
[2012/01/20 06:30:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\37C52
[2012/01/19 22:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\52F32
[2012/01/19 22:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2012/01/19 12:04:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/19 11:19:12 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/29 22:18:43 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/29 22:18:43 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/29 22:15:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/29 22:15:35 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2012/01/29 22:14:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/01/24 18:10:02 | 000,007,944 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2012/01/24 16:44:58 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2012/01/24 15:53:13 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\whuhq.sys
[2012/01/24 14:45:23 | 000,000,660 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/24 14:08:58 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\83125545.sys
[2012/01/24 13:16:14 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\friday.exe.exe
[2012/01/24 12:28:46 | 000,684,297 | ---- | M] () -- C:\Users\Chris\Desktop\unhide.exe
[2012/01/24 12:25:46 | 001,008,141 | ---- | M] () -- C:\Users\Chris\Desktop\rkill.com
[2012/01/22 16:54:31 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/22 15:47:26 | 000,000,600 | ---- | M] () -- C:\Users\Public\Desktop\Internet Security 2012.lnk
[2012/01/22 15:47:18 | 000,000,272 | ---- | M] () -- C:\ProgramData\~j5y4pU9pi86IiN
[2012/01/22 15:47:18 | 000,000,168 | ---- | M] () -- C:\ProgramData\~j5y4pU9pi86IiNr
[2012/01/22 15:47:09 | 000,000,336 | ---- | M] () -- C:\ProgramData\j5y4pU9pi86IiN
[2012/01/20 19:42:12 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\xrodgxfx.sys
[2012/01/20 16:33:57 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/20 16:33:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/20 14:52:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/20 14:52:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/01/20 11:12:54 | 238,016,588 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/20 11:08:02 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/20 11:08:02 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/20 11:00:06 | 000,097,923 | ---- | M] () -- C:\Users\Chris\Desktop\My Computer#2012012010570200000000a.bglog
[2012/01/20 07:51:47 | 000,119,280 | -HS- | M] () -- C:\Users\Chris\AppData\Local\dplayx.dll
[2012/01/20 06:33:38 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/01/19 12:08:40 | 000,000,440 | ---- | M] () -- C:\ProgramData\4AFmHttlyLUqzq
[2012/01/19 12:04:13 | 000,000,629 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/19 12:04:13 | 000,000,605 | ---- | M] () -- C:\Users\Chris\Desktop\System Check.lnk
[2012/01/19 11:58:19 | 000,097,445 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\nvModes.001
[2012/01/17 21:11:15 | 000,001,819 | ---- | M] () -- C:\Users\Chris\Desktop\Windows Media Player.lnk
[2012/01/17 21:11:15 | 000,001,011 | ---- | M] () -- C:\Users\Chris\Desktop\Windows Calendar.lnk
[2012/01/17 21:11:14 | 000,001,827 | ---- | M] () -- C:\Users\Chris\Desktop\Punch! Weekend Project.lnk
[2012/01/17 21:11:09 | 000,002,805 | ---- | M] () -- C:\Users\Chris\Desktop\Microsoft Office Word 2007.lnk
[2012/01/17 21:11:08 | 000,001,810 | ---- | M] () -- C:\Users\Chris\Desktop\Family Tree Heritage.lnk
[2012/01/17 19:58:26 | 000,100,216 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll
[2012/01/13 22:12:32 | 000,179,712 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/10 21:34:59 | 000,097,445 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\nvModes.dat
[2012/01/04 21:35:53 | 022,744,461 | ---- | M] () -- C:\Users\Chris\Documents\Ruger_Firearms.pdf
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 15:53:13 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\whuhq.sys
[2012/01/24 14:45:23 | 000,000,660 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/24 13:51:37 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/24 13:51:37 | 000,001,031 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/01/24 13:51:37 | 000,000,943 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/24 13:51:37 | 000,000,870 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/24 13:51:37 | 000,000,258 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/24 13:51:37 | 000,000,240 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/24 13:36:59 | 001,008,141 | ---- | C] () -- C:\Users\Chris\Desktop\rkill.com
[2012/01/24 13:36:09 | 000,684,297 | ---- | C] () -- C:\Users\Chris\Desktop\unhide.exe
[2012/01/22 15:47:26 | 000,000,600 | ---- | C] () -- C:\Users\Public\Desktop\Internet Security 2012.lnk
[2012/01/22 15:47:18 | 000,000,168 | ---- | C] () -- C:\ProgramData\~j5y4pU9pi86IiNr
[2012/01/22 15:47:17 | 000,000,272 | ---- | C] () -- C:\ProgramData\~j5y4pU9pi86IiN
[2012/01/22 15:47:14 | 000,000,629 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/22 15:47:09 | 000,000,336 | ---- | C] () -- C:\ProgramData\j5y4pU9pi86IiN
[2012/01/22 15:46:55 | 000,119,280 | -HS- | C] () -- C:\Users\Chris\AppData\Local\dplayx.dll
[2012/01/21 21:32:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/21 21:32:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/21 21:32:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/21 21:32:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/21 21:32:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/20 19:42:12 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\xrodgxfx.sys
[2012/01/20 14:52:32 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/01/20 14:52:32 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/01/20 11:51:50 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2012/01/20 11:04:45 | 000,097,923 | ---- | C] () -- C:\Users\Chris\Desktop\My Computer#2012012010570200000000a.bglog
[2012/01/20 06:38:51 | 238,016,588 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/19 22:09:19 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/19 12:04:13 | 000,000,605 | ---- | C] () -- C:\Users\Chris\Desktop\System Check.lnk
[2012/01/19 12:04:07 | 000,000,440 | ---- | C] () -- C:\ProgramData\4AFmHttlyLUqzq
[2012/01/04 21:33:28 | 022,744,461 | ---- | C] () -- C:\Users\Chris\Documents\Ruger_Firearms.pdf
[2011/12/18 18:41:36 | 000,000,834 | -HS- | C] () -- C:\Users\Chris\AppData\Local\1ifb5u03yh5qtx33686fcb6kh610rh3e1bd66
[2011/12/18 18:41:36 | 000,000,834 | -HS- | C] () -- C:\ProgramData\1ifb5u03yh5qtx33686fcb6kh610rh3e1bd66
[2011/06/15 12:02:37 | 000,273,408 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2010/03/28 01:50:26 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/07/04 14:05:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/04 14:05:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/07 21:29:13 | 000,000,167 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/05/07 21:29:13 | 000,000,139 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/11/08 16:38:58 | 000,000,156 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
[2008/10/13 16:38:22 | 000,147,618 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/09/14 09:42:32 | 000,032,768 | ---- | C] () -- C:\Windows\URCACM.EXE
[2008/08/22 06:59:18 | 000,007,944 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2008/08/10 17:11:29 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008/08/06 10:27:41 | 000,179,712 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/05 16:40:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/01 09:16:20 | 000,097,445 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\nvModes.001
[2008/07/31 14:00:05 | 000,097,445 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\nvModes.dat
[2008/05/23 23:58:40 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/05/23 23:55:07 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/02/22 10:23:30 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/05/15 04:13:49 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,323,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2012/01/20 19:42:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\37C52
[2012/01/20 06:31:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\52F32
[2011/11/24 08:32:24 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BullGuard
[2010/11/20 21:27:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CometPlayer
[2009/05/07 21:43:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Individual Software
[2009/05/10 15:28:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Passage Express
[2011/03/09 11:03:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Software Inspection Library
[2008/11/21 18:10:28 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Template
[2011/01/04 11:48:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tigerplayer
[2008/08/16 12:20:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WildTangent
[2012/01/22 16:54:31 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/01/19 11:50:05 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >

 

[cbusch]

otl extra log

OTL Extras logfile created on: 1/29/2012 10:36:35 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 79.82% Memory free
2.11 Gb Paging File | 1.89 Gb Available in Paging File | 89.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.36 Gb Total Space | 67.08 Gb Free Space | 30.30% Space Free | Partition Type: NTFS
Drive D: | 11.52 Gb Total Space | 1.99 Gb Free Space | 17.31% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.85 Gb Free Space | 99.02% Space Free | Partition Type: FAT32

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013B4716-2FCC-45C0-A515-93037B829AEC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2EB5BBF3-394A-449E-8927-5030D21786BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{578E4E0D-E932-4F2C-B5BC-DFD7834FFCA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60AC3BC0-7ADB-40B1-81BC-DFC139C62547}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6920C3E8-0A3F-4C16-8433-DD197DEA8AC2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89E0F741-04DE-49DB-860F-AA8E945A7391}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C52270B7-C9A9-48B2-9125-965FE086ADD7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D13A9713-0F9E-4AC5-9CD0-003652623B5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFF6D0F1-9452-4B10-A7E7-087A8C11B584}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A46BBF-829A-4578-9FCD-B2B7C7C47BA5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{186F65DB-D65C-4FAF-B621-46365BB3CD7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1A625A98-2949-48ED-8BCC-EAB29B317A28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1EED05A8-A8E9-49CB-87CB-248D87CA6EA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{224691A4-13CC-407F-8C8B-1C98DEDEAA37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2486FB46-94C2-4A65-BC99-518E4732B2A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{276004BA-DF60-4575-8948-E47665F547E9}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{2EE9FF46-A360-4122-B2F8-991B82E9D2F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3023CE5C-D4B1-45F5-BB09-2F5B9AA90D34}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3037B1E1-B16B-4194-9B7A-86E0BD077C2D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3201D1C5-6A2A-4BA6-8DF3-5CA03AD5369E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{357A92EA-8A39-4B0C-A4CC-408F83679FDE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3B1E6B32-AEB0-4468-B334-65A62588D2A2}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3BB2CBAE-2184-4526-8032-E1DDEAFF1D61}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4E5A374D-E001-4E93-A521-8A1AFB03F07E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5BDCC6D0-CE7A-42C7-822F-966C4FDB9989}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6162E75B-7C9D-4FAF-A882-DBA26F7BB25C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7A1CF39D-BB44-4B67-9C69-A750F45C35BD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{80B5FF0D-7F16-4ABB-BF7A-7A331AC263DE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8A066F71-51EC-4E0D-BA7E-C2789C438797}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90866F15-462B-428A-B9C9-2FAC2BBEBC03}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{9AB11B39-804B-4701-A0D9-6A8056BBFAE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A77E54EF-E2B2-4A33-955B-FEDD391D4C0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C171A0C1-1F41-4210-B12C-E9D305A246E4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C64E76E7-27A2-449D-9B43-11695147AFC1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CE2F31B6-A710-4FD6-8092-A249A9A68D93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D27B48EC-774E-46B7-9DEE-971E02EB06E0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F471099C-B059-46E2-A604-6C86DCDE9083}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F6FC0F26-E1F5-47ED-BCFA-5D1F262875C2}" = protocol=6 | dir=out | app=system |
"TCP Query User{DADBBDF5-EF96-49F3-9424-91D2849E89B9}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Camera Window DVC
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{001EB665-D9EC-415E-9E13-AD2125B2B992}" = RAW Image Task 2.1
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}" = OpenOffice.org 2.2
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50BD0B15-5197-4EAF-8BCD-81117D1324B1}" = Family Tree Heritage Collaboration Support
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55970882-AFF0-4857-9DFC-248EF0D2B730}" = Passage Express
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = MovieEdit Task
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Camera Window DS
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89EB3ED7-225A-412E-B048-623D502C000F}" = Camera Window MC
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1E03284-66FD-4292-8239-504CEC5B0CC3}" = C5200_doccd
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D8DEC4AA-9FC5-4868-9F78-B90401A119FE}" = HP Memories Disc
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E6D3A461-8DDE-45C9-8C34-A33436FCC0B4}" = HP User Guides 0091
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"BullGuard" = BullGuard
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Family Tree Heritage" = Family Tree Heritage
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{50BD0B15-5197-4EAF-8BCD-81117D1324B1}" = Family Tree Heritage Collaboration Support
"InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07
"InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MpcStar" = MpcStar 4.9
"netrcacm Uninstall" = RCA Digital Cable Modem
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange 3_is1" = PDF-XChange 3
"Punch! Weekend Project" = Punch! Weekend Project
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[Bobbye]

Okay, lots to clean out- but first some mysteries:

1. Did you get message that Virtual Memory was low? Did you create and temp increase in Virtual Memory? >>>[2012/01/20 > C:\Windows\System32\temppf.sys

2. Have you changed anything in these files? Normally, The MSDOS.SYS file is a hidden, system, read-only file created ..It is run after IO.SYS.
[2012/01/20 14:52:32 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/01/20 14:52:32 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
==================================
OTL Custom Scan Fixes

• Run OTL
• Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
  
  

  :OTL
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
  FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
  O1 - Hosts: 94.63.240.131 www.google.com
  O1 - Hosts: 94.63.240.132 www.bing.com
  [2012/01/20 06:31:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\52F32
  [2012/01/20 06:30:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\37C52
  [2012/01/19 22:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\52F32
  [2012/01/19 22:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\LP
  [2012/01/22 15:47:26 | 000,000,600 | ---- | C] () -- C:\Users\Public\Desktop\Internet Security 2012.lnk
  [2012/01/22 15:47:18 | 000,000,168 | ---- | C] () -- C:\ProgramData\~j5y4pU9pi86IiNr
  [2012/01/22 15:47:17 | 000,000,272 | ---- | C] () -- C:\ProgramData\~j5y4pU9pi86IiN
  [2012/01/22 15:47:14 | 000,000,629 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
  [2012/01/22 15:47:09 | 000,000,336 | ---- | C] () -- C:\ProgramData\j5y4pU9pi86IiN
  [2012/01/22 15:46:55 | 000,119,280 | -HS- | C] () -- C:\Users\Chris\AppData\Local\dplayx.dll
  [2012/01/21 21:32:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
  [2012/01/20 19:42:12 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\xrodgxfx.sys
  [2012/01/19 12:04:13 | 000,000,605 | ---- | C] () -- C:\Users\Chris\Desktop\System Check.lnk
  [2012/01/19 12:04:07 | 000,000,440 | ---- | C] () -- C:\ProgramData\4AFmHttlyLUqzq
  [2011/12/18 18:41:36 | 000,000,834 | -HS- | C] () -- C:\Users\Chris\AppData\Local\1ifb5u03yh5qtx33686fcb6kh610rh3e1bd66
  [2011/12/18 18:41:36 | 000,000,834 | -HS- | C] () -- C:\ProgramData\1ifb5u03yh5qtx33686fcb6kh610rh3e1bd66
  
  :Reg
  [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
  html [@ = htmlfile] -- Reg Error: Key error. File not found
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
  helpfile [open] -- Reg Error: Key error.
  regfile [merge] -- Reg Error: Key error.
  txtfile [edit] -- Reg Error: Key error.
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
  "DisableMonitoring" =-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
  "VistaSp1" = Reg Error: Unknown registry data type -- File not found
  "VistaSp2" = Reg Error: Unknown registry data type -- File not found
  
  :Commands
  [purity]
  [emptyflash]
  [emptyjava]
  [resethosts]
  [CreateRestorePoint]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run uninterrupted, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

============================
You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that
  a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.

Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
===========================================
I need to check to see how the Services are running.
Please download Farbar Service Scanner

• Check Include all files option
• Press the Scan button
• Log named FSS.txt will be created in the same directory as the tool
• Please paste the log into your next reply

===================================
I did not include any of the Norton entries in the script. Please run this tool now.
Norton Removal Tool

 

[cbusch]

OTL issue

1) yes I did get the message of low virtual memory. I did not create and temp increase in Virtual Memory? >>>[2012/01/20 > C:\Windows\System32\temppf.sys

2) I did unhide files and folders when I first started looking for the virus not sure if this has anything to do with the second question but this is the only thing I have done except what you have instructed me to do;
" Have you changed anything in these files? Normally, The MSDOS.SYS file is a hidden, system, read-only file created ..It is run after IO.SYS.
[2012/01/20 14:52:32 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/01/20 14:52:32 | 000,000,000 | RHS- | C] () -- C:\IO.SYS"

3) otl scan fixes; I open otl, copy and paste the dialog and hit fix and it ran for over 6 hours with nothing. how long will this normally take. I then went into task manager and it said program not responding so I ended it, restarted the computer and tried again, the same thing happened. I then deleted OTL and reinstalled, tried to run the fix again and the had the same outcome. Is this normal?

I have not done anything else you have instructed yet. wasn't sure if I should go on without the OTL thing working first

 

[Bobbye]

I just went back to a thread where I had someone else running OTL. He said "by the way, it took over 6 hours!" It's going to take a long as how many files/folders, etc. it has to scan. The more, the longer.

If you see 'not responding' from the Task Manager, that it usually given when you close something and it hangs, it doesn't close. Then you usually get a small screen asking if you wanted to "End Task."

Is that what happened? Please try it again. Make sure OTL has been closed, as it was after you ran the scan. Then double click on the icon to run again. That's when you do the copy/paste of the script in the Custom Fixes.
-----------------------------
You have several Trojans and other malware:
Internet Security 2012 (Trojan.FakeAlert)
(Trojan.Agent/Gen-FakePrivacy)
Trojan;QHost.BG
BEAGLE.M or BEAGLE.N WORMS!
TDSSKiller found the ZeroAccess Rootkit

and the main infector is Internet Security 2012, not System Check. We have not been successful in removing any significant amount of the infections. If we cannot do that, then your only choice will be to do a reformat/reinstall
=======================================
Since the Virtual Memory has become a problem, please be sure that all other programs are closed when you're running the scans or the fixes. Before you try OTL again, please reboot the computer.

 

[Bobbye]

Reopened at request of member.

 

[cbusch]

otl not working

I tried to run OTL as instructed, made sure nothing else was running, It ran for over 24 hours with no results. I opened task manager again and it said program not responding, I did not try and close the program,OTL. I did a restart of the computer and tried again, same results. I copied and pasted the info into the box as instructed and when I hit run fix it seems to freeze up. I cannot access the internet from the computer so I have been saving the info onto a usb drive and transfering to the infected computer. Could there be something wrong with the commands that is causing this to freeze?
I was able to remove all of the old java stuff and remove the Norton stuff.
What would u like me to do next?

What antivirus and malware programs do you recommend just for future reference for myself since Bullgaurd and Ad-Aware didn't seem to catch all of the things on my computer?
Thanks for the help
Chris

 

[Bobbye]

Please download Farbar Service Scanner

• Check ALL boxes to include all files.
• Press the Scan button
• Log named FSS.txt will be created in the same directory as the tool
• Please paste the log into your next reply

-------------------------
Again, I need you to clarify what mode the system will run:
1. Safe Mode?
2. Safe Mode with Networking?
3. Normal Mode?
=====================================
Please try to follow the Bulguard disable instructions I gave you.

And let's see if the very basic will run:
First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
• Extract it to the directory on your hard drive you created C:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

 

[cbusch]

hijack and fss logs

1. I can boot in Safe Mode
2. I can boot in Safe Mode with Networking but I cannot access the internet
3. I cannot access in Normal Mode. Endless loop of restarts if I try

Here are my logs:

Farbar Service Scanner Version: 01-02-2012 03
Ran by Chris (administrator) on 19-02-2012 at 07:47:45
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-15 12:02] - [2011-04-21 07:58] - 0273408 ____A () 112B72544A3E4293E7332D123EAE305E

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-04 14:06] - [2009-04-11 00:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2009-07-04 14:04] - [2009-04-11 00:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:58:41 AM, on 2/19/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19170)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ÿþ
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [isCfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O20 - AppInit_DLLs: BgGamingMonitor.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Unknown owner - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: LiveUpdate Notice - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8891 bytes