Solved Smart HDD scareware

[severedgein]

I'm back with yet another stupid employee's doings. Thank you in advance for you guys' help.
---------------------------------------------
"Smart HDD" program popped up with "S.M.A.R.T Scan Results", removed all desktop items and start menu items.

Started in Windows 7 safe mode.

I tried to install MBAM, and got an error upon installation at the very end, access denied or something along those lines.

Ran setup as admin, and installed to \mbam directory and renamed the shortcut and install completed. Updated database and ran scan:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.06.03

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
WS301 :: WS301 [administrator]

4/6/2012 9:21:59 AM
mbam-log-2012-04-06 (09-21-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213844
Time elapsed: 8 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FXoIuAOxAoT.exe (Backdoor.Agent.RCGen) -> Data: C:\ProgramData\FXoIuAOxAoT.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tbcfx (Trojan.Agent.LTGen) -> Data: rundll32.exe "C:\Windows\TEMP\tbcfx.dll",CreateRenderToEnvMap -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\ProgramData\FXoIuAOxAoT.exe (Backdoor.Agent.RCGen) -> Quarantined and deleted successfully.
C:\ProgramData\wLUs9jOMFUvdbB.exe (Backdoor.Agent.RCGen) -> Quarantined and deleted successfully.
C:\Windows\System32\ICAM5USB.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mstdfrgs.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\pinnaclemarvinusb.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vusbbus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)


Note: after restart into normal startup, the scareware does not pop-up, and Microsoft Security Essentials is blocking "Trojan:Win32/Sirefef.AC". But networking seems to be blocked.



----------------------------------------------------------

Gmer upon initial run gave this:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-06 09:11:25
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000019 ST325031 rev.3.AH
Running: 7rlet47u.exe; Driver: C:\Users\WS301\AppData\Local\Temp\pgldqpog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- Devices - GMER 1.0.15 ----

Device \Device\00000053 -> \??\SCSI#Disk&Ven_ST325031&Prod_0AS#4&ac26b09&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----



Gmer stopped there, did nothing for minutes, so it seemed to be finished. I hit "scan", it started to run, brought up a bunch of items and it froze after a minute, then threw a memory dump, so no log was saved. Started GMER a second time and it just brought up the same log as above. I didn't hit "scan" this time. Just let me know if you need me to run it again.

-------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by WS301 at 9:44:39 on 2012-04-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1617 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {4912ED81-BD9F-485E-86CA-BD62EC957435} - hxxps://ecospda.bethesdahealthcare.com/SOARIANWEBPROD2_020551029_M0K0_p_htm_28//sframe/IETools.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4D268137-E37D-415F-BCE5-95EFF1F7D50E} : DhcpNameServer = 192.168.1.254
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ws301\appdata\roaming\mozilla\firefox\profiles\dto4vjea.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 wsnm;VMware View Client;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2011-2-18 494192]
R2 wsnm_usbctrl;VMware View USB Control;c:\program files\vmware\vmware view\client\bin\wsnm_usbctrl.exe [2011-2-18 793200]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\drivers\vmwvusb.sys [2011-12-27 39984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S2 symantecantibotdriver;ZDPSp50;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 253600]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-9-30 30192]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-9-9 20640]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-06 13:37:22 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b40fb554-fa1b-4eae-8382-bcaf2cb549f7}\offreg.dll
2012-04-06 13:20:17 -------- d-----w- c:\program files\Mbam
2012-04-05 20:43:01 780668 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-04-05 20:36:45 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-05 18:15:07 418464 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-05 06:10:04 6582328 ---ha-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b40fb554-fa1b-4eae-8382-bcaf2cb549f7}\mpengine.dll
2012-03-14 06:56:04 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 06:55:36 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 06:55:36 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 06:55:36 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 06:55:36 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 06:55:36 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:55:08 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-14 06:53:27 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 06:53:27 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-04-05 18:34:21 70304 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05 237072 ---h--w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST325031 rev.3.AH -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87AF2FD0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x81E5F912] -> \Device\Harddisk0\DR0[0x858300D0]
3 CLASSPNP[0x807398B3] -> ntkrnlpa!IofCallDriver[0x81E5F912] -> [0x87ADA720]
\Driver\00002171[0x87ADA888] -> IRP_MJ_CREATE -> 0x87AF2FD0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; }
detected disk devices:
\Device\00000054 -> \??\SCSI#Disk&Ven_ST325031&Prod_0AS#4&ac26b09&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
sectors 488397166 (+7): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 9:45:48.01 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/7/2009 1:06:03 AM
System Uptime: 4/6/2012 9:36:37 AM (0 hours ago)
.
Motherboard: ECS | | Iris8
Processor: AMD Athlon(tm) Dual Core Processor 4450e | Socket AM2 | 2300/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 148.477 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.543 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_RASMAN\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_RASMAN\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Advertising Center
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG PC Tuneup
BufferChm
C5200
C5200_doccd
Canon MP Navigator EX 1.0
Canon MX310 series
Canon MX310 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CaptureCAM-PLAYER
Carbonite Online Backup Setup
Compatibility Pack for the 2007 Office system
Copy
Crystal Reports 10 Support Files
CyberLink DVD Suite Deluxe
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
EOS USB WIA Driver
Fax
Google Desktop
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Demo
HP Imaging Device Functions 9.0
HP LaserJet P2050 Series 6.0
HP MediaSmart DVD
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Recovery Manager RSS
HP Smart Web Printing 4.60
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
hppFonts
hppQFolderP2050
iCloud
iPhone Configuration Utility
Java Auto Updater
Java(TM) 6 Update 30
Juno Preloader
LabelPrint
LightScribe System Software
LightScribe Template Labeler
Lytec 2011 Professional
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Corporation
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee Reveal
Nero BackItUp
Nero ControlCenter
Norton Internet Security
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PanoStandAlone
PictureMover
PIXMA Extended Survey Program
Power2Go
PowerDirector
Presto! PageManager 7.15.16
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
Python 2.5.2
QuickBooks Pro 2009
QuickTime
Realtek High Definition Audio Driver
Revenue Management
Scan
ScanSoft OmniPage SE 4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
SmartWebPrinting
Soft Data Fax Modem with SmartCP
Status
SupportSoft Assisted Service
Toolbox
TransferMy Music 2.0.4.0
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Visual Studio 2005 Tools for Office Second Edition Runtime
VMware View Client
VZAccess Manager for RIM
WebReg
.
==== End Of File ===========================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[severedgein]

13:36:37.0639 1632 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
13:36:39.0057 1632 ============================================================
13:36:39.0058 1632 Current date / time: 2012/04/06 13:36:39.0057
13:36:39.0058 1632 SystemInfo:
13:36:39.0058 1632
13:36:39.0058 1632 OS Version: 6.0.6002 ServicePack: 2.0
13:36:39.0058 1632 Product type: Workstation
13:36:39.0058 1632 ComputerName: WS301
13:36:39.0058 1632 UserName: WS301
13:36:39.0058 1632 Windows directory: C:\Windows
13:36:39.0058 1632 System windows directory: C:\Windows
13:36:39.0058 1632 Processor architecture: Intel x86
13:36:39.0058 1632 Number of processors: 2
13:36:39.0058 1632 Page size: 0x1000
13:36:39.0058 1632 Boot type: Safe boot with network
13:36:39.0058 1632 ============================================================
13:36:40.0054 1632 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:36:40.0056 1632 \Device\Harddisk0\DR0:
13:36:40.0056 1632 MBR used
13:36:40.0056 1632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BB42BC5
13:36:40.0056 1632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BB42C04, BlocksNum 0x168197D
13:36:40.0101 1632 Initialize success
13:36:40.0101 1632 ============================================================
13:36:55.0460 3692 ============================================================
13:36:55.0460 3692 Scan started
13:36:55.0460 3692 Mode: Manual;
13:36:55.0460 3692 ============================================================
13:36:59.0855 3692 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:36:59.0859 3692 ACPI - ok
13:36:59.0946 3692 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:36:59.0949 3692 AdobeARMservice - ok
13:37:00.0060 3692 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:37:00.0065 3692 AdobeFlashPlayerUpdateSvc - ok
13:37:00.0238 3692 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:37:00.0245 3692 adp94xx - ok
13:37:00.0290 3692 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:37:00.0295 3692 adpahci - ok
13:37:00.0319 3692 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:37:00.0352 3692 adpu160m - ok
13:37:00.0405 3692 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:37:00.0408 3692 adpu320 - ok
13:37:00.0441 3692 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:37:00.0442 3692 AeLookupSvc - ok
13:37:00.0522 3692 AFD (c84212d2e365158bd085ce9254cc29ce) C:\Windows\system32\drivers\afd.sys
13:37:00.0524 3692 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: c84212d2e365158bd085ce9254cc29ce, Fake md5: 3911b972b55fea0478476b2e777b29fa
13:37:00.0526 3692 AFD ( Virus.Win32.ZAccess.k ) - infected
13:37:00.0526 3692 AFD - detected Virus.Win32.ZAccess.k (0)
13:37:00.0571 3692 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:37:00.0583 3692 agp440 - ok
13:37:00.0735 3692 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:37:00.0738 3692 aic78xx - ok
13:37:00.0773 3692 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:37:00.0775 3692 ALG - ok
13:37:00.0811 3692 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:37:00.0812 3692 aliide - ok
13:37:00.0844 3692 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:37:00.0846 3692 amdagp - ok
13:37:00.0858 3692 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:37:00.0859 3692 amdide - ok
13:37:00.0883 3692 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:37:00.0885 3692 AmdK7 - ok
13:37:00.0906 3692 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
13:37:00.0908 3692 AmdK8 - ok
13:37:00.0950 3692 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:37:00.0951 3692 Appinfo - ok
13:37:01.0126 3692 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:37:01.0131 3692 Apple Mobile Device - ok
13:37:01.0216 3692 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:37:01.0218 3692 arc - ok
13:37:01.0257 3692 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:37:01.0260 3692 arcsas - ok
13:37:01.0426 3692 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:37:01.0465 3692 aspnet_state - ok
13:37:01.0559 3692 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:37:01.0560 3692 AsyncMac - ok
13:37:01.0593 3692 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:37:01.0594 3692 atapi - ok
13:37:01.0648 3692 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:37:01.0653 3692 AudioEndpointBuilder - ok
13:37:01.0661 3692 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:37:01.0664 3692 Audiosrv - ok
13:37:01.0806 3692 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:37:01.0807 3692 Beep - ok
13:37:01.0923 3692 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
13:37:02.0008 3692 BITS - ok
13:37:02.0088 3692 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:37:02.0090 3692 blbdrive - ok
13:37:02.0130 3692 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:37:02.0131 3692 bowser - ok
13:37:02.0174 3692 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:37:02.0176 3692 BrFiltLo - ok
13:37:02.0190 3692 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:37:02.0192 3692 BrFiltUp - ok
13:37:02.0220 3692 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:37:02.0222 3692 Browser - ok
13:37:02.0261 3692 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:37:02.0266 3692 Brserid - ok
13:37:02.0285 3692 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:37:02.0287 3692 BrSerWdm - ok
13:37:02.0302 3692 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:37:02.0304 3692 BrUsbMdm - ok
13:37:02.0318 3692 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:37:02.0322 3692 BrUsbSer - ok
13:37:02.0381 3692 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:37:02.0382 3692 BTHMODEM - ok
13:37:02.0407 3692 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:37:02.0409 3692 cdfs - ok
13:37:02.0467 3692 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:37:02.0470 3692 cdrom - ok
13:37:02.0536 3692 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:37:02.0538 3692 CertPropSvc - ok
13:37:02.0643 3692 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:37:02.0645 3692 circlass - ok
13:37:02.0713 3692 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:37:02.0718 3692 CLFS - ok
13:37:02.0793 3692 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:37:02.0797 3692 clr_optimization_v2.0.50727_32 - ok
13:37:02.0933 3692 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:37:02.0966 3692 clr_optimization_v4.0.30319_32 - ok
13:37:03.0047 3692 cmdagent - ok
13:37:03.0087 3692 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:37:03.0089 3692 cmdide - ok
13:37:03.0097 3692 compaq_rba - ok
13:37:03.0116 3692 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
13:37:03.0117 3692 Compbatt - ok
13:37:03.0125 3692 COMSysApp - ok
13:37:03.0151 3692 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:37:03.0152 3692 crcdisk - ok
13:37:03.0172 3692 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:37:03.0174 3692 Crusoe - ok
13:37:03.0274 3692 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
13:37:03.0277 3692 CryptSvc - ok
13:37:03.0338 3692 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:37:03.0366 3692 DcomLaunch - ok
13:37:03.0420 3692 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:37:03.0422 3692 DfsC - ok
13:37:03.0521 3692 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:37:03.0606 3692 DFSR - ok
13:37:03.0685 3692 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:37:03.0689 3692 Dhcp - ok
13:37:03.0746 3692 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:37:03.0748 3692 disk - ok
13:37:03.0788 3692 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:37:03.0791 3692 Dnscache - ok
13:37:03.0844 3692 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:37:03.0848 3692 dot3svc - ok
13:37:03.0891 3692 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:37:03.0895 3692 Dot4 - ok
13:37:03.0906 3692 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:37:03.0908 3692 Dot4Print - ok
13:37:03.0924 3692 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:37:03.0925 3692 dot4usb - ok
13:37:03.0966 3692 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:37:03.0969 3692 DPS - ok
13:37:04.0017 3692 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:37:04.0019 3692 drmkaud - ok
13:37:04.0063 3692 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:37:04.0103 3692 DXGKrnl - ok
13:37:04.0163 3692 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:37:04.0166 3692 E1G60 - ok
13:37:04.0187 3692 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:37:04.0190 3692 EapHost - ok
13:37:04.0264 3692 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:37:04.0267 3692 Ecache - ok
13:37:04.0304 3692 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:37:04.0309 3692 ehRecvr - ok
13:37:04.0349 3692 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:37:04.0351 3692 ehSched - ok
13:37:04.0380 3692 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:37:04.0381 3692 ehstart - ok
13:37:04.0459 3692 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:37:04.0464 3692 elxstor - ok
13:37:04.0567 3692 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:37:04.0580 3692 EMDMgmt - ok
13:37:04.0648 3692 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:37:04.0649 3692 ErrDev - ok
13:37:04.0710 3692 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:37:04.0715 3692 EventSystem - ok
13:37:04.0776 3692 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:37:04.0780 3692 exfat - ok
13:37:04.0818 3692 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:37:04.0821 3692 fastfat - ok
13:37:04.0873 3692 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:37:04.0874 3692 fdc - ok
13:37:04.0908 3692 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:37:04.0909 3692 fdPHost - ok
13:37:04.0921 3692 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:37:04.0922 3692 FDResPub - ok
13:37:04.0963 3692 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:37:04.0965 3692 FileInfo - ok
13:37:04.0985 3692 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:37:04.0987 3692 Filetrace - ok
13:37:05.0002 3692 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:37:05.0004 3692 flpydisk - ok
13:37:05.0059 3692 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:37:05.0063 3692 FltMgr - ok
13:37:05.0272 3692 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:37:05.0297 3692 FontCache - ok
13:37:05.0394 3692 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:37:05.0397 3692 FontCache3.0.0.0 - ok
13:37:05.0441 3692 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:37:05.0442 3692 Fs_Rec - ok
13:37:05.0469 3692 ftsata2 - ok
13:37:05.0502 3692 fuj02b1 - ok
13:37:05.0540 3692 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:37:05.0542 3692 gagp30kx - ok
13:37:05.0583 3692 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:37:05.0584 3692 GEARAspiWDM - ok
13:37:05.0616 3692 giveio - ok
13:37:05.0714 3692 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
13:37:05.0718 3692 GoogleDesktopManager-051210-111108 - ok
13:37:05.0827 3692 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:37:05.0836 3692 gpsvc - ok
13:37:05.0896 3692 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:37:05.0904 3692 HDAudBus - ok
13:37:05.0971 3692 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:37:05.0973 3692 HidBth - ok
13:37:06.0012 3692 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:37:06.0013 3692 HidIr - ok
13:37:06.0076 3692 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
13:37:06.0077 3692 hidserv - ok
13:37:06.0103 3692 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:37:06.0104 3692 HidUsb - ok
13:37:06.0136 3692 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:37:06.0166 3692 hkmsvc - ok
13:37:06.0299 3692 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
13:37:06.0316 3692 HP Health Check Service - ok
13:37:06.0382 3692 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:37:06.0388 3692 HpCISSs - ok
13:37:06.0414 3692 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys
13:37:06.0416 3692 HPFXBULK - ok
13:37:06.0493 3692 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:37:06.0498 3692 hpqcxs08 - ok
13:37:06.0515 3692 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:37:06.0518 3692 hpqddsvc - ok
13:37:06.0622 3692 HSF_DP (78c88781fbd2fdd3bcba09f58897fe45) C:\Windows\system32\DRIVERS\HSX_DP.sys
13:37:06.0672 3692 HSF_DP - ok
13:37:06.0691 3692 HSXHWBS2 (1e289f978d1e6f11db88d4fcb2f9d92f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
13:37:06.0696 3692 HSXHWBS2 - ok
13:37:06.0753 3692 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:37:06.0766 3692 HTTP - ok
13:37:06.0795 3692 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:37:06.0797 3692 i2omp - ok
13:37:06.0832 3692 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:37:06.0834 3692 i8042prt - ok
13:37:06.0853 3692 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:37:06.0858 3692 iaStorV - ok
13:37:07.0048 3692 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:37:07.0092 3692 idsvc - ok
13:37:07.0156 3692 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:37:07.0157 3692 iirsp - ok
13:37:07.0226 3692 IJPLMSVC (2f95bef56aeeeb45de55ec44668e2695) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
13:37:07.0230 3692 IJPLMSVC - ok
13:37:07.0332 3692 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:37:07.0339 3692 IKEEXT - ok
13:37:07.0483 3692 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
13:37:07.0576 3692 IntcAzAudAddService - ok
13:37:07.0635 3692 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:37:07.0636 3692 intelide - ok
13:37:07.0665 3692 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:37:07.0667 3692 intelppm - ok
13:37:07.0689 3692 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:37:07.0692 3692 IPBusEnum - ok
13:37:07.0714 3692 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:37:07.0716 3692 IpFilterDriver - ok
13:37:07.0724 3692 IpInIp - ok
13:37:07.0804 3692 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:37:07.0806 3692 IPMIDRV - ok
13:37:07.0857 3692 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:37:07.0860 3692 IPNAT - ok
13:37:07.0876 3692 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:37:07.0877 3692 IRENUM - ok
13:37:07.0897 3692 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:37:07.0898 3692 isapnp - ok
13:37:08.0018 3692 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:37:08.0019 3692 iScsiPrt - ok
13:37:08.0035 3692 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:37:08.0037 3692 iteatapi - ok
13:37:08.0054 3692 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:37:08.0055 3692 iteraid - ok
13:37:08.0072 3692 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:37:08.0073 3692 kbdclass - ok
13:37:08.0109 3692 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:37:08.0111 3692 kbdhid - ok
13:37:08.0158 3692 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:08.0160 3692 KeyIso - ok
13:37:08.0198 3692 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:37:08.0212 3692 KSecDD - ok
13:37:08.0273 3692 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:37:08.0282 3692 KtmRm - ok
13:37:08.0341 3692 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
13:37:08.0394 3692 LanmanServer - ok
13:37:08.0572 3692 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:37:08.0578 3692 LanmanWorkstation - ok
13:37:08.0644 3692 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:37:08.0647 3692 LightScribeService - ok
13:37:08.0714 3692 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:37:08.0716 3692 lltdio - ok
13:37:08.0764 3692 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:37:08.0768 3692 lltdsvc - ok
13:37:08.0809 3692 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:37:08.0811 3692 lmhosts - ok
13:37:08.0853 3692 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:37:08.0856 3692 LSI_FC - ok
13:37:08.0890 3692 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:37:08.0893 3692 LSI_SAS - ok
13:37:08.0923 3692 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:37:08.0925 3692 LSI_SCSI - ok
13:37:09.0009 3692 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:37:09.0012 3692 luafv - ok
13:37:09.0055 3692 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:37:09.0058 3692 Mcx2Svc - ok
13:37:09.0119 3692 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:37:09.0120 3692 mdmxsdk - ok
13:37:09.0156 3692 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:37:09.0157 3692 megasas - ok
13:37:09.0197 3692 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:37:09.0207 3692 MegaSR - ok
13:37:09.0272 3692 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:37:09.0274 3692 MMCSS - ok
13:37:09.0307 3692 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:37:09.0309 3692 Modem - ok
13:37:09.0355 3692 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:37:09.0371 3692 monitor - ok
13:37:09.0431 3692 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:37:09.0432 3692 mouclass - ok
13:37:09.0452 3692 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:37:09.0453 3692 mouhid - ok
13:37:09.0465 3692 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:37:09.0468 3692 MountMgr - ok
13:37:09.0511 3692 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
13:37:09.0514 3692 MpFilter - ok
13:37:09.0540 3692 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:37:09.0543 3692 mpio - ok
13:37:09.0557 3692 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:37:09.0579 3692 MpNWMon - ok
13:37:09.0620 3692 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:37:09.0622 3692 mpsdrv - ok
13:37:09.0651 3692 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:37:09.0653 3692 Mraid35x - ok
13:37:09.0695 3692 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:37:09.0698 3692 MRxDAV - ok
13:37:09.0747 3692 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:37:09.0750 3692 mrxsmb - ok
13:37:09.0802 3692 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:37:09.0806 3692 mrxsmb10 - ok
13:37:09.0850 3692 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:37:09.0872 3692 mrxsmb20 - ok
13:37:09.0926 3692 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:37:09.0928 3692 msahci - ok
13:37:09.0945 3692 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:37:09.0947 3692 msdsm - ok
13:37:09.0990 3692 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:37:10.0022 3692 MSDTC - ok
13:37:10.0081 3692 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:37:10.0083 3692 Msfs - ok
13:37:10.0129 3692 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys
13:37:10.0131 3692 MSHUSBVideo - ok
13:37:10.0154 3692 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:37:10.0155 3692 msisadrv - ok
13:37:10.0196 3692 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:37:10.0199 3692 MSiSCSI - ok
13:37:10.0206 3692 msiserver - ok
13:37:10.0254 3692 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:37:10.0255 3692 MSKSSRV - ok
13:37:10.0290 3692 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
13:37:10.0291 3692 MsMpSvc - ok
13:37:10.0402 3692 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:37:10.0428 3692 MSPCLOCK - ok
13:37:10.0470 3692 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:37:10.0471 3692 MSPQM - ok
13:37:10.0552 3692 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:37:10.0556 3692 MsRPC - ok
13:37:10.0611 3692 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:37:10.0612 3692 mssmbios - ok
13:37:10.0639 3692 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:37:10.0640 3692 MSTEE - ok
13:37:10.0687 3692 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:37:10.0693 3692 Mup - ok
13:37:10.0776 3692 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:37:10.0783 3692 napagent - ok
13:37:10.0882 3692 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:37:10.0897 3692 NativeWifiP - ok
13:37:10.0948 3692 NAVENG - ok
13:37:10.0956 3692 NAVEX15 - ok
13:37:11.0073 3692 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:37:11.0107 3692 NDIS - ok
13:37:11.0173 3692 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:37:11.0174 3692 NdisTapi - ok
13:37:11.0209 3692 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:37:11.0211 3692 Ndisuio - ok
13:37:11.0267 3692 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:37:11.0270 3692 NdisWan - ok
13:37:11.0280 3692 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:37:11.0282 3692 NDProxy - ok
13:37:11.0496 3692 Nero BackItUp Scheduler 4.0 (c7f5c284b6f46fcaf6910ea4e644700b) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
13:37:11.0529 3692 Nero BackItUp Scheduler 4.0 - ok
13:37:11.0600 3692 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\Windows\system32\HPZinw12.dll
13:37:11.0603 3692 Net Driver HPZ12 - ok
13:37:11.0648 3692 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:37:11.0650 3692 NetBIOS - ok
13:37:11.0801 3692 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:37:11.0804 3692 netbt - ok
13:37:11.0873 3692 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:11.0875 3692 Netlogon - ok
13:37:11.0911 3692 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:37:11.0917 3692 Netman - ok
13:37:11.0941 3692 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:37:11.0947 3692 netprofm - ok
13:37:12.0025 3692 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:37:12.0028 3692 NetTcpPortSharing - ok
13:37:12.0096 3692 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:37:12.0098 3692 nfrd960 - ok
13:37:12.0150 3692 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:37:12.0152 3692 NisDrv - ok
13:37:12.0234 3692 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
13:37:12.0238 3692 NisSrv - ok
13:37:12.0319 3692 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:37:12.0323 3692 NlaSvc - ok
13:37:12.0350 3692 nmap - ok
13:37:12.0376 3692 Norton Internet Security - ok
13:37:12.0458 3692 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:37:12.0460 3692 Npfs - ok
13:37:12.0483 3692 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:37:12.0485 3692 nsi - ok
13:37:12.0515 3692 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:37:12.0516 3692 nsiproxy - ok
13:37:12.0593 3692 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:37:12.0625 3692 Ntfs - ok
13:37:12.0647 3692 NtMtlFax - ok
13:37:12.0692 3692 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:37:12.0694 3692 ntrigdigi - ok
13:37:12.0709 3692 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:37:12.0710 3692 Null - ok
13:37:12.0811 3692 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
13:37:12.0819 3692 NVENETFD - ok
13:37:13.0094 3692 nvlddmkm (7bc6fb1f3aa696944ceb46d038fa90ed) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:37:13.0281 3692 nvlddmkm - ok
13:37:13.0360 3692 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:37:13.0395 3692 nvraid - ok
13:37:13.0474 3692 nvrd32 (085e88101d0d4b321abf9c7e2b6ee99d) C:\Windows\system32\drivers\nvrd32.sys
13:37:13.0478 3692 nvrd32 - ok
13:37:13.0508 3692 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys
13:37:13.0510 3692 nvsmu - ok
13:37:13.0564 3692 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:37:13.0566 3692 nvstor - ok
13:37:13.0611 3692 nvstor32 (1199b2052f7861c1d39c2318e70904c9) C:\Windows\system32\DRIVERS\nvstor32.sys
13:37:13.0613 3692 nvstor32 - ok
13:37:13.0660 3692 nvsvc (4d6cb78d8883d3ddab56d82a2c6d817d) C:\Windows\system32\nvvsvc.exe
13:37:13.0664 3692 nvsvc - ok
13:37:13.0734 3692 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:37:13.0754 3692 nv_agp - ok
13:37:13.0909 3692 NwlnkFlt - ok
13:37:13.0942 3692 NwlnkFwd - ok
13:37:14.0076 3692 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:37:14.0084 3692 odserv - ok
13:37:14.0144 3692 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
13:37:14.0145 3692 ohci1394 - ok
13:37:14.0189 3692 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:37:14.0193 3692 ose - ok
13:37:14.0225 3692 ovepstatusengine - ok
13:37:14.0283 3692 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:14.0293 3692 p2pimsvc - ok
13:37:14.0310 3692 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:14.0317 3692 p2psvc - ok
13:37:14.0350 3692 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:37:14.0353 3692 Parport - ok
13:37:14.0524 3692 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:37:14.0526 3692 partmgr - ok
13:37:14.0603 3692 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:37:14.0604 3692 Parvdm - ok
13:37:14.0614 3692 PCASp50 - ok
13:37:14.0647 3692 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:37:14.0650 3692 PcaSvc - ok
13:37:14.0970 3692 PCD5SRVC{BD6912E3-AC9D80E8-05040000} (9489c4cf14126a06b061163d2b261c69) C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms
13:37:15.0071 3692 PCD5SRVC{BD6912E3-AC9D80E8-05040000} - ok
13:37:15.0151 3692 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:37:15.0155 3692 pci - ok
13:37:15.0177 3692 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:37:15.0179 3692 pciide - ok
13:37:15.0334 3692 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:37:15.0338 3692 pcmcia - ok
13:37:15.0395 3692 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:37:15.0416 3692 PEAUTH - ok
13:37:15.0514 3692 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:37:15.0581 3692 pla - ok
13:37:15.0694 3692 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
13:37:15.0697 3692 PLFlash DeviceIoControl Service - ok
13:37:15.0782 3692 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:37:15.0788 3692 PlugPlay - ok
13:37:15.0841 3692 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\Windows\system32\HPZipm12.dll
13:37:15.0843 3692 Pml Driver HPZ12 - ok
13:37:15.0924 3692 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:15.0930 3692 PNRPAutoReg - ok
13:37:15.0948 3692 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:15.0954 3692 PNRPsvc - ok
13:37:16.0003 3692 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:37:16.0011 3692 PolicyAgent - ok
13:37:16.0078 3692 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:37:16.0080 3692 PptpMiniport - ok
13:37:16.0121 3692 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:37:16.0123 3692 Processor - ok
13:37:16.0187 3692 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:37:16.0192 3692 ProfSvc - ok
13:37:16.0238 3692 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:16.0240 3692 ProtectedStorage - ok
13:37:16.0298 3692 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:37:16.0300 3692 PSched - ok
13:37:16.0396 3692 QBCFMonitorService (17996ca5c59259ae02ca95bd11d7beec) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
13:37:16.0400 3692 QBCFMonitorService - ok
13:37:16.0456 3692 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
13:37:16.0459 3692 QBFCService - ok
13:37:16.0706 3692 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:37:16.0748 3692 ql2300 - ok
13:37:16.0784 3692 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:37:16.0786 3692 ql40xx - ok
13:37:16.0841 3692 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:37:16.0848 3692 QWAVE - ok
13:37:16.0905 3692 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:37:16.0906 3692 QWAVEdrv - ok
13:37:16.0953 3692 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:37:16.0977 3692 RasAcd - ok
13:37:17.0041 3692 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:37:17.0045 3692 RasAuto - ok
13:37:17.0081 3692 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:37:17.0083 3692 Rasl2tp - ok
13:37:17.0149 3692 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:37:17.0155 3692 RasMan - ok
13:37:17.0196 3692 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:37:17.0197 3692 RasPppoe - ok
13:37:17.0239 3692 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:37:17.0255 3692 RasSstp - ok
13:37:17.0331 3692 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:37:17.0336 3692 rdbss - ok
13:37:17.0374 3692 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:37:17.0376 3692 RDPCDD - ok
13:37:17.0441 3692 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:37:17.0451 3692 rdpdr - ok
13:37:17.0460 3692 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:37:17.0461 3692 RDPENCDD - ok
13:37:17.0510 3692 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
13:37:17.0513 3692 RDPWD - ok
13:37:17.0545 3692 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:37:17.0547 3692 RemoteAccess - ok
13:37:17.0599 3692 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:37:17.0603 3692 RemoteRegistry - ok
13:37:17.0682 3692 RimUsb (5ec6fa6386ab2580b5ae3cf39ac1dfaf) C:\Windows\system32\Drivers\RimUsb.sys
13:37:17.0683 3692 RimUsb - ok
13:37:17.0723 3692 RimVSerPort (12a2fd77e334b223531f1e2918480d49) C:\Windows\system32\DRIVERS\RimSerial.sys
13:37:17.0725 3692 RimVSerPort - ok
13:37:17.0757 3692 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

 

[severedgein]

13:37:17.0758 3692 ROOTMODEM - ok
13:37:17.0778 3692 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:37:17.0780 3692 RpcLocator - ok
13:37:17.0835 3692 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:37:17.0841 3692 RpcSs - ok
13:37:17.0879 3692 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:37:17.0882 3692 rspndr - ok
13:37:17.0930 3692 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:17.0931 3692 SamSs - ok
13:37:17.0949 3692 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:37:17.0951 3692 sbp2port - ok
13:37:17.0999 3692 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:37:18.0003 3692 SCardSvr - ok
13:37:18.0047 3692 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:37:18.0080 3692 Schedule - ok
13:37:18.0129 3692 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:37:18.0130 3692 SCPolicySvc - ok
13:37:18.0214 3692 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:37:18.0218 3692 SDRSVC - ok
13:37:18.0248 3692 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:37:18.0250 3692 secdrv - ok
13:37:18.0266 3692 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:37:18.0269 3692 seclogon - ok
13:37:18.0284 3692 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
13:37:18.0286 3692 SENS - ok
13:37:18.0312 3692 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:37:18.0313 3692 Serenum - ok
13:37:18.0331 3692 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:37:18.0333 3692 Serial - ok
13:37:18.0353 3692 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:37:18.0354 3692 sermouse - ok
13:37:18.0394 3692 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:37:18.0398 3692 SessionEnv - ok
13:37:18.0633 3692 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:37:18.0634 3692 sffdisk - ok
13:37:18.0650 3692 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:37:18.0652 3692 sffp_mmc - ok
13:37:18.0660 3692 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:37:18.0662 3692 sffp_sd - ok
13:37:18.0682 3692 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:37:18.0683 3692 sfloppy - ok
13:37:18.0715 3692 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:37:18.0720 3692 SharedAccess - ok
13:37:18.0759 3692 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:37:18.0765 3692 ShellHWDetection - ok
13:37:18.0803 3692 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:37:18.0805 3692 sisagp - ok
13:37:18.0820 3692 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:37:18.0822 3692 SiSRaid2 - ok
13:37:18.0841 3692 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:37:18.0844 3692 SiSRaid4 - ok
13:37:19.0017 3692 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:37:19.0121 3692 slsvc - ok
13:37:19.0189 3692 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:37:19.0192 3692 SLUINotify - ok
13:37:19.0242 3692 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:37:19.0244 3692 Smb - ok
13:37:19.0277 3692 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:37:19.0280 3692 SNMPTRAP - ok
13:37:19.0310 3692 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:37:19.0311 3692 spldr - ok
13:37:19.0341 3692 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:37:19.0346 3692 Spooler - ok
13:37:19.0368 3692 SRTSP - ok
13:37:19.0389 3692 SRTSPX - ok
13:37:19.0480 3692 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:37:19.0486 3692 srv - ok
13:37:19.0543 3692 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:37:19.0547 3692 srv2 - ok
13:37:19.0566 3692 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:37:19.0569 3692 srvnet - ok
13:37:19.0599 3692 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:37:19.0605 3692 SSDPSRV - ok
13:37:19.0633 3692 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:37:19.0639 3692 SstpSvc - ok
13:37:19.0697 3692 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:37:19.0705 3692 stisvc - ok
13:37:19.0741 3692 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:37:19.0742 3692 swenum - ok
13:37:19.0796 3692 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:37:19.0805 3692 swprv - ok
13:37:19.0814 3692 symantecantibotdriver - ok
13:37:19.0840 3692 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:37:19.0842 3692 Symc8xx - ok
13:37:19.0866 3692 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:37:19.0867 3692 Sym_hi - ok
13:37:19.0887 3692 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:37:19.0889 3692 Sym_u3 - ok
13:37:19.0943 3692 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:37:19.0961 3692 SysMain - ok
13:37:20.0003 3692 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:37:20.0006 3692 TabletInputService - ok
13:37:20.0055 3692 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:37:20.0062 3692 TapiSrv - ok
13:37:20.0093 3692 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:37:20.0096 3692 TBS - ok
13:37:20.0205 3692 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
13:37:20.0265 3692 Tcpip - ok
13:37:20.0298 3692 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
13:37:20.0304 3692 Tcpip6 - ok
13:37:20.0331 3692 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
13:37:20.0332 3692 tcpipreg - ok
13:37:20.0364 3692 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:37:20.0365 3692 TDPIPE - ok
13:37:20.0400 3692 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:37:20.0401 3692 TDTCP - ok
13:37:20.0449 3692 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:37:20.0451 3692 tdx - ok
13:37:20.0543 3692 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:37:20.0544 3692 TermDD - ok
13:37:20.0605 3692 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:37:20.0618 3692 TermService - ok
13:37:20.0658 3692 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:37:20.0662 3692 Themes - ok
13:37:20.0691 3692 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:37:20.0693 3692 THREADORDER - ok
13:37:20.0725 3692 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:37:20.0728 3692 TrkWks - ok
13:37:20.0778 3692 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:37:20.0780 3692 TrustedInstaller - ok
13:37:20.0822 3692 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:37:20.0824 3692 tssecsrv - ok
13:37:20.0840 3692 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:37:20.0841 3692 tunmp - ok
13:37:20.0864 3692 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:37:20.0865 3692 tunnel - ok
13:37:20.0885 3692 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:37:20.0887 3692 uagp35 - ok
13:37:20.0933 3692 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:37:20.0939 3692 udfs - ok
13:37:20.0976 3692 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:37:20.0979 3692 UI0Detect - ok
13:37:21.0002 3692 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:37:21.0005 3692 uliagpkx - ok
13:37:21.0022 3692 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:37:21.0028 3692 uliahci - ok
13:37:21.0054 3692 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:37:21.0057 3692 UlSata - ok
13:37:21.0074 3692 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:37:21.0078 3692 ulsata2 - ok
13:37:21.0102 3692 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:37:21.0103 3692 umbus - ok
13:37:21.0134 3692 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:37:21.0141 3692 upnphost - ok
13:37:21.0198 3692 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:37:21.0200 3692 USBAAPL - ok
13:37:21.0236 3692 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
13:37:21.0239 3692 usbaudio - ok
13:37:21.0261 3692 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:37:21.0263 3692 usbccgp - ok
13:37:21.0292 3692 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:37:21.0297 3692 usbcir - ok
13:37:21.0333 3692 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:37:21.0335 3692 usbehci - ok
13:37:21.0388 3692 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:37:21.0393 3692 usbhub - ok
13:37:21.0407 3692 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
13:37:21.0408 3692 usbohci - ok
13:37:21.0439 3692 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:37:21.0441 3692 usbprint - ok
13:37:21.0513 3692 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:37:21.0514 3692 usbscan - ok
13:37:21.0549 3692 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:37:21.0551 3692 USBSTOR - ok
13:37:21.0571 3692 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:37:21.0573 3692 usbuhci - ok
13:37:21.0613 3692 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
13:37:21.0616 3692 usbvideo - ok
13:37:21.0663 3692 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:37:21.0666 3692 UxSms - ok
13:37:21.0717 3692 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:37:21.0726 3692 vds - ok
13:37:21.0767 3692 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:37:21.0769 3692 vga - ok
13:37:21.0787 3692 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:37:21.0788 3692 VgaSave - ok
13:37:21.0820 3692 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:37:21.0833 3692 viaagp - ok
13:37:21.0852 3692 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:37:21.0854 3692 ViaC7 - ok
13:37:21.0876 3692 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:37:21.0877 3692 viaide - ok
13:37:21.0935 3692 vmwvusb (6ba3ed102ab24310a0259c8f9e29d5b8) C:\Windows\system32\Drivers\vmwvusb.sys
13:37:21.0936 3692 vmwvusb - ok
13:37:22.0041 3692 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:37:22.0043 3692 volmgr - ok
13:37:22.0098 3692 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:37:22.0104 3692 volmgrx - ok
13:37:22.0139 3692 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:37:22.0145 3692 volsnap - ok
13:37:22.0154 3692 vpnva - ok
13:37:22.0210 3692 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:37:22.0214 3692 vsmraid - ok
13:37:22.0310 3692 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:37:22.0366 3692 VSS - ok
13:37:22.0417 3692 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:37:22.0426 3692 W32Time - ok
13:37:22.0575 3692 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:37:22.0576 3692 WacomPen - ok
13:37:22.0596 3692 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:37:22.0599 3692 Wanarp - ok
13:37:22.0621 3692 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:37:22.0622 3692 Wanarpv6 - ok
13:37:22.0677 3692 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:37:22.0685 3692 wcncsvc - ok
13:37:22.0711 3692 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:37:22.0714 3692 WcsPlugInService - ok
13:37:22.0746 3692 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:37:22.0758 3692 Wd - ok
13:37:22.0875 3692 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:37:22.0925 3692 Wdf01000 - ok
13:37:22.0950 3692 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:37:22.0953 3692 WdiServiceHost - ok
13:37:22.0960 3692 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:37:22.0962 3692 WdiSystemHost - ok
13:37:23.0010 3692 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:37:23.0016 3692 WebClient - ok
13:37:23.0054 3692 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:37:23.0060 3692 Wecsvc - ok
13:37:23.0078 3692 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:37:23.0087 3692 wercplsupport - ok
13:37:23.0134 3692 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:37:23.0139 3692 WerSvc - ok
13:37:23.0196 3692 winachsf (0869c31e0ff995bf00628af8c1658e26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:37:23.0212 3692 winachsf - ok
13:37:23.0220 3692 WinHttpAutoProxySvc - ok
13:37:23.0301 3692 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:37:23.0304 3692 Winmgmt - ok
13:37:23.0363 3692 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:37:23.0404 3692 WinRM - ok
13:37:23.0479 3692 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:37:23.0489 3692 Wlansvc - ok
13:37:23.0522 3692 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
13:37:23.0523 3692 WmiAcpi - ok
13:37:23.0599 3692 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:37:23.0603 3692 wmiApSrv - ok
13:37:23.0684 3692 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:37:23.0800 3692 WMPNetworkSvc - ok
13:37:23.0868 3692 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:37:23.0874 3692 WPCSvc - ok
13:37:23.0967 3692 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:37:23.0971 3692 WPDBusEnum - ok
13:37:24.0040 3692 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:37:24.0071 3692 WpdUsb - ok
13:37:24.0221 3692 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:37:24.0262 3692 WPFFontCache_v0400 - ok
13:37:24.0345 3692 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:37:24.0346 3692 ws2ifsl - ok
13:37:24.0369 3692 WSearch - ok
13:37:24.0527 3692 wsnm (3cf81f104137457a7f32c274709635be) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
13:37:24.0603 3692 wsnm - ok
13:37:24.0682 3692 wsnm_usbctrl (930762671268b7754ffadccbf1d1bb95) C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
13:37:24.0724 3692 wsnm_usbctrl - ok
13:37:25.0049 3692 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:37:25.0122 3692 wuauserv - ok
13:37:25.0287 3692 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:37:25.0294 3692 WUDFRd - ok
13:37:25.0332 3692 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:37:25.0335 3692 wudfsvc - ok
13:37:25.0404 3692 XAudio (bfcc507eca58f11c5fed96e192b878cb) C:\Windows\system32\DRIVERS\xaudio.sys
13:37:25.0405 3692 XAudio - ok
13:37:25.0424 3692 XAudioService - ok
13:37:25.0451 3692 MBR (0x1B8) (d6ba8bd1e351710a091ac298ef15c30f) \Device\Harddisk0\DR0
13:37:25.0477 3692 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:37:25.0477 3692 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:37:25.0505 3692 Boot (0x1200) (78b88920aa912c3ebd2e84bc239cdccf) \Device\Harddisk0\DR0\Partition0
13:37:25.0534 3692 \Device\Harddisk0\DR0\Partition0 - ok
13:37:25.0566 3692 Boot (0x1200) (d43ccaf72370bcbe4b2a438fd63b8ec9) \Device\Harddisk0\DR0\Partition1
13:37:25.0568 3692 \Device\Harddisk0\DR0\Partition1 - ok
13:37:25.0568 3692 ============================================================
13:37:25.0568 3692 Scan finished
13:37:25.0568 3692 ============================================================
13:37:25.0584 3680 Detected object count: 2
13:37:25.0585 3680 Actual detected object count: 2
13:38:18.0662 3680 C:\Windows\system32\drivers\afd.sys - copied to quarantine
13:38:18.0665 3680 C:\Windows\$NtUninstallKB50607$\2458081068\@ - copied to quarantine
13:38:18.0666 3680 C:\Windows\$NtUninstallKB50607$\2458081068\cfg.ini - copied to quarantine
13:38:18.0667 3680 C:\Windows\$NtUninstallKB50607$\2458081068\Desktop.ini - copied to quarantine
13:38:18.0703 3680 C:\Windows\$NtUninstallKB50607$\2458081068\L\qnbwvoto - copied to quarantine
13:38:18.0704 3680 C:\Windows\$NtUninstallKB50607$\2458081068\oemid - copied to quarantine
13:38:18.0716 3680 C:\Windows\$NtUninstallKB50607$\2458081068\U\00000001.@ - copied to quarantine
13:38:18.0752 3680 C:\Windows\$NtUninstallKB50607$\2458081068\U\00000002.@ - copied to quarantine
13:38:18.0765 3680 C:\Windows\$NtUninstallKB50607$\2458081068\U\00000004.@ - copied to quarantine
13:38:18.0781 3680 C:\Windows\$NtUninstallKB50607$\2458081068\U\80000000.@ - copied to quarantine
13:38:18.0783 3680 C:\Windows\$NtUninstallKB50607$\2458081068\U\80000004.@ - copied to quarantine
13:38:18.0812 3680 C:\Windows\$NtUninstallKB50607$\2458081068\U\80000032.@ - copied to quarantine
13:38:18.0813 3680 C:\Windows\$NtUninstallKB50607$\2458081068\version - copied to quarantine
13:38:26.0546 3680 Backup copy found, using it..
13:38:26.0560 3680 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
13:38:29.0186 3680 C:\Windows\$NtUninstallKB50607$\1793089775 - will be deleted on reboot
13:38:29.0187 3680 C:\Windows\$NtUninstallKB50607$\2458081068\@ - will be deleted on reboot
13:38:29.0187 3680 C:\Windows\$NtUninstallKB50607$\2458081068\cfg.ini - will be deleted on reboot
13:38:29.0187 3680 C:\Windows\$NtUninstallKB50607$\2458081068\Desktop.ini - will be deleted on reboot
13:38:29.0201 3680 C:\Windows\$NtUninstallKB50607$\2458081068\oemid - will be deleted on reboot
13:38:29.0219 3680 C:\Windows\$NtUninstallKB50607$\2458081068\U\00000001.@ - will be deleted on reboot
13:38:29.0220 3680 C:\Windows\$NtUninstallKB50607$\2458081068\U\00000002.@ - will be deleted on reboot
13:38:29.0220 3680 C:\Windows\$NtUninstallKB50607$\2458081068\U\00000004.@ - will be deleted on reboot
13:38:29.0220 3680 C:\Windows\$NtUninstallKB50607$\2458081068\U\80000000.@ - will be deleted on reboot
13:38:29.0220 3680 C:\Windows\$NtUninstallKB50607$\2458081068\U\80000004.@ - will be deleted on reboot
13:38:29.0221 3680 C:\Windows\$NtUninstallKB50607$\2458081068\U\80000032.@ - will be deleted on reboot
13:38:29.0221 3680 C:\Windows\$NtUninstallKB50607$\2458081068\version - will be deleted on reboot
13:38:29.0222 3680 AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure
13:38:29.0910 3680 \Device\Harddisk0\DR0\# - copied to quarantine
13:38:29.0911 3680 \Device\Harddisk0\DR0 - copied to quarantine
13:38:29.0933 3680 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
13:38:29.0941 3680 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
13:38:29.0943 3680 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
13:38:29.0946 3680 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
13:38:29.0950 3680 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
13:38:29.0957 3680 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
13:38:29.0963 3680 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
13:38:29.0964 3680 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
13:38:29.0965 3680 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
13:38:29.0969 3680 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
13:38:29.0972 3680 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
13:38:29.0975 3680 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
13:38:30.0006 3680 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
13:38:30.0007 3680 \Device\Harddisk0\DR0 - ok
13:38:30.0190 3680 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
13:38:35.0600 0896 Deinitialize success

 

[severedgein]

update on behavior:
No change, still missing everything on my desktop as well as the start menu.

 

[Broni]

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

Then....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Download Bootkit Remover to your desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[severedgein]

Icons and start menu are back to normal, can also adjust network settings (don't know if that was part of unhide or not) now.
there is a start menu directory as well as a quick launch icon and desktop icon for the Smart HDD program though.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-06 14:06:59
-----------------------------
14:06:59.322 OS Version: Windows 6.0.6002 Service Pack 2
14:06:59.322 Number of processors: 2 586 0x6B02
14:06:59.322 ComputerName: WS301 UserName: WS301
14:07:09.649 Initialize success
14:09:36.351 AVAST engine defs: 12040600
14:11:23.976 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
14:11:23.992 Disk 0 Vendor: ST325031 3.AH Size: 238475MB BusType: 3
14:11:24.023 Disk 0 MBR read successfully
14:11:24.023 Disk 0 MBR scan
14:11:24.039 Disk 0 unknown MBR code
14:11:24.039 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226949 MB offset 63
14:11:24.086 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11523 MB offset 464792580
14:11:24.117 Disk 0 scanning sectors +488392065
14:11:24.195 Disk 0 scanning C:\Windows\system32\drivers
14:11:50.325 Service scanning
14:12:05.862 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
14:12:33.552 Modules scanning
14:12:41.944 Disk 0 trace - called modules:
14:12:41.959 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
14:12:41.975 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859f26e8]
14:12:41.975 3 CLASSPNP.SYS[807388b3] -> nt!IofCallDriver -> [0x8528a700]
14:12:41.975 5 acpi.sys[806156bc] -> nt!IofCallDriver -> \Device\00000053[0x84e68928]
14:12:43.550 AVAST engine scan C:\Windows
14:12:49.385 AVAST engine scan C:\Windows\system32
14:19:43.174 AVAST engine scan C:\Windows\system32\drivers
14:20:18.371 AVAST engine scan C:\Users\WS301
14:34:29.260 AVAST engine scan C:\ProgramData
14:37:50.568 Scan finished successfully
14:41:30.639 Disk 0 MBR has been saved successfully to "C:\Users\WS301\Desktop\MBR.dat"
14:41:30.732 The log file has been saved successfully to "C:\Users\WS301\Desktop\aswMBR.txt"

------------------------------------------------------------------
bootcleaner threw an i/o error code when it first ran, produced a debug.log, let me know if you want me to post that as well.


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 306a70bb88e51c06c67244ab8a2237bf

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

 

[severedgein]

Oh, also Mic. Sec. Ess. picked up an "Exploit:Java/CVE-2012-0507.D!ldr" during the askMBR scan and quarantined it. Should I disable MSE for the time being?

 

[Broni]

Good news

Should I disable MSE for the time being?

Only when clearly indicated.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[severedgein]

Despite the log, I did disable real-time protection for MSE and also killed the process from task manager, because it popped up that I should exit it.


ComboFix 12-04-06.03 - WS301 04/06/2012 15:12:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.2270 [GMT -4:00]
Running from: c:\users\WS301\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
c:\microsoft\Internet Explorer\Quick Launch\Malware Protection.lnk
c:\programdata\wLUs9jOMFUvdbB
c:\users\debbie\AppData\Local\{80283EA3-C225-4C6B-9320-C1025AED0BD6}
c:\users\debbie\AppData\Local\{80283EA3-C225-4C6B-9320-C1025AED0BD6}\chrome.manifest
c:\users\debbie\AppData\Local\{80283EA3-C225-4C6B-9320-C1025AED0BD6}\chrome\content\overlay.xul
c:\users\debbie\AppData\Local\{80283EA3-C225-4C6B-9320-C1025AED0BD6}\install.rdf
c:\users\debbie\AppData\Roaming\avbase.dat
c:\users\WS301\AppData\Local\.#
c:\windows\$NtUninstallKB50607$
c:\windows\$NtUninstallKB50607$\2458081068\L\qnbwvoto
c:\windows\iun6002.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 19:20 . 2012-04-06 19:20 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{872F984A-98DB-4DD2-A81F-B011599E53A8}\offreg.dll
2012-04-06 17:53 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{872F984A-98DB-4DD2-A81F-B011599E53A8}\mpengine.dll
2012-04-06 17:38 . 2012-04-06 17:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-06 13:20 . 2012-04-06 13:20 -------- d-----w- c:\program files\Mbam
2012-04-05 19:41 . 2012-04-05 19:41 -------- d-----w- c:\windows\Sun
2012-04-05 19:31 . 2012-04-05 19:31 -------- d-----w- c:\programdata\WindowsSearch
2012-04-05 18:15 . 2012-04-05 18:34 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-14 06:56 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 06:55 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 06:55 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 06:55 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 06:55 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 06:55 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:55 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 06:53 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 06:53 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 17:39 . 2011-06-15 09:18 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-05 18:34 . 2012-01-24 14:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 02:15 . 2011-12-20 18:43 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-10 14:35 . 2012-02-10 14:36 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AD19C8B-2A0B-414E-B130-E2E4F3A393DF}\gapaengine.dll
2012-01-31 12:44 . 2009-10-03 06:57 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-11-09 02:13 . 2011-05-14 11:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-27 19:35 . 2009-09-30 21:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-27 30192]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-05-03 283792]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg wsauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-09-24 20:57 2254120 ----a-w- c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nmap
vpnva
giveio
compaq_rba
point32
sandradatasrv
ovepstatusengine
ftsata2
SilverLink
hsfhwbs2
symantecantibotdriver
fuj02b1
NtMtlFax
cmdagent
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 18:34]
.
2011-12-01 c:\windows\Tasks\HPCeeScheduleFordebbie.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-11-22 19:12]
.
2011-12-05 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 192.168.1.254
DPF: {4912ED81-BD9F-485E-86CA-BD62EC957435} - hxxps://ecospda.bethesdahealthcare.com/SOARIANWEBPROD2_020551029_M0K0_p_htm_28//sframe/IETools.cab
FF - ProfilePath - c:\users\WS301\AppData\Roaming\Mozilla\Firefox\Profiles\dto4vjea.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-86329660.sys
MSConfigStartUp-LifeCam - c:\program files\Microsoft LifeCam\LifeExp.exe
AddRemove-CaptureCAM-PLAYER - c:\windows\iun6002.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\wsauth.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\VMware\VMware View\Client\bin\wsnm.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-04-06 15:28:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 19:27
.
Pre-Run: 160,826,003,456 bytes free
Post-Run: 162,042,368,000 bytes free
.
- - End Of File - - E607942FA3DD1B96706764EC4D06B8D1

 

[Broni]

Looks good.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[severedgein]

Computer seems to be ok, the Smart HDD shortcuts are still there though.

OTL logfile created on: 4/6/2012 3:44:17 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\WS301\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 65.88% Memory free
5.95 Gb Paging File | 5.02 Gb Available in Paging File | 84.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.63 Gb Total Space | 150.87 Gb Free Space | 68.07% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.54 Gb Free Space | 13.71% Space Free | Partition Type: NTFS

Computer Name: WS301 | User Name: WS301 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/06 15:43:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\WS301\Desktop\OTL.exe
PRC - [2012/04/05 14:34:20 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 16:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/18 19:38:24 | 000,793,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
PRC - [2011/02/18 19:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2009/09/09 18:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/24 16:57:34 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/24 16:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2008/09/11 01:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/13 12:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/02/04 15:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006/10/30 19:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 11:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


========== Modules (No Company Name) ==========

MOD - [2006/10/30 19:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/09/20 11:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSSdk23.dll -- (vpnva)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p1110vid.dll -- (symantecantibotdriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cicssfs.scmmc223.dll -- (ovepstatusengine)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\statusagent.dll -- (NtMtlFax)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dobex.dll -- (nmap)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsaa.dll -- (giveio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\efs.dll -- (fuj02b1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w800obex.dll -- (ftsata2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fltmgr.dll -- (compaq_rba)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acprfmgrsvc.dll -- (cmdagent)
SRV - [2012/04/05 14:34:21 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 16:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/18 19:38:24 | 000,793,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
SRV - [2011/02/18 19:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2008/09/24 16:57:34 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/24 16:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2008/09/11 01:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/09 00:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/13 12:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011/04/27 16:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 14:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/02/18 19:38:24 | 000,039,984 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmwvusb.sys -- (vmwvusb)
DRV - [2010/05/20 18:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2008/09/27 02:51:00 | 007,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/10 08:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 08:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/09 20:58:08 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/09/04 07:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/01 08:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 12:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 12:12:22 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 05:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/07/16 17:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {0ED26115-6639-4D15-9D92-2EB2A4E20FE6}
IE - HKLM\..\SearchScopes\{0ED26115-6639-4D15-9D92-2EB2A4E20FE6}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{906B07A0-4D8B-4FB3-A37D-4B3E5E393243}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1652149106-3131603526-267303755-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1652149106-3131603526-267303755-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1652149106-3131603526-267303755-1003\..\SearchScopes\{0ED26115-6639-4D15-9D92-2EB2A4E20FE6}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1652149106-3131603526-267303755-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1652149106-3131603526-267303755-1003\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=D8B75hlZAuvOHfwQlU_2q7H-9xg?q={searchTerms}
IE - HKU\S-1-5-21-1652149106-3131603526-267303755-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/27 00:04:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/08 22:13:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/13 11:06:16 | 000,000,000 | ---D | M]

[2012/02/21 10:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WS301\AppData\Roaming\Mozilla\Extensions
[2011/12/19 11:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/19 11:02:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/11/08 22:13:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/05 04:49:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 22:13:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/06 15:22:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1652149106-3131603526-267303755-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1652149106-3131603526-267303755-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1652149106-3131603526-267303755-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-1652149106-3131603526-267303755-1003\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {4912ED81-BD9F-485E-86CA-BD62EC957435} https://ecospda.bethesdahealthcare.com/SOARIANWEBPROD2_020551029_M0K0_p_htm_28//sframe/IETools.cab (Soarian Frame Tools for Internet Explorer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D268137-E37D-415F-BCE5-95EFF1F7D50E}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O30 - LSA: Security Packages - (wsauth) - C:\Windows\System32\wsauth.dll (VMware, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: nmap - %systemroot%\system32\SE2Dobex.dll File not found
NetSvcs: vpnva - %systemroot%\system32\PSSdk23.dll File not found
NetSvcs: giveio - %systemroot%\system32\fsaa.dll File not found
NetSvcs: compaq_rba - %systemroot%\system32\fltmgr.dll File not found
NetSvcs: point32 - File not found
NetSvcs: sandradatasrv - File not found
NetSvcs: ovepstatusengine - %systemroot%\system32\cicssfs.scmmc223.dll File not found
NetSvcs: ftsata2 - %systemroot%\system32\w800obex.dll File not found
NetSvcs: SilverLink - File not found
NetSvcs: hsfhwbs2 - File not found
NetSvcs: symantecantibotdriver - %systemroot%\system32\p1110vid.dll File not found
NetSvcs: fuj02b1 - %systemroot%\system32\efs.dll File not found
NetSvcs: NtMtlFax - %systemroot%\system32\statusagent.dll File not found
NetSvcs: cmdagent - %systemroot%\system32\acprfmgrsvc.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/06 15:43:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\WS301\Desktop\OTL.exe
[2012/04/06 15:28:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/06 15:28:11 | 000,000,000 | ---D | C] -- C:\Users\WS301\AppData\Local\temp
[2012/04/06 15:22:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/06 15:22:33 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2012/04/06 15:03:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/06 15:03:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/06 15:03:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/06 15:03:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/06 15:02:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/06 15:02:59 | 000,000,000 | ---D | C] -- \ComboFix
[2012/04/06 15:00:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/06 15:00:52 | 000,000,000 | ---D | C] -- \Qoobox
[2012/04/06 14:59:06 | 004,450,572 | R--- | C] (Swearware) -- C:\Users\WS301\Desktop\ComboFix.exe
[2012/04/06 14:42:37 | 000,000,000 | ---D | C] -- C:\Users\WS301\Desktop\bootkit_remover
[2012/04/06 14:06:19 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\WS301\Desktop\aswMBR.exe
[2012/04/06 14:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/06 13:38:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/06 13:38:18 | 000,000,000 | ---D | C] -- \TDSSKiller_Quarantine
[2012/04/06 13:36:22 | 000,000,000 | ---D | C] -- C:\Users\WS301\Desktop\tdsskiller
[2012/04/06 09:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mbam
[2012/04/06 09:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mbam
[2012/04/06 08:50:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\WS301\Desktop\dds.scr
[2012/04/06 08:49:14 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\WS301\Desktop\yessir.exe
[2012/04/05 17:15:34 | 000,000,000 | ---D | C] -- C:\Users\WS301\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012/04/05 15:41:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/04/05 15:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

========== Files - Modified Within 30 Days ==========

[2012/04/06 15:43:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\WS301\Desktop\OTL.exe
[2012/04/06 15:35:04 | 000,657,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/06 15:35:04 | 000,125,368 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/06 15:30:38 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/06 15:30:38 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/06 15:30:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/06 15:30:29 | 3085,361,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/06 15:22:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/06 14:59:13 | 004,450,572 | R--- | M] (Swearware) -- C:\Users\WS301\Desktop\ComboFix.exe
[2012/04/06 14:42:28 | 000,044,607 | ---- | M] () -- C:\Users\WS301\Desktop\bootkit_remover.zip
[2012/04/06 14:41:30 | 000,000,512 | ---- | M] () -- C:\Users\WS301\Desktop\MBR.dat
[2012/04/06 14:06:23 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\WS301\Desktop\aswMBR.exe
[2012/04/06 13:35:16 | 002,053,661 | ---- | M] () -- C:\Users\WS301\Desktop\tdsskiller.zip
[2012/04/06 09:20:18 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 09:18:16 | 177,070,869 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/06 08:50:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\WS301\Desktop\dds.scr
[2012/04/06 08:49:48 | 000,302,592 | ---- | M] () -- C:\Users\WS301\Desktop\7rlet47u.exe
[2012/04/06 08:49:32 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\WS301\Desktop\yessir.exe
[2012/04/05 17:20:07 | 000,000,168 | ---- | M] () -- C:\ProgramData\-wLUs9jOMFUvdbBr
[2012/04/05 17:20:07 | 000,000,000 | ---- | M] () -- C:\ProgramData\-wLUs9jOMFUvdbB
[2012/04/05 17:15:34 | 000,000,629 | ---- | M] () -- C:\Users\WS301\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/05 17:15:34 | 000,000,605 | ---- | M] () -- C:\Users\WS301\Desktop\SMART_HDD.lnk
[2012/04/05 15:36:42 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/14 03:20:54 | 000,402,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/06 15:03:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/06 15:03:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/06 15:03:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/06 15:03:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/06 15:03:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/06 14:42:28 | 000,044,607 | ---- | C] () -- C:\Users\WS301\Desktop\bootkit_remover.zip
[2012/04/06 14:41:30 | 000,000,512 | ---- | C] () -- C:\Users\WS301\Desktop\MBR.dat
[2012/04/06 14:03:31 | 000,000,909 | ---- | C] () -- C:\Users\WS301\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/06 14:03:31 | 000,000,904 | ---- | C] () -- C:\Users\WS301\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/06 14:03:31 | 000,000,896 | ---- | C] () -- C:\Users\WS301\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2012/04/06 14:03:31 | 000,000,258 | ---- | C] () -- C:\Users\WS301\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/04/06 14:03:31 | 000,000,240 | ---- | C] () -- C:\Users\WS301\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/04/06 13:39:25 | 3085,361,152 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/06 13:39:25 | 3085,361,152 | -HS- | C] () -- \hiberfil.sys
[2012/04/06 13:35:12 | 002,053,661 | ---- | C] () -- C:\Users\WS301\Desktop\tdsskiller.zip
[2012/04/06 09:20:18 | 000,000,714 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 08:49:47 | 000,302,592 | ---- | C] () -- C:\Users\WS301\Desktop\7rlet47u.exe
[2012/04/05 17:15:36 | 000,000,168 | ---- | C] () -- C:\ProgramData\-wLUs9jOMFUvdbBr
[2012/04/05 17:15:36 | 000,000,000 | ---- | C] () -- C:\ProgramData\-wLUs9jOMFUvdbB
[2012/04/05 17:15:34 | 000,000,629 | ---- | C] () -- C:\Users\WS301\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/05 17:15:34 | 000,000,605 | ---- | C] () -- C:\Users\WS301\Desktop\SMART_HDD.lnk
[2012/04/05 14:15:08 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/12/19 11:32:13 | 000,172,945 | ---- | C] () -- C:\Windows\hppins13.dat
[2011/12/19 11:32:12 | 000,006,760 | ---- | C] () -- C:\Windows\hppmdl13.dat
[2011/12/19 11:31:57 | 000,000,619 | ---- | C] () -- C:\Windows\System32\hppapr13.dat
[2011/12/19 10:52:30 | 000,000,680 | ---- | C] () -- C:\Users\WS301\AppData\Local\d3d9caps.dat
[2011/08/10 03:02:23 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/06/30 03:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

========== LOP Check ==========

[2011/12/13 22:41:44 | 000,000,000 | ---D | M] -- C:\Users\debbie\AppData\Roaming\829F552B
[2009/08/11 16:50:20 | 000,000,000 | ---D | M] -- C:\Users\debbie\AppData\Roaming\CallingID
[2009/04/23 13:30:40 | 000,000,000 | ---D | M] -- C:\Users\debbie\AppData\Roaming\Canon
[2011/12/19 12:57:01 | 000,000,000 | ---D | M] -- C:\Users\debbie\AppData\Roaming\FUJIFILM
[2009/09/14 18:43:15 | 000,000,000 | ---D | M] -- C:\Users\debbie\AppData\Roaming\NewSoft
[2009/03/27 18:37:56 | 000,000,000 | ---D | M] -- C:\Users\debbie\AppData\Roaming\PictureMover
[2009/08/24 15:09:25 | 000,000,000 | ---D | M] -- C:\Users\debbie\AppData\Roaming\Purple Ghost Software, Inc
[2009/03/27 21:41:57 | 000,000,000 | ---D | M] -- C:\Users\debbie\AppData\Roaming\ScanSoft
[2009/05/11 14:21:46 | 000,000,000 | ---D | M] -- C:\Users\debbie\AppData\Roaming\WinBatch
[2012/02/24 10:15:43 | 000,000,000 | ---D | M] -- C:\Users\WS301\AppData\Roaming\AVG
[2011/12/19 10:52:51 | 000,000,000 | ---D | M] -- C:\Users\WS301\AppData\Roaming\PictureMover
[2011/12/04 20:12:08 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/04/06 15:29:42 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/11/22 17:43:02 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/03/27 19:17:41 | 000,055,414 | ---- | M] () -- C:\caavsetupLog.txt
[2009/08/24 19:09:17 | 001,916,818 | ---- | M] () -- C:\caisslog.txt
[2012/04/06 15:28:10 | 000,011,928 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/07 17:27:12 | 000,000,500 | ---- | M] () -- C:\FINIS_IT.TXT
[2012/04/06 15:30:29 | 3085,361,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/06 15:30:27 | 3399,233,536 | -HS- | M] () -- C:\pagefile.sys
[2008/11/22 18:30:40 | 000,000,349 | ---- | M] () -- C:\updatedatfix.log
[2008/08/26 08:37:52 | 000,000,458 | ---- | M] () -- C:\Windows Sidebar

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/12/19 12:06:03 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/04/15 23:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD8Z.DLL
[2007/04/15 23:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP8Z.DLL
[2010/04/15 18:33:02 | 000,281,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpcpp093.DLL
[2007/03/15 18:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2008/01/20 22:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/02/02 11:12:53 | 000,000,286 | -HS- | M] () -- C:\Users\WS301\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/04/06 08:49:48 | 000,302,592 | ---- | M] () -- C:\Users\WS301\Desktop\7rlet47u.exe
[2012/04/06 14:06:23 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\WS301\Desktop\aswMBR.exe
[2012/04/06 14:59:13 | 004,450,572 | R--- | M] (Swearware) -- C:\Users\WS301\Desktop\ComboFix.exe
[2012/04/06 15:43:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\WS301\Desktop\OTL.exe
[2012/04/06 08:49:32 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\WS301\Desktop\yessir.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/04/05 15:36:42 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/12/01 15:26:03 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordebbie.job
[2011/12/04 20:12:08 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/04/06 15:30:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/04/06 15:29:42 | 000,032,582 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/12/19 10:52:13 | 000,000,402 | -HS- | M] () -- C:\Users\WS301\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/04/05 17:20:07 | 000,000,000 | ---- | M] () -- C:\ProgramData\-wLUs9jOMFUvdbB
[2012/04/05 17:20:07 | 000,000,168 | ---- | M] () -- C:\ProgramData\-wLUs9jOMFUvdbBr
[2011/05/15 21:25:39 | 000,010,916 | -HS- | M] () -- C:\ProgramData\edl3w23oj3p
[2011/05/21 01:28:53 | 000,010,818 | -HS- | M] () -- C:\ProgramData\hk67n73apv1
[2011/12/19 13:14:13 | 000,005,480 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/12/23 10:25:55 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

 

[severedgein]

OTL Extras logfile created on: 4/6/2012 3:44:17 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\WS301\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 65.88% Memory free
5.95 Gb Paging File | 5.02 Gb Available in Paging File | 84.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.63 Gb Total Space | 150.87 Gb Free Space | 68.07% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.54 Gb Free Space | 13.71% Space Free | Partition Type: NTFS

Computer Name: WS301 | User Name: WS301 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0632F3AE-FDEC-41A8-8B54-A2F06DEA9D97}" = lport=445 | protocol=6 | dir=in | app=system |
"{2D1FA720-96A2-4471-BF0C-2D384BEF6E25}" = rport=445 | protocol=6 | dir=out | app=system |
"{4EF3E28B-864F-451C-A348-8C730ACF59AE}" = rport=138 | protocol=17 | dir=out | app=system |
"{585AB984-C3AD-48CA-94DE-74E018D1CD7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5DFD0D96-D422-4B44-A4FF-A09566C3C1B3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5F5554B3-378F-468D-8130-DD4E9D319D97}" = lport=137 | protocol=17 | dir=in | app=system |
"{69079CE2-9B94-4E0D-8C0C-ED19EA7F8E7E}" = rport=139 | protocol=6 | dir=out | app=system |
"{946A6496-4D38-4F1F-87DA-097ADC515783}" = rport=137 | protocol=17 | dir=out | app=system |
"{988CE96E-6F62-413C-8055-5587EB8FC9DB}" = lport=138 | protocol=17 | dir=in | app=system |
"{B1A4AAE4-3AA4-4397-A52D-C9FA11C4ED12}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19763876-7F2A-4E66-9AC7-BCF44C7E5974}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1C987232-B779-4270-B28C-147F44E0DA51}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{211C372F-0743-49EE-AD6F-68EE9C8D8874}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{21453D3B-9BDA-42D9-B7E8-884D30FCFFDE}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{4DEC923A-730D-44D6-B259-2E74A8EBBAC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{5307AA04-D6D6-4AAE-85B4-AD73B98F6A78}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{58239D97-038C-40E7-9285-453C588735F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5AD0F84B-2B5F-4842-BFF0-A05FD5D22C62}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{5C69C3EB-CB7B-468D-BAEC-458B1B6379B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5CD7C81C-7023-4A52-8E05-68A1BBBB8761}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{62E8FAF7-DADA-4292-8AAD-71317BDFEC52}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{6A361923-3436-40EB-BA2F-D568CBC14F4B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{79C78FE0-8586-48AA-8C45-434DFEBA12A9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
"{7C7178B8-B1D0-4856-BFED-2FDAA6BE1D23}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7F7102FA-D7E5-48C9-B6D8-A85A633677D3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{831F001D-1344-40C3-BA49-878678A4EB0A}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{87BE6957-C32B-4A68-B82B-38662ED5F33C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{886F9348-B415-4932-922C-E417331F170C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9484048D-2D90-47D4-8A19-D01608DA4635}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9AEF19B6-CBB4-48CE-831C-7434D2A47DCE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{9F6F3C81-F759-4E7A-A983-0338FF6D0B76}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{A64E55AD-A77C-4E22-8E1E-D2818B0F2376}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{AA37E076-ADEE-4CA7-99E3-1CE21BC45051}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{ADF44E68-D983-4EAC-A168-38DC32EB9336}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{B72F86E3-E921-4FD6-80C1-C3C2DAA0C4B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{B7F080BE-F53D-4340-B9AF-87EBE42FFF85}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{BD180B37-5F7E-4D54-A18C-063285498E7B}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{BDDB921A-2A6A-48F3-8F51-7A20C9EF3F34}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{D15AF349-A769-462E-BB9D-2A7AAE3B3076}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{D5D03957-B5F0-473F-8E32-A9AA48926D9F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{DEE1CAEF-A3FA-4287-BBEB-9CC36BDE4F00}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{E4554D11-C123-4015-B435-D70DDA5E513E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{E6A13D51-D595-4CB1-AEFD-3B842459F775}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{F9E614FA-B783-4461-9D3C-72F11D50F32B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 30
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{5C1A8800-9D79-43FF-9432-921ACB7AA69D}" = VZAccess Manager for RIM
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F801026-6AF0-4520-9153-4C9B4CAAB361}" = HP LaserJet P2050 Series 6.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderP2050
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3AE0EFB-C8C2-4AF5-9841-459DB1C138CF}" = Crystal Reports 10 Support Files
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{CA78EE0D-B198-46BF-80E6-89EE4D49101D}" = VMware View Client
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1E03284-66FD-4292-8239-504CEC5B0CC3}" = C5200_doccd
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{d6937b6b-6573-4ad2-bd7a-4ae8f235be98}" = Revenue Management
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED01C034-09A6-4C4F-A7B5-A1B5ADBA4542}" = Lytec 2011 Professional
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EOS USB WIA Driver" = EOS USB WIA Driver
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HPOCR" = HP OCR Software 9.0
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"TransferMy Music_is1" = TransferMy Music 2.0.4.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2012 1:33:19 PM | Computer Name = WS301 | Source = EventSystem | ID = 4609
Description =

Error - 4/6/2012 1:37:35 PM | Computer Name = WS301 | Source = LoadPerf | ID = 3013
Description =

Error - 4/6/2012 1:37:35 PM | Computer Name = WS301 | Source = LoadPerf | ID = 3009
Description =

Error - 4/6/2012 1:41:06 PM | Computer Name = WS301 | Source = WinMgmt | ID = 10
Description =

Error - 4/6/2012 1:43:55 PM | Computer Name = WS301 | Source = WinMgmt | ID = 10
Description =

Error - 4/6/2012 1:49:37 PM | Computer Name = WS301 | Source = LoadPerf | ID = 3013
Description =

Error - 4/6/2012 1:49:37 PM | Computer Name = WS301 | Source = LoadPerf | ID = 3009
Description =

Error - 4/6/2012 3:11:53 PM | Computer Name = WS301 | Source = WinMgmt | ID = 10
Description =

Error - 4/6/2012 3:22:21 PM | Computer Name = WS301 | Source = WinMgmt | ID = 10
Description =

Error - 4/6/2012 3:32:13 PM | Computer Name = WS301 | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 4/7/2011 3:11:14 PM | Computer Name = debbie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 9/14/2010 1:58:57 PM | Computer Name = debbie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/6/2012 3:32:13 PM | Computer Name = WS301 | Source = Service Control Manager | ID = 7023
Description =

Error - 4/6/2012 3:32:13 PM | Computer Name = WS301 | Source = Service Control Manager | ID = 7023
Description =

Error - 4/6/2012 3:32:13 PM | Computer Name = WS301 | Source = Service Control Manager | ID = 7000
Description =

Error - 4/6/2012 3:32:13 PM | Computer Name = WS301 | Source = Service Control Manager | ID = 7023
Description =

Error - 4/6/2012 3:32:13 PM | Computer Name = WS301 | Source = Service Control Manager | ID = 7023
Description =

Error - 4/6/2012 3:32:13 PM | Computer Name = WS301 | Source = Service Control Manager | ID = 7023
Description =

Error - 4/6/2012 3:32:13 PM | Computer Name = WS301 | Source = Service Control Manager | ID = 7023
Description =

Error - 4/6/2012 3:32:13 PM | Computer Name = WS301 | Source = Service Control Manager | ID = 7023
Description =

Error - 4/6/2012 3:32:13 PM | Computer Name = WS301 | Source = Service Control Manager | ID = 7022
Description =

Error - 4/6/2012 3:32:13 PM | Computer Name = WS301 | Source = Service Control Manager | ID = 7026
Description =


< End of report >

 

[Broni]

Good news

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSSdk23.dll -- (vpnva)
  SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p1110vid.dll -- (symantecantibotdriver)
  SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cicssfs.scmmc223.dll -- (ovepstatusengine)
  SRV - File not found [Auto | Stopped] -- %systemroot%\system32\statusagent.dll -- (NtMtlFax)
  SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
  SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dobex.dll -- (nmap)
  SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsaa.dll -- (giveio)
  SRV - File not found [Auto | Stopped] -- %systemroot%\system32\efs.dll -- (fuj02b1)
  SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w800obex.dll -- (ftsata2)
  SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fltmgr.dll -- (compaq_rba)
  SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acprfmgrsvc.dll -- (cmdagent)
  DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
  DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
  DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\PCASp50.sys -- (PCASp50)
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVEX15.SYS -- (NAVEX15)
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVENG.SYS -- (NAVENG)
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
  O15 - HKU\S-1-5-21-1652149106-3131603526-267303755-1003\..Trusted Domains: localhost ([]http in Local intranet)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  [2012/04/05 17:15:34 | 000,000,000 | ---D | C] -- C:\Users\WS301\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
  [2012/04/05 17:15:34 | 000,000,605 | ---- | M] () -- C:\Users\WS301\Desktop\SMART_HDD.lnk
  [2011/12/13 22:41:44 | 000,000,000 | ---D | M] -- C:\Users\debbie\AppData\Roaming\829F552B
  @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

==================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[severedgein]

I"m really not sure what happened to the OTL log... I thought I saved it, but i can't seem to find it. SORRY! Should I run it again?

Here are the others in the mean time.


Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG PC Tuneup
Norton Internet Security
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
AVG PC Tuneup
Java(TM) 6 Update 31
Adobe Flash Player 11.2.202.228
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
---------------------------------------------------------------

Farbar Service Scanner Version: 01-03-2012
Ran by WS301 (administrator) on 06-04-2012 at 16:38:19
Running from "C:\Users\WS301\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-12-19 17:57] - [2011-09-20 17:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
----------------------------------------------------------

C:\TDSSKiller_Quarantine\06.04.2012_13.36.39\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.04.2012_13.36.39\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.04.2012_13.36.39\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.04.2012_13.36.39\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.04.2012_13.36.39\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.04.2012_13.36.39\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.04.2012_13.36.39\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.04.2012_13.36.39\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.04.2012_13.36.39\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.04.2012_13.36.39\rtkt0000\zafs0000\tsk0002.dta Win32/Sirefef.DN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.04.2012_13.36.39\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.04.2012_13.36.39\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined

 

[severedgein]

I'll be back on Monday to follow up with this thread since it's a business computer and it's already 9pm. Sorry about the log Broni, thanks very much for your help (again)!!

 

[Broni]

When ready....

Re-run OTL fix one more time.
If still no log re-run it from safe mode.

You're running two AV programs:
Norton Internet Security
Microsoft Security Essentials
One of the has to go.
If Norton use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

 

[severedgein]

The Norton tool took forever to actually begin after extraction, but it ran successfully.

I found the first log for OTL after this second run. however, it doesn't look complete:


Files\Folders moved on Reboot...
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YFQBKOD5\dpsync[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YFQBKOD5\dpsync[2].htm moved successfully.
File\Folder C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XG6I1EKW\PugTracker[1].htm not found!
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V04K0PN8\follow_button[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPDULUE1\dpsync[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NSHLJ6E5\topic179588[1].htm moved successfully.

Registry entries deleted on Reboot...

----------------------------------------------------------------

here's the second log.



All processes killed
========== OTL ==========
Error: No service named vpnva was found to stop!
Service\Driver key vpnva not found.
File %systemroot%\system32\PSSdk23.dll not found.
Error: No service named symantecantibotdriver was found to stop!
Service\Driver key symantecantibotdriver not found.
File %systemroot%\system32\p1110vid.dll not found.
Error: No service named ovepstatusengine was found to stop!
Service\Driver key ovepstatusengine not found.
File %systemroot%\system32\cicssfs.scmmc223.dll not found.
Error: No service named NtMtlFax was found to stop!
Service\Driver key NtMtlFax not found.
File %systemroot%\system32\statusagent.dll not found.
Error: No service named Norton Internet Security was found to stop!
Service\Driver key Norton Internet Security not found.
File C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 not found.
Error: No service named nmap was found to stop!
Service\Driver key nmap not found.
File %systemroot%\system32\SE2Dobex.dll not found.
Error: No service named giveio was found to stop!
Service\Driver key giveio not found.
File %systemroot%\system32\fsaa.dll not found.
Error: No service named fuj02b1 was found to stop!
Service\Driver key fuj02b1 not found.
File %systemroot%\system32\efs.dll not found.
Error: No service named ftsata2 was found to stop!
Service\Driver key ftsata2 not found.
File %systemroot%\system32\w800obex.dll not found.
Error: No service named compaq_rba was found to stop!
Service\Driver key compaq_rba not found.
File %systemroot%\system32\fltmgr.dll not found.
Error: No service named cmdagent was found to stop!
Service\Driver key cmdagent not found.
File %systemroot%\system32\acprfmgrsvc.dll not found.
Error: No service named SRTSPX was found to stop!
Service\Driver key SRTSPX not found.
File C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS not found.
Error: No service named SRTSP was found to stop!
Service\Driver key SRTSP not found.
File C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS not found.
Error: No service named PCASp50 was found to stop!
Service\Driver key PCASp50 not found.
File System32\drivers\PCASp50.sys not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File system32\DRIVERS\nwlnkfwd.sys not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File system32\DRIVERS\nwlnkflt.sys not found.
Error: No service named NAVEX15 was found to stop!
Service\Driver key NAVEX15 not found.
File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVEX15.SYS not found.
Error: No service named NAVENG was found to stop!
Service\Driver key NAVENG not found.
File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVENG.SYS not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File system32\DRIVERS\ipinip.sys not found.
Registry key HKEY_USERS\S-1-5-21-1652149106-3131603526-267303755-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Folder C:\Users\WS301\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD\ not found.
File C:\Users\WS301\Desktop\SMART_HDD.lnk not found.
Folder C:\Users\debbie\AppData\Roaming\829F552B\ not found.
Unable to delete ADS C:\ProgramData\Temp:0B4227B4 .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: debbie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: WS301
->Temp folder emptied: 646480 bytes
->Temporary Internet Files folder emptied: 8424530 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5181 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb


[EMPTYJAVA]

User: All Users

User: debbie
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: WS301
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: debbie
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: WS301
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04092012_091542

Files\Folders moved on Reboot...
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RI91YXV0\follow_button[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RI91YXV0\PugTracker[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RI91YXV0\topic179588[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QL4U0N2I\dpsync[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QL4U0N2I\up[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AH6UFBI0\Artemis[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AH6UFBI0\dpsync[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AH6UFBI0\dpsync[2].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[severedgein]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: debbie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: WS301
->Temp folder emptied: 25372094 bytes
->Temporary Internet Files folder emptied: 4941018 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21657 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29.00 mb


[EMPTYFLASH]

User: All Users

User: debbie
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: WS301
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: debbie
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: WS301
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.39.2 log created on 04092012_131724

Files\Folders moved on Reboot...
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TY1O89QY\918[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TY1O89QY\topic179588[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TY1O89QY\up[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P85GF61B\dpsync[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OLICCH1Q\dpsync[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OLICCH1Q\dpsync[2].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OLICCH1Q\partner[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6A6BVNHF\follow_button[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6A6BVNHF\PugTracker[1].htm moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\WS301\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...


------------------------------------------------------

Broni, there is still a taskbar quick launch icon for the Smart HDD, but all the folders and other icons are gone. Is it safe to just delete that manually? The computer seems clean aside from that. I haven't noticed any other issues.

also, since this is a networked computer, how should I go about making sure the other computers were not affected by this?

 

[Broni]

Is it safe to just delete that manually?

how should I go about making sure the other computers were not affected by this?

If you didn't exchange any files between those computers and the other computers don't show any ill effects you should be fine.

Good luck and stay safe

 

[severedgein]

Thanks for your help Broni, sure I'll be back again soon next time an employee goes somewhere stupid.

 

[Broni]

You're very welcome