Solved The virus revealed itself

harveydf

Posts: 68   +0
Sirs,
I've been searching for this virus for some time now, The symptoms are scans terminate prematurely or without finding anything. My security gets turned off constantly. I get messages that i don't have permission to access files and there is a group privilege. I don"t belong to a group. I'm getting seeded from the internet. I know this because of a linux ubuntu log file. Please Help. Here are the logs.
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.01.03

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Harveydf :: HARVEYDF-PC [administrator]

4/1/2012 5:48:14 PM
mbam-log-2012-04-01 (17-48-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233353
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Data: grpconv -o -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-01 15:28:20
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000062 rev.
Running: koda.exe; Driver: C:\Users\Harveydf\AppData\Local\Temp\uxlcykob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Ip pctgntdi.sys
AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\Udp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Harveydf at 13:55:55 on 2012-04-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2471 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/?_bc=1
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ISTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI
uPolicies-explorer: NoInstrumentation = 1
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{193FD7B8-6ED3-43A3-9D42-499D673FB086} : DhcpNameServer = 192.168.1.254
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\harveydf\appdata\roaming\mozilla\firefox\profiles\lppj4d9t.default\
FF - prefs.js: browser.search.selectedEngine - Startpage
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\harveydf\appdata\local\google\google earth\plugin\npgeplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-14 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-14 342168]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-3-14 253352]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-3-14 402336]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-3-14 1117624]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-3-15 54328]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-3-15 574424]
S1 6594252drv;6594252drv;c:\windows\system32\drivers\6594252drv.sys [2011-8-15 489048]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-14 185560]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-2-14 163328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-14 21992]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-17 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-3-15 793048]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-2-14 9182208]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-2-14 264704]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-12-5 83472]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-3-14 70536]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-3-16 24416]
S3 silabenm;Junsi USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2012-3-11 47176]
S3 silabser;Junsi USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2012-3-11 58496]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-3-15 35264]
S3 ThreatFire;ThreatFire;c:\program files\pc tools\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools\pc tools security\tfengine\TFService.exe service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MJLVASR;MJLVASR;c:\users\harveydf\appdata\local\temp\mjlvasr.exe --> c:\users\harveydf\appdata\local\temp\MJLVASR.exe [?]
S4 NBISZU;NBISZU;c:\users\harveydf\appdata\local\temp\nbiszu.exe --> c:\users\harveydf\appdata\local\temp\NBISZU.exe [?]
S4 OJ;OJ;c:\users\harveydf\appdata\local\temp\oj.exe --> c:\users\harveydf\appdata\local\temp\OJ.exe [?]
.
=============== Created Last 30 ================
.
2012-04-02 01:50:56 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f1a70e0f-d4e1-4e3a-9aed-69f292cecdbd}\mpengine.dll
2012-04-01 20:58:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-26 18:37:30 -------- d-----w- c:\program files\ESET
2012-03-26 11:53:19 -------- d-----w- c:\windows\ERDNT2
2012-03-26 11:52:11 -------- d-----w- c:\program files\ERUNT2
2012-03-24 15:43:42 -------- d-----w- C:\AMD
2012-03-23 17:01:03 -------- d-----w- c:\programdata\Microsoft Symbols for Visual Studio and Process Explorer
2012-03-23 16:58:59 -------- d-----w- c:\users\harveydf\Microsoft Symbols for Visual Studio and Process Explorer
2012-03-23 10:54:56 -------- d-----w- c:\program files\BenchMark Tools
2012-03-23 09:08:30 -------- d-----w- c:\program files\CrystalDiskInfo
2012-03-22 17:55:02 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-03-22 17:52:47 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-03-21 15:32:51 -------- d-----w- c:\users\harveydf\appdata\roaming\GlarySoft
2012-03-21 15:32:50 -------- d-----w- c:\program files\Glary Undelete
2012-03-18 20:39:56 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-03-17 17:42:42 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5f54698d-55cd-4254-9766-493841d8d863}\gapaengine.dll
2012-03-17 17:13:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-17 17:12:50 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-17 08:34:47 -------- d-----w- C:\.Trash-0
2012-03-17 00:40:53 -------- d-----w- c:\users\harveydf\appdata\roaming\GetRightToGo
2012-03-17 00:04:50 14664 ----a-w- c:\windows\stinger.sys
2012-03-17 00:04:18 -------- d-----w- c:\program files\stinger
2012-03-16 19:02:00 -------- d-----w- C:\BackSys
2012-03-16 15:22:38 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-03-16 15:11:06 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-03-16 15:11:06 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-03-16 15:10:59 2 --shatr- c:\windows\winstart.bat
2012-03-16 15:10:55 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-03-16 10:26:59 -------- d-----w- c:\users\harveydf\appdata\roaming\VSRevoGroup
2012-03-16 09:06:55 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-16 09:06:55 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-15 13:22:16 -------- d-----w- c:\users\harveydf\appdata\roaming\Registry Mechanic
2012-03-15 12:54:22 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-03-15 12:54:22 512472 ----a-w- c:\windows\system32\msxml.dll
2012-03-15 12:54:22 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-03-15 12:54:22 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-03-15 12:54:22 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-03-15 12:50:58 -------- d-----w- c:\users\harveydf\appdata\roaming\Product_RM
2012-03-15 11:59:07 -------- d-----w- c:\users\harveydf\appdata\roaming\PCTools
2012-03-15 08:38:31 574424 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-03-15 08:38:30 54328 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-03-15 08:38:30 35264 --s-a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-03-15 01:59:41 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-15 01:59:41 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-03-15 01:59:39 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-03-15 01:59:37 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-15 01:59:32 -------- d-----w- c:\program files\PC Tools
2012-03-15 01:12:24 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-15 01:12:24 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-15 01:12:24 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-15 01:12:24 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-15 01:12:23 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-15 01:12:23 -------- d-----w- c:\program files\common files\PC Tools
2012-03-15 01:07:19 -------- d-----w- c:\users\harveydf\appdata\roaming\TestApp
2012-03-15 01:07:19 -------- d-----w- c:\programdata\PC Tools
2012-03-13 23:40:21 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:40:15 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 23:40:15 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 23:40:15 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 23:40:15 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 23:40:15 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:40:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-13 21:39:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 21:39:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-13 20:04:26 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 20:04:26 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-11 23:58:47 -------- d-----w- c:\users\harveydf\appdata\roaming\LogView
2012-03-11 23:28:50 58496 ----a-w- c:\windows\system32\drivers\silabser.sys
2012-03-11 20:32:23 -------- d-----w- c:\users\harveydf\appdata\local\ElevatedDiagnostics
2012-03-11 18:57:10 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-03-11 18:57:10 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-03-11 18:53:26 -------- d-----w- c:\program files\Silabs
2012-03-11 18:49:53 47176 ----a-w- c:\windows\system32\drivers\silabenm.sys
2012-03-11 18:49:53 1461992 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
2012-03-11 12:47:38 -------- d-----w- c:\users\harveydf\appdata\roaming\EurekaLog
2012-03-11 12:47:09 -------- d-----w- c:\program files\LogView V2
2012-03-11 12:26:27 1112288 ----a-w- c:\windows\system32\WdfCoinstaller01007.dll
2012-03-11 12:26:25 -------- d-----w- c:\program files\Junsi
2012-03-11 12:25:50 -------- d-----w- c:\windows\system32\Silabs
.
==================== Find3M ====================
.
2012-03-16 09:14:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 08:29:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 03:47:12 9182208 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:18:56 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18:40 791040 ----a-w- c:\windows\system32\aticfx32.dll
2012-02-15 03:13:56 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13:20 405504 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:12:48 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11:34 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-02-15 03:10:58 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10:48 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-02-15 03:07:44 6200320 ----a-w- c:\windows\system32\atidxx32.dll
2012-02-15 02:58:56 19392000 ----a-w- c:\windows\system32\atioglxx.dll
2012-02-15 02:40:54 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2012-02-15 02:34:54 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-02-15 02:34:44 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-02-15 02:34:36 5954048 ----a-w- c:\windows\system32\atiumdag.dll
2012-02-15 02:29:52 5062656 ----a-w- c:\windows\system32\atiumdva.dll
2012-02-15 02:29:50 11561984 ----a-w- c:\windows\system32\aticaldd.dll
2012-02-15 02:16:34 51200 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:13:48 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13:32 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13:20 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-02-15 02:12:48 264704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12:14 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2012-02-15 02:12:00 30208 ----a-w- c:\windows\system32\atiu9pag.dll
2012-02-15 02:11:36 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2012-02-15 02:11:22 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11:10 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-02-15 02:11:10 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:56:44.07 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/23/2007 3:55:52 PM
System Uptime: 4/1/2012 1:07:52 PM (0 hours ago)
.
Motherboard: ECS | | MCP61PM-GM
Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket AM2 | 2210/235mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 324 GiB total, 212.136 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 4.488 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is FIXED (NTFS) - 24 GiB total, 24.324 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
Page 1
 
Page 2
.
.
Update for Microsoft Office 2007 (KB2508958)
1500
1500_Help
1500Trb
32 Bit HP CIO Components Installer
7-Zip 9.20
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader for Palm OS, 3.05
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.6
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AMD Catalyst Install Manager
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
Application Verifier
Astrolog32 2.02
AT&T Self Support Tool
AT&T Yahoo! Applications
Audacity 1.3.13 (Unicode)
Aureas v8.7
AutoHotkey 1.0.48.05
Avery Wizard 3.1
Bonjour
BufferChm
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
Connect
Copy
Core Temp version 0.99.8
CPUID CPU-Z 1.57.1
creepy 0.1.93
Debugging Tools for Windows (x86)
Destinations
Dev-C++ 5 beta 9 release (4.9.9.2)
DeviceManagementQFolder
Digital Media Reader
DocProc
DocProcQFolder
ERUNT 1.1j
ESET Online Scanner v3
eSupportQFolder
EVEREST Home Edition v2.20
Fax
FFmpeg v0.6.2 for Audacity
FormatFactory 2.20
Free Window Registry Repair
FreeMind
Gateway Connect
Gateway Games
Gateway Recovery Center Installer
Glary Undelete 1.8.0.468
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPSMaster 2.13.5
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Solution Center 8.0
HP Update
HPProductAssistant
ISO Recorder
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Junior Jyotish 1.10v
Junsi USB to UART Bridge(Windows XP/2003/Vista/7) (Driver Removal)
kuler
LabelPrint
LADSPA_plugins-win-0.4.15
LAME v3.98.3 for Audacity
Malwarebytes Anti-Malware version 1.60.1.1000
Maxtor MaxBlast
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Windows Performance Toolkit
Microsoft Windows SDK .NET Framework Tools (30514)
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Common Utilities (30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
Microsoft Windows SDK MSHelp (30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Mobipocket Creator 4.2
Mobipocket Reader 6.2
Move Networks Media Player for Internet Explorer
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPhoneExplorer
NirSoft VideoCacheView
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenSSL 1.0.0e (32-bit)
Palm Desktop
PC Tools Registry Mechanic 11.0
PC Tools Spyware Doctor 9.0
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Power2Go 5.0
PS2 Multimedia Keyboard Driver
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.93
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Send To Toys v2.61
Skins
Soft Data Fax Modem with SmartCP
SolutionCenter
Status
Suite Shared Configuration CS4
swMSM
SyncToy 2.1 (x86)
The Proxomitron Ver. Naoko-4.5
The Rosetta Stone
TI Connect 1.6
TI StudyCards Creator
Toolbox
TrayApp
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wcaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax Deluxe 2007
Tweaking.com - Simple Performance Boost
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WebReg
Windows Automated Installation Kit
Windows Media Player Firefox Plugin
Windows SDK IntellisenseNFX
WinRAR archiver
XMind
.
==== Event Viewer Messages From Past Week ========
.
6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6
6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6
6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6
6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6
6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6
6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6
6594252drv i8042prt
6594252drv i8042prt
6594252drv i8042prt
6594252drv i8042prt
6594252drv i8042prt
6594252drv i8042prt
6594252drv i8042prt
6594252drv i8042prt
6594252drv i8042prt
6594252drv i8042prt
6594252drv i8042prt
6594252drv i8042prt
6594252drv i8042prt
6594252drv i8042prt
6594252drv i8042prt
6594252drv AFD DfsC i8042prt MpFilter NetBIOS netbt nsiproxy pctgntdi PCTSD PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
6594252drv AFD DfsC i8042prt MpFilter NetBIOS netbt nsiproxy pctgntdi PCTSD PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
6594252drv AFD DfsC i8042prt MpFilter NetBIOS netbt nsiproxy pctgntdi PCTSD PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
4/1/2012 6:04:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
4/1/2012 6:04:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 6:04:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 6:04:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 6:04:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 5:13:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 5:13:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 5:13:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 5:13:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 5:13:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
4/1/2012 4:33:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/1/2012 4:33:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 4:33:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 4:33:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 4:33:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 3:50:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 3:50:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 3:50:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 3:50:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 3:50:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/1/2012 3:40:14 PM, Error: EventLog [6008] - The previous system shutdown at 3:38:56 PM on 4/1/2012 was unexpected.
4/1/2012 2:09:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 2:09:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 2:09:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 2:09:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 2:09:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/1/2012 12:56:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/1/2012 12:56:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Harveydf-PC\Harveydf Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 12:56:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Harveydf-PC\Harveydf Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 12:56:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Harveydf-PC\Harveydf Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 12:56:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Harveydf-PC\Harveydf Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 11:51:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
4/1/2012 11:51:55 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/1/2012 1:59:25 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
 
Page 3
4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:54:05 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/1/2012 1:51:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2012 1:47:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/1/2012 1:47:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/1/2012 1:46:53 PM, Error: EventLog [6008] - The previous system shutdown at 2:15:58 PM on 3/27/2012 was unexpected.
4/1/2012 1:23:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/1/2012 1:18:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/1/2012 1:09:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
4/1/2012 1:09:51 PM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/1/2012 1:09:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/1/2012 1:08:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/1/2012 1:08:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/27/2012 12:59:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
3/27/2012 12:59:59 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/27/2012 12:40:07 PM, Error: EventLog [6008] - The previous system shutdown at 9:26:36 PM on 3/26/2012 was unexpected.
3/26/2012 6:27:33 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A47979D2-C419-11D9-A5B4-001185AD2B89} to the user Harveydf-PC\Harveydf SID (S-1-5-21-3010283643-4083402107-944152190-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/26/2012 5:08:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/26/2012 4:59:04 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/26/2012 4:58:36 AM, Error: EventLog [6008] - The previous system shutdown at 4:56:39 AM on 3/26/2012 was unexpected.
3/26/2012 3:08:55 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/26/2012 2:26:49 AM, Error: EventLog [6008] - The previous system shutdown at 2:23:56 AM on 3/26/2012 was unexpected.
3/26/2012 2:22:04 AM, Error: EventLog [6008] - The previous system shutdown at 2:19:47 AM on 3/26/2012 was unexpected.
3/26/2012 12:48:57 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/26/2012 12:14:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.340.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/26/2012 12:00:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.340.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/26/2012 12:00:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.340.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/26/2012 11:49:28 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/26/2012 11:33:46 AM, Error: EventLog [6008] - The previous system shutdown at 11:22:41 AM on 3/26/2012 was unexpected.
3/25/2012 9:37:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the service.
3/25/2012 9:07:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/25/2012 7:01:00 PM, Error: PCTCore [280] - The item store is corrupted: @5466.
3/25/2012 1:11:16 AM, Error: PCTCore [280] - The item store is corrupted: @5512.
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Page 1
20:59:18.0761 1580 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
20:59:18.0786 1580 ============================================================
20:59:18.0786 1580 Current date / time: 2012/04/01 20:59:18.0786
20:59:18.0786 1580 SystemInfo:
20:59:18.0786 1580
20:59:18.0786 1580 OS Version: 6.0.6002 ServicePack: 2.0
20:59:18.0786 1580 Product type: Workstation
20:59:18.0786 1580 ComputerName: HARVEYDF-PC
20:59:18.0786 1580 UserName: Harveydf
20:59:18.0786 1580 Windows directory: C:\Windows
20:59:18.0786 1580 System windows directory: C:\Windows
20:59:18.0786 1580 Processor architecture: Intel x86
20:59:18.0786 1580 Number of processors: 4
20:59:18.0786 1580 Page size: 0x1000
20:59:18.0786 1580 Boot type: Normal boot
20:59:18.0786 1580 ============================================================
20:59:19.0314 1580 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:59:19.0332 1580 \Device\Harddisk0\DR0:
20:59:19.0333 1580 MBR used
20:59:19.0333 1580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x160FD61
20:59:19.0333 1580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x160FDA0, BlocksNum 0x28884A88
20:59:19.0333 1580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x29EC6386, BlocksNum 0x30D3CB3
20:59:19.0449 1580 Initialize success
20:59:19.0449 1580 ============================================================
20:59:21.0089 3672 ============================================================
20:59:21.0089 3672 Scan started
20:59:21.0089 3672 Mode: Manual;
20:59:21.0089 3672 ============================================================
20:59:21.0553 3672 6594252drv (d45d320418ad6c36cefb59c34540257a) C:\Windows\system32\DRIVERS\6594252drv.sys
20:59:21.0556 3672 6594252drv - ok
20:59:21.0576 3672 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
20:59:21.0610 3672 ac97intc - ok
20:59:21.0640 3672 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:59:21.0642 3672 ACPI - ok
20:59:21.0665 3672 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
20:59:21.0665 3672 adfs - ok
20:59:21.0772 3672 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
20:59:21.0777 3672 Adobe Version Cue CS4 - ok
20:59:21.0801 3672 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:59:21.0804 3672 adp94xx - ok
20:59:21.0824 3672 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:59:21.0826 3672 adpahci - ok
20:59:21.0844 3672 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:59:21.0845 3672 adpu160m - ok
20:59:21.0861 3672 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:59:21.0863 3672 adpu320 - ok
20:59:21.0892 3672 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:59:21.0892 3672 AeLookupSvc - ok
20:59:21.0916 3672 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:59:21.0918 3672 AFD - ok
20:59:21.0937 3672 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
20:59:21.0938 3672 agp440 - ok
20:59:21.0956 3672 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:59:21.0957 3672 aic78xx - ok
20:59:21.0988 3672 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:59:21.0989 3672 ALG - ok
20:59:22.0007 3672 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
20:59:22.0007 3672 aliide - ok
20:59:22.0057 3672 ALSysIO - ok
20:59:22.0086 3672 AMD External Events Utility (cde41d99db840ff9454fc981ebd0ec50) C:\Windows\system32\atiesrxx.exe
20:59:22.0088 3672 AMD External Events Utility - ok
20:59:22.0097 3672 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
20:59:22.0098 3672 amdagp - ok
20:59:22.0126 3672 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
20:59:22.0127 3672 amdide - ok
20:59:22.0140 3672 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:59:22.0161 3672 AmdK7 - ok
20:59:22.0177 3672 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
20:59:22.0201 3672 AmdK8 - ok
20:59:22.0453 3672 amdkmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys
20:59:22.0514 3672 amdkmdag - ok
20:59:22.0554 3672 amdkmdap (c541da5b72fa638469e8dc1e66079330) C:\Windows\system32\DRIVERS\atikmpag.sys
20:59:22.0556 3672 amdkmdap - ok
20:59:22.0586 3672 AOL ACS - ok
20:59:22.0610 3672 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:59:22.0611 3672 Appinfo - ok
20:59:22.0632 3672 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:59:22.0633 3672 arc - ok
20:59:22.0652 3672 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:59:22.0653 3672 arcsas - ok
20:59:22.0702 3672 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:59:22.0702 3672 aspnet_state - ok
20:59:22.0729 3672 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:59:22.0744 3672 AsyncMac - ok
20:59:22.0772 3672 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:59:22.0773 3672 atapi - ok
20:59:22.0810 3672 AtiHDAudioService (9f7ccf1d6faf646f71f029a30ded2dc7) C:\Windows\system32\drivers\AtihdLH3.sys
20:59:22.0811 3672 AtiHDAudioService - ok
20:59:23.0034 3672 atikmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys
20:59:23.0095 3672 atikmdag - ok
20:59:23.0144 3672 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:59:23.0147 3672 AudioEndpointBuilder - ok
20:59:23.0161 3672 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:59:23.0163 3672 Audiosrv - ok
20:59:23.0195 3672 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
20:59:23.0215 3672 bcm4sbxp - ok
20:59:23.0264 3672 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:59:23.0265 3672 Beep - ok
20:59:23.0296 3672 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:59:23.0299 3672 BFE - ok
20:59:23.0350 3672 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:59:23.0358 3672 BITS - ok
20:59:23.0365 3672 blbdrive - ok
20:59:23.0449 3672 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
20:59:23.0452 3672 Bonjour Service - ok
20:59:23.0481 3672 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:59:23.0482 3672 bowser - ok
20:59:23.0500 3672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:59:23.0512 3672 BrFiltLo - ok
20:59:23.0542 3672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:59:23.0554 3672 BrFiltUp - ok
20:59:23.0594 3672 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:59:23.0595 3672 Browser - ok
20:59:23.0616 3672 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:59:23.0643 3672 Brserid - ok
20:59:23.0654 3672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:59:23.0679 3672 BrSerWdm - ok
20:59:23.0695 3672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:59:23.0707 3672 BrUsbMdm - ok
20:59:23.0720 3672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:59:23.0731 3672 BrUsbSer - ok
20:59:23.0749 3672 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:59:23.0769 3672 BTHMODEM - ok
20:59:23.0829 3672 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:59:23.0830 3672 cdfs - ok
20:59:23.0854 3672 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:59:23.0855 3672 cdrom - ok
20:59:23.0881 3672 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:59:23.0882 3672 CertPropSvc - ok
20:59:23.0895 3672 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:59:23.0916 3672 circlass - ok
20:59:23.0943 3672 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:59:23.0946 3672 CLFS - ok
20:59:23.0998 3672 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:59:23.0999 3672 clr_optimization_v2.0.50727_32 - ok
20:59:24.0039 3672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:59:24.0040 3672 clr_optimization_v4.0.30319_32 - ok
20:59:24.0055 3672 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
20:59:24.0067 3672 CmBatt - ok
20:59:24.0078 3672 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
20:59:24.0079 3672 cmdide - ok
20:59:24.0105 3672 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:59:24.0105 3672 Compbatt - ok
20:59:24.0112 3672 COMSysApp - ok
20:59:24.0139 3672 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
20:59:24.0139 3672 cpuz135 - ok
20:59:24.0148 3672 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:59:24.0149 3672 crcdisk - ok
20:59:24.0161 3672 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:59:24.0182 3672 Crusoe - ok
20:59:24.0198 3672 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:59:24.0199 3672 CryptSvc - ok
20:59:24.0233 3672 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:59:24.0238 3672 DcomLaunch - ok
20:59:24.0262 3672 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:59:24.0263 3672 DfsC - ok
20:59:24.0329 3672 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:59:24.0342 3672 DFSR - ok
20:59:24.0368 3672 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:59:24.0370 3672 Dhcp - ok
20:59:24.0398 3672 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:59:24.0398 3672 disk - ok
20:59:24.0434 3672 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:59:24.0435 3672 Dnscache - ok
20:59:24.0465 3672 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:59:24.0467 3672 dot3svc - ok
20:59:24.0495 3672 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:59:24.0511 3672 Dot4 - ok
20:59:24.0528 3672 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:59:24.0542 3672 Dot4Print - ok
20:59:24.0572 3672 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:59:24.0591 3672 dot4usb - ok
20:59:24.0607 3672 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:59:24.0609 3672 DPS - ok
20:59:24.0631 3672 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:59:24.0632 3672 drmkaud - ok
20:59:24.0667 3672 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:59:24.0671 3672 DXGKrnl - ok
20:59:24.0691 3672 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:59:24.0721 3672 E1G60 - ok
20:59:24.0743 3672 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:59:24.0745 3672 EapHost - ok
20:59:24.0820 3672 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:59:24.0822 3672 Ecache - ok
20:59:24.0855 3672 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:59:24.0907 3672 ehRecvr - ok
20:59:24.0923 3672 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:59:24.0955 3672 ehSched - ok
20:59:24.0967 3672 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:59:24.0984 3672 ehstart - ok
20:59:25.0002 3672 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:59:25.0005 3672 elxstor - ok
20:59:25.0041 3672 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:59:25.0046 3672 EMDMgmt - ok
20:59:25.0075 3672 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:59:25.0078 3672 EventSystem - ok
20:59:25.0104 3672 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:59:25.0128 3672 exfat - ok
20:59:25.0156 3672 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:59:25.0181 3672 fastfat - ok
20:59:25.0198 3672 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:59:25.0217 3672 fdc - ok
20:59:25.0241 3672 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:59:25.0242 3672 fdPHost - ok
20:59:25.0267 3672 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:59:25.0269 3672 FDResPub - ok
20:59:25.0283 3672 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:59:25.0284 3672 FileInfo - ok
20:59:25.0325 3672 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:59:25.0343 3672 Filetrace - ok
20:59:25.0401 3672 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:59:25.0406 3672 FLEXnet Licensing Service - ok
20:59:25.0419 3672 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:59:25.0434 3672 flpydisk - ok
20:59:25.0464 3672 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:59:25.0466 3672 FltMgr - ok
20:59:25.0507 3672 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:59:25.0513 3672 FontCache - ok
20:59:25.0545 3672 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:59:25.0545 3672 FontCache3.0.0.0 - ok
20:59:25.0561 3672 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:59:25.0562 3672 Fs_Rec - ok
20:59:25.0577 3672 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:59:25.0578 3672 gagp30kx - ok
20:59:25.0634 3672 GameConsoleService (18d33bf4e02a6c243613357d1719d913) C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
20:59:25.0765 3672 GameConsoleService - ok
20:59:25.0794 3672 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:59:25.0795 3672 GEARAspiWDM - ok
20:59:25.0822 3672 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:59:25.0827 3672 gpsvc - ok
20:59:25.0864 3672 gupdate - ok
20:59:25.0868 3672 gupdatem - ok
20:59:25.0897 3672 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:59:25.0899 3672 gusvc - ok
20:59:25.0932 3672 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
20:59:25.0946 3672 HdAudAddService - ok
20:59:25.0978 3672 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:59:25.0982 3672 HDAudBus - ok
20:59:25.0995 3672 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:59:26.0012 3672 HidBth - ok
20:59:26.0023 3672 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:59:26.0038 3672 HidIr - ok
20:59:26.0076 3672 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
20:59:26.0077 3672 hidserv - ok
20:59:26.0091 3672 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:59:26.0092 3672 HidUsb - ok
20:59:26.0116 3672 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:59:26.0118 3672 hkmsvc - ok
20:59:26.0132 3672 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:59:26.0133 3672 HpCISSs - ok
20:59:26.0176 3672 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:59:26.0201 3672 HSF_DPV - ok
20:59:26.0228 3672 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
20:59:26.0250 3672 HSXHWBS2 - ok
20:59:26.0286 3672 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:59:26.0289 3672 HTTP - ok
20:59:26.0307 3672 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:59:26.0308 3672 i2omp - ok
20:59:26.0336 3672 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:59:26.0360 3672 i8042prt - ok
20:59:26.0401 3672 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
20:59:26.0427 3672 ialm - ok
20:59:26.0443 3672 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:59:26.0445 3672 iaStorV - ok
20:59:26.0496 3672 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:59:26.0521 3672 idsvc - ok
20:59:26.0537 3672 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:59:26.0538 3672 iirsp - ok
20:59:26.0574 3672 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:59:26.0577 3672 IKEEXT - ok
20:59:26.0695 3672 IntcAzAudAddService (d4394a481b845cc1df361a85751c071a) C:\Windows\system32\drivers\RTKVHDA.sys
20:59:26.0720 3672 IntcAzAudAddService - ok
20:59:26.0732 3672 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
20:59:26.0732 3672 intelide - ok
20:59:26.0756 3672 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
20:59:26.0779 3672 intelppm - ok
20:59:26.0875 3672 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
20:59:26.0875 3672 IntuitUpdateService - ok
20:59:26.0900 3672 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:59:26.0902 3672 IPBusEnum - ok
20:59:26.0938 3672 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:59:26.0964 3672 IpFilterDriver - ok
20:59:26.0991 3672 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:59:26.0993 3672 iphlpsvc - ok
20:59:27.0001 3672 IpInIp - ok
20:59:27.0015 3672 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:59:27.0049 3672 IPMIDRV - ok
20:59:27.0079 3672 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:59:27.0097 3672 IPNAT - ok
20:59:27.0100 3672 iPod Service - ok
20:59:27.0128 3672 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:59:27.0143 3672 IRENUM - ok
20:59:27.0160 3672 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
20:59:27.0162 3672 isapnp - ok
20:59:27.0196 3672 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:59:27.0197 3672 iScsiPrt - ok
20:59:27.0216 3672 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:59:27.0217 3672 iteatapi - ok
20:59:27.0236 3672 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:59:27.0237 3672 iteraid - ok
20:59:27.0260 3672 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:59:27.0261 3672 kbdclass - ok
20:59:27.0282 3672 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:59:27.0283 3672 kbdhid - ok
20:59:27.0307 3672 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:59:27.0308 3672 KeyIso - ok
20:59:27.0339 3672 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:59:27.0343 3672 KSecDD - ok
20:59:27.0367 3672 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:59:27.0371 3672 KtmRm - ok
20:59:27.0389 3672 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:59:27.0392 3672 LanmanServer - ok
20:59:27.0422 3672 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:59:27.0426 3672 LanmanWorkstation - ok
20:59:27.0466 3672 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:59:27.0467 3672 lltdio - ok
20:59:27.0495 3672 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:59:27.0498 3672 lltdsvc - ok
20:59:27.0522 3672 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:59:27.0524 3672 lmhosts - ok
20:59:27.0539 3672 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:59:27.0540 3672 LSI_FC - ok
20:59:27.0557 3672 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:59:27.0558 3672 LSI_SAS - ok
20:59:27.0577 3672 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:59:27.0578 3672 LSI_SCSI - ok
20:59:27.0604 3672 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:59:27.0605 3672 luafv - ok
20:59:27.0638 3672 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys
20:59:27.0639 3672 LUsbFilt - ok
20:59:27.0673 3672 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:59:27.0675 3672 Mcx2Svc - ok
20:59:27.0733 3672 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:59:27.0735 3672 MDM - ok
20:59:27.0806 3672 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:59:27.0807 3672 mdmxsdk - ok
20:59:27.0823 3672 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:59:27.0824 3672 megasas - ok
20:59:27.0891 3672 MJLVASR - ok
20:59:27.0932 3672 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:59:27.0933 3672 MMCSS - ok
20:59:27.0948 3672 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:59:27.0967 3672 Modem - ok
20:59:27.0996 3672 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:59:27.0997 3672 monitor - ok
20:59:28.0011 3672 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:59:28.0012 3672 mouclass - ok
20:59:28.0030 3672 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:59:28.0031 3672 mouhid - ok
20:59:28.0057 3672 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:59:28.0058 3672 MountMgr - ok
20:59:28.0109 3672 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
20:59:28.0111 3672 MpFilter - ok
20:59:28.0127 3672 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:59:28.0129 3672 mpio - ok
20:59:28.0147 3672 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:59:28.0148 3672 MpNWMon - ok
20:59:28.0161 3672 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:59:28.0162 3672 mpsdrv - ok
20:59:28.0191 3672 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:59:28.0195 3672 MpsSvc - ok
20:59:28.0211 3672 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:59:28.0212 3672 Mraid35x - ok
20:59:28.0250 3672 MREMP50a64 - ok
20:59:28.0278 3672 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:59:28.0280 3672 MRxDAV - ok
20:59:28.0304 3672 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:59:28.0305 3672 mrxsmb - ok
20:59:28.0332 3672 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:59:28.0334 3672 mrxsmb10 - ok
20:59:28.0342 3672 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:59:28.0343 3672 mrxsmb20 - ok
20:59:28.0358 3672 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
20:59:28.0358 3672 msahci - ok
20:59:28.0374 3672 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:59:28.0376 3672 msdsm - ok
20:59:28.0401 3672 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:59:28.0404 3672 MSDTC - ok
20:59:28.0430 3672 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:59:28.0431 3672 Msfs - ok
20:59:28.0445 3672 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:59:28.0446 3672 msisadrv - ok
20:59:28.0477 3672 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:59:28.0480 3672 MSiSCSI - ok
20:59:28.0499 3672 msiserver - ok
20:59:28.0522 3672 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:59:28.0545 3672 MSKSSRV - ok
20:59:28.0580 3672 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:59:28.0581 3672 MsMpSvc - ok
20:59:28.0604 3672 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:59:28.0612 3672 MSPCLOCK - ok
20:59:28.0638 3672 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:59:28.0648 3672 MSPQM - ok
20:59:28.0677 3672 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:59:28.0678 3672 MsRPC - ok
20:59:28.0693 3672 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:59:28.0694 3672 mssmbios - ok
20:59:28.0707 3672 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:59:28.0716 3672 MSTEE - ok
20:59:28.0749 3672 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:59:28.0750 3672 Mup - ok
20:59:28.0829 3672 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:59:28.0833 3672 napagent - ok
20:59:28.0864 3672 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:59:28.0865 3672 NativeWifiP - ok
20:59:28.0920 3672 NBISZU - ok
20:59:28.0956 3672 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:59:28.0959 3672 NDIS - ok
20:59:28.0981 3672 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:59:28.0981 3672 NdisTapi - ok
20:59:29.0002 3672 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:59:29.0003 3672 Ndisuio - ok
20:59:29.0028 3672 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:59:29.0029 3672 NdisWan - ok
20:59:29.0055 3672 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:59:29.0056 3672 NDProxy - ok
20:59:29.0088 3672 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:59:29.0089 3672 NetBIOS - ok
20:59:29.0116 3672 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:59:29.0118 3672 netbt - ok
20:59:29.0148 3672 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:59:29.0149 3672 Netlogon - ok
20:59:29.0176 3672 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:59:29.0180 3672 Netman - ok
20:59:29.0224 3672 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:59:29.0226 3672 NetMsmqActivator - ok
20:59:29.0230 3672 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:59:29.0231 3672 NetPipeActivator - ok
20:59:29.0267 3672 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:59:29.0270 3672 netprofm - ok
20:59:29.0276 3672 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:59:29.0277 3672 NetTcpActivator - ok
20:59:29.0281 3672 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:59:29.0283 3672 NetTcpPortSharing - ok
20:59:29.0358 3672 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
20:59:29.0391 3672 NETw2v32 - ok
20:59:29.0408 3672 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:59:29.0410 3672 nfrd960 - ok
20:59:29.0444 3672 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:59:29.0445 3672 NisDrv - ok
20:59:29.0524 3672 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
20:59:29.0526 3672 NisSrv - ok
20:59:29.0554 3672 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:59:29.0557 3672 NlaSvc - ok
20:59:29.0588 3672 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:59:29.0589 3672 Npfs - ok
20:59:29.0615 3672 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:59:29.0617 3672 nsi - ok
20:59:29.0635 3672 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:59:29.0636 3672 nsiproxy - ok
20:59:29.0679 3672 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:59:29.0687 3672 Ntfs - ok
20:59:29.0701 3672 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:59:29.0716 3672 ntrigdigi - ok
20:59:29.0742 3672 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:59:29.0742 3672 Null - ok
20:59:29.0820 3672 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
20:59:29.0876 3672 NVENETFD - ok
20:59:29.0909 3672 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
20:59:29.0911 3672 NVNET - ok
20:59:29.0933 3672 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:59:29.0935 3672 nvraid - ok
20:59:29.0953 3672 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:59:29.0954 3672 nvstor - ok
20:59:29.0975 3672 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
20:59:29.0976 3672 nvstor32 - ok
20:59:29.0991 3672 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
20:59:29.0992 3672 nv_agp - ok
20:59:30.0000 3672 NwlnkFlt - ok
 
Page 2
20:59:30.0009 3672 NwlnkFwd - ok
20:59:30.0072 3672 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:59:30.0079 3672 odserv - ok
20:59:30.0099 3672 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
20:59:30.0123 3672 ohci1394 - ok
20:59:30.0173 3672 OJ - ok
20:59:30.0199 3672 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:59:30.0201 3672 ose - ok
20:59:30.0238 3672 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:59:30.0244 3672 p2pimsvc - ok
20:59:30.0288 3672 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:59:30.0294 3672 p2psvc - ok
20:59:30.0340 3672 PalmUSBD (803cf09c795290825607505d37819135) C:\Windows\system32\drivers\PalmUSBD.sys
20:59:30.0353 3672 PalmUSBD - ok
20:59:30.0385 3672 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:59:30.0418 3672 Parport - ok
20:59:30.0437 3672 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys
20:59:30.0460 3672 Partizan - ok
20:59:30.0474 3672 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:59:30.0474 3672 partmgr - ok
20:59:30.0493 3672 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:59:30.0504 3672 Parvdm - ok
20:59:30.0526 3672 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:59:30.0528 3672 PcaSvc - ok
20:59:30.0559 3672 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:59:30.0560 3672 pci - ok
20:59:30.0575 3672 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:59:30.0575 3672 pciide - ok
20:59:30.0595 3672 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
20:59:30.0598 3672 pcmcia - ok
20:59:30.0627 3672 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\Windows\system32\drivers\PCTCore.sys
20:59:30.0630 3672 PCTCore - ok
20:59:30.0658 3672 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\Windows\system32\drivers\pctDS.sys
20:59:30.0661 3672 pctDS - ok
20:59:30.0691 3672 pctgntdi (cee55a1df92cb30f87280b6a04aadce8) C:\Windows\System32\drivers\pctgntdi.sys
20:59:30.0693 3672 pctgntdi - ok
20:59:30.0765 3672 PCToolsSSDMonitorSvc (a0937771070bf59468b4939dd0ae59fd) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
20:59:30.0770 3672 PCToolsSSDMonitorSvc - ok
20:59:30.0811 3672 pctplsg (061b86fd64a61ad187efc788d6c408b0) C:\Windows\System32\drivers\pctplsg.sys
20:59:30.0812 3672 pctplsg - ok
20:59:30.0827 3672 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\Windows\system32\Drivers\PCTSD.sys
20:59:30.0828 3672 PCTSD - ok
20:59:30.0869 3672 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:59:30.0875 3672 PEAUTH - ok
20:59:30.0958 3672 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:59:30.0972 3672 pla - ok
20:59:31.0010 3672 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:59:31.0014 3672 PlugPlay - ok
20:59:31.0051 3672 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:59:31.0058 3672 PNRPAutoReg - ok
20:59:31.0126 3672 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:59:31.0132 3672 PNRPsvc - ok
20:59:31.0163 3672 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:59:31.0167 3672 PolicyAgent - ok
20:59:31.0188 3672 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:59:31.0189 3672 PptpMiniport - ok
20:59:31.0216 3672 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
20:59:31.0217 3672 Processor - ok
20:59:31.0241 3672 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:59:31.0245 3672 ProfSvc - ok
20:59:31.0273 3672 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:59:31.0275 3672 ProtectedStorage - ok
20:59:31.0305 3672 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:59:31.0306 3672 PSched - ok
20:59:31.0342 3672 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:59:31.0367 3672 ql2300 - ok
20:59:31.0403 3672 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:59:31.0405 3672 ql40xx - ok
20:59:31.0439 3672 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:59:31.0442 3672 QWAVE - ok
20:59:31.0467 3672 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:59:31.0488 3672 QWAVEdrv - ok
20:59:31.0507 3672 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:59:31.0507 3672 RasAcd - ok
20:59:31.0534 3672 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:59:31.0536 3672 RasAuto - ok
20:59:31.0547 3672 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:59:31.0548 3672 Rasl2tp - ok
20:59:31.0576 3672 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:59:31.0580 3672 RasMan - ok
20:59:31.0602 3672 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:59:31.0603 3672 RasPppoe - ok
20:59:31.0636 3672 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:59:31.0637 3672 RasSstp - ok
20:59:31.0660 3672 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:59:31.0662 3672 rdbss - ok
20:59:31.0687 3672 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:59:31.0688 3672 RDPCDD - ok
20:59:31.0711 3672 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
20:59:31.0716 3672 rdpdr - ok
20:59:31.0724 3672 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:59:31.0725 3672 RDPENCDD - ok
20:59:31.0778 3672 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
20:59:31.0842 3672 RDPWD - ok
20:59:31.0881 3672 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\Windows\system32\Drivers\regguard.sys
20:59:31.0897 3672 RegGuard - ok
20:59:31.0921 3672 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:59:31.0923 3672 RemoteAccess - ok
20:59:31.0952 3672 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:59:31.0955 3672 RemoteRegistry - ok
20:59:31.0979 3672 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:59:31.0981 3672 RpcLocator - ok
20:59:32.0000 3672 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:59:32.0006 3672 RpcSs - ok
20:59:32.0030 3672 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:59:32.0031 3672 rspndr - ok
20:59:32.0052 3672 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:59:32.0054 3672 SamSs - ok
20:59:32.0075 3672 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:59:32.0076 3672 sbp2port - ok
20:59:32.0098 3672 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:59:32.0101 3672 SCardSvr - ok
20:59:32.0139 3672 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:59:32.0145 3672 Schedule - ok
20:59:32.0172 3672 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:59:32.0173 3672 SCPolicySvc - ok
20:59:32.0234 3672 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
20:59:32.0237 3672 sdAuxService - ok
20:59:32.0256 3672 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
20:59:32.0271 3672 sdbus - ok
20:59:32.0315 3672 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
20:59:32.0322 3672 sdCoreService - ok
20:59:32.0362 3672 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:59:32.0365 3672 SDRSVC - ok
20:59:32.0401 3672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:59:32.0402 3672 secdrv - ok
20:59:32.0448 3672 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:59:32.0451 3672 seclogon - ok
20:59:32.0489 3672 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:59:32.0491 3672 SENS - ok
20:59:32.0530 3672 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:59:32.0542 3672 Serenum - ok
20:59:32.0568 3672 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:59:32.0569 3672 Serial - ok
20:59:32.0621 3672 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:59:32.0635 3672 sermouse - ok
20:59:32.0677 3672 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:59:32.0680 3672 SessionEnv - ok
20:59:32.0719 3672 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
20:59:32.0731 3672 sffdisk - ok
20:59:32.0797 3672 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:59:32.0809 3672 sffp_mmc - ok
20:59:32.0834 3672 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
20:59:32.0847 3672 sffp_sd - ok
20:59:32.0855 3672 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:59:32.0867 3672 sfloppy - ok
20:59:32.0902 3672 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:59:32.0905 3672 SharedAccess - ok
20:59:32.0933 3672 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:59:32.0937 3672 ShellHWDetection - ok
20:59:32.0981 3672 silabenm (3ead8e1668ce42a0afe41d56e7157bcf) C:\Windows\system32\DRIVERS\silabenm.sys
20:59:32.0982 3672 silabenm - ok
20:59:33.0018 3672 silabser (177d3ebf3e236a272d769c14f73ecc3e) C:\Windows\system32\DRIVERS\silabser.sys
20:59:33.0048 3672 silabser - ok
20:59:33.0075 3672 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
20:59:33.0077 3672 sisagp - ok
20:59:33.0087 3672 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:59:33.0088 3672 SiSRaid2 - ok
20:59:33.0110 3672 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:59:33.0111 3672 SiSRaid4 - ok
20:59:33.0234 3672 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:59:33.0257 3672 slsvc - ok
20:59:33.0291 3672 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:59:33.0293 3672 SLUINotify - ok
20:59:33.0321 3672 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:59:33.0322 3672 Smb - ok
20:59:33.0382 3672 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
20:59:33.0384 3672 snapman - ok
20:59:33.0419 3672 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:59:33.0421 3672 SNMPTRAP - ok
20:59:33.0469 3672 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:59:33.0469 3672 spldr - ok
20:59:33.0513 3672 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:59:33.0516 3672 Spooler - ok
20:59:33.0589 3672 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:59:33.0592 3672 srv - ok
20:59:33.0632 3672 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:59:33.0633 3672 srv2 - ok
20:59:33.0672 3672 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:59:33.0673 3672 srvnet - ok
20:59:33.0712 3672 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:59:33.0716 3672 SSDPSRV - ok
20:59:33.0746 3672 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:59:33.0749 3672 SstpSvc - ok
20:59:33.0782 3672 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:59:33.0787 3672 stisvc - ok
20:59:33.0816 3672 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:59:33.0817 3672 swenum - ok
20:59:33.0845 3672 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:59:33.0849 3672 swprv - ok
20:59:33.0874 3672 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:59:33.0883 3672 Symc8xx - ok
20:59:33.0904 3672 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:59:33.0905 3672 Sym_hi - ok
20:59:33.0927 3672 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:59:33.0928 3672 Sym_u3 - ok
20:59:33.0969 3672 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:59:33.0975 3672 SysMain - ok
20:59:34.0014 3672 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:59:34.0017 3672 TabletInputService - ok
20:59:34.0088 3672 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:59:34.0092 3672 TapiSrv - ok
20:59:34.0134 3672 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:59:34.0137 3672 TBS - ok
20:59:34.0283 3672 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
20:59:34.0290 3672 Tcpip - ok
20:59:34.0408 3672 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
20:59:34.0414 3672 Tcpip6 - ok
20:59:34.0451 3672 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
20:59:34.0451 3672 tcpipreg - ok
20:59:34.0495 3672 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:59:34.0510 3672 TDPIPE - ok
20:59:34.0573 3672 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
20:59:34.0576 3672 tdrpman - ok
20:59:34.0613 3672 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:59:34.0631 3672 TDTCP - ok
20:59:34.0692 3672 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:59:34.0693 3672 tdx - ok
20:59:34.0737 3672 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:59:34.0738 3672 TermDD - ok
20:59:34.0781 3672 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:59:34.0786 3672 TermService - ok
20:59:34.0837 3672 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\Windows\system32\drivers\TfFsMon.sys
20:59:34.0838 3672 TfFsMon - ok
20:59:34.0865 3672 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\Windows\system32\drivers\TfNetMon.sys
20:59:34.0866 3672 TfNetMon - ok
20:59:34.0901 3672 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\Windows\system32\drivers\TfSysMon.sys
20:59:34.0905 3672 TFSysMon - ok
20:59:34.0933 3672 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:59:34.0937 3672 Themes - ok
20:59:34.0961 3672 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:59:34.0963 3672 THREADORDER - ok
20:59:35.0132 3672 ThreatFire - ok
20:59:35.0172 3672 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
20:59:35.0173 3672 tifsfilter - ok
20:59:35.0223 3672 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
20:59:35.0226 3672 timounter - ok
20:59:35.0271 3672 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:59:35.0274 3672 TrkWks - ok
20:59:35.0302 3672 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:59:35.0334 3672 TrustedInstaller - ok
20:59:35.0397 3672 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:59:35.0413 3672 tssecsrv - ok
20:59:35.0448 3672 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:59:35.0449 3672 tunmp - ok
20:59:35.0498 3672 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:59:35.0499 3672 tunnel - ok
20:59:35.0533 3672 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:59:35.0534 3672 uagp35 - ok
20:59:35.0564 3672 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:59:35.0614 3672 udfs - ok
20:59:35.0662 3672 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:59:35.0665 3672 UI0Detect - ok
20:59:35.0678 3672 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
20:59:35.0680 3672 uliagpkx - ok
20:59:35.0730 3672 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:59:35.0734 3672 uliahci - ok
20:59:35.0796 3672 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:59:35.0809 3672 UlSata - ok
20:59:35.0818 3672 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:59:35.0821 3672 ulsata2 - ok
20:59:35.0848 3672 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:59:35.0849 3672 umbus - ok
20:59:35.0881 3672 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:59:35.0885 3672 upnphost - ok
20:59:35.0932 3672 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:59:35.0963 3672 usbccgp - ok
20:59:35.0997 3672 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:59:36.0035 3672 usbcir - ok
20:59:36.0051 3672 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:59:36.0052 3672 usbehci - ok
20:59:36.0080 3672 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:59:36.0082 3672 usbhub - ok
20:59:36.0091 3672 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
20:59:36.0092 3672 usbohci - ok
20:59:36.0126 3672 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:59:36.0144 3672 usbprint - ok
20:59:36.0171 3672 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:59:36.0192 3672 usbscan - ok
20:59:36.0208 3672 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:59:36.0209 3672 USBSTOR - ok
20:59:36.0227 3672 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
20:59:36.0244 3672 usbuhci - ok
20:59:36.0271 3672 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:59:36.0273 3672 UxSms - ok
20:59:36.0301 3672 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:59:36.0307 3672 vds - ok
20:59:36.0318 3672 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:59:36.0335 3672 vga - ok
20:59:36.0362 3672 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:59:36.0363 3672 VgaSave - ok
20:59:36.0376 3672 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
20:59:36.0377 3672 viaagp - ok
20:59:36.0394 3672 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:59:36.0415 3672 ViaC7 - ok
20:59:36.0427 3672 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
20:59:36.0428 3672 viaide - ok
20:59:36.0453 3672 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:59:36.0454 3672 volmgr - ok
20:59:36.0489 3672 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:59:36.0491 3672 volmgrx - ok
20:59:36.0524 3672 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:59:36.0526 3672 volsnap - ok
20:59:36.0548 3672 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:59:36.0550 3672 vsmraid - ok
20:59:36.0595 3672 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:59:36.0605 3672 VSS - ok
20:59:36.0636 3672 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:59:36.0641 3672 W32Time - ok
20:59:36.0660 3672 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:59:36.0674 3672 WacomPen - ok
20:59:36.0696 3672 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:59:36.0697 3672 Wanarp - ok
20:59:36.0701 3672 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:59:36.0702 3672 Wanarpv6 - ok
20:59:36.0729 3672 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
20:59:36.0730 3672 wanatw - ok
20:59:36.0789 3672 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:59:36.0794 3672 wcncsvc - ok
20:59:36.0815 3672 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:59:36.0818 3672 WcsPlugInService - ok
20:59:36.0831 3672 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:59:36.0832 3672 Wd - ok
20:59:36.0880 3672 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:59:36.0884 3672 Wdf01000 - ok
20:59:36.0908 3672 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:59:36.0912 3672 WdiServiceHost - ok
20:59:36.0916 3672 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:59:36.0919 3672 WdiSystemHost - ok
20:59:36.0933 3672 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:59:36.0936 3672 WebClient - ok
20:59:36.0965 3672 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:59:36.0968 3672 Wecsvc - ok
20:59:36.0993 3672 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:59:36.0996 3672 wercplsupport - ok
20:59:37.0024 3672 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:59:37.0027 3672 WerSvc - ok
20:59:37.0055 3672 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
20:59:37.0057 3672 WimFltr - ok
20:59:37.0098 3672 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:59:37.0121 3672 winachsf - ok
20:59:37.0183 3672 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:59:37.0185 3672 WinDefend - ok
20:59:37.0192 3672 WinHttpAutoProxySvc - ok
20:59:37.0226 3672 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:59:37.0228 3672 Winmgmt - ok
20:59:37.0282 3672 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:59:37.0293 3672 WinRM - ok
20:59:37.0334 3672 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:59:37.0340 3672 Wlansvc - ok
20:59:37.0371 3672 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
20:59:37.0381 3672 WmiAcpi - ok
20:59:37.0408 3672 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:59:37.0439 3672 wmiApSrv - ok
20:59:37.0494 3672 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:59:37.0501 3672 WMPNetworkSvc - ok
20:59:37.0514 3672 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:59:37.0517 3672 WPCSvc - ok
20:59:37.0544 3672 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:59:37.0547 3672 WPDBusEnum - ok
20:59:37.0586 3672 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:59:37.0608 3672 WpdUsb - ok
20:59:37.0692 3672 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:59:37.0697 3672 WPFFontCache_v0400 - ok
20:59:37.0730 3672 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:59:37.0730 3672 ws2ifsl - ok
20:59:37.0769 3672 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:59:37.0772 3672 wscsvc - ok
20:59:37.0779 3672 WSearch - ok
20:59:37.0874 3672 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:59:37.0889 3672 wuauserv - ok
20:59:37.0915 3672 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:59:37.0916 3672 WUDFRd - ok
20:59:37.0943 3672 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:59:37.0946 3672 wudfsvc - ok
20:59:37.0964 3672 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
20:59:37.0965 3672 XAudio - ok
20:59:37.0993 3672 XAudioService (96db5621857e1fddd1aa60733748bf17) C:\Windows\system32\DRIVERS\xaudio.exe
20:59:37.0996 3672 XAudioService - ok
20:59:38.0011 3672 MBR (0x1B8) (49f762a4b50ce0d32f1fdbab7ef9b96a) \Device\Harddisk0\DR0
20:59:38.0049 3672 \Device\Harddisk0\DR0 - ok
20:59:38.0052 3672 Boot (0x1200) (10ff9c14cd7c653f910b683224932980) \Device\Harddisk0\DR0\Partition0
20:59:38.0053 3672 \Device\Harddisk0\DR0\Partition0 - ok
20:59:38.0057 3672 Boot (0x1200) (c1dc6e02b93052c89b63df3fa485b757) \Device\Harddisk0\DR0\Partition1
20:59:38.0058 3672 \Device\Harddisk0\DR0\Partition1 - ok
20:59:38.0075 3672 Boot (0x1200) (be874b919c17bd6da2c09a168ca44d65) \Device\Harddisk0\DR0\Partition2
20:59:38.0077 3672 \Device\Harddisk0\DR0\Partition2 - ok
20:59:38.0077 3672 ============================================================
20:59:38.0077 3672 Scan finished
20:59:38.0077 3672 ============================================================
20:59:38.0089 5984 Detected object count: 0
20:59:38.0089 5984 Actual detected object count: 0
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Pc tools Smart Updates popped up to download updates, I didn't touch it.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 21:34:13
-----------------------------
21:34:13.169 OS Version: Windows 6.0.6002 Service Pack 2
21:34:13.170 Number of processors: 4 586 0x202
21:34:13.170 ComputerName: HARVEYDF-PC UserName: Harveydf
21:34:30.330 Initialize success
21:46:00.255 AVAST engine defs: 12040101
21:46:22.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
21:46:22.533 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 6
21:46:22.571 Disk 0 MBR read successfully
21:46:22.574 Disk 0 MBR scan
21:46:22.749 Disk 0 Windows VISTA default MBR code
21:46:22.767 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 11295 MB offset 63
21:46:22.813 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 332041 MB offset 23133600
21:46:22.848 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 24999 MB offset 703357830
21:46:22.862 Disk 0 Partition - 00 05 Extended 108502 MB offset 754558974
21:46:22.891 Disk 0 Partition 4 00 83 Linux 104408 MB offset 754558976
21:46:22.898 Disk 0 Partition - 00 05 Extended 4094 MB offset 968386560
21:46:22.942 Disk 0 scanning sectors +976771072
21:46:23.085 Disk 0 scanning C:\Windows\system32\drivers
21:46:43.348 Service scanning
21:46:55.873 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:47:13.734 Modules scanning
21:47:17.517 Disk 0 trace - called modules:
21:47:17.529 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll storport.sys nvstor32.sys
21:47:17.534 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8695e5b0]
21:47:17.539 3 CLASSPNP.SYS[8afcb8b3] -> nt!IofCallDriver -> [0x8695edb0]
21:47:17.544 5 PCTCore.sys[8ae76407] -> nt!IofCallDriver -> [0x84d50d98]
21:47:17.549 7 acpi.sys[8ac096bc] -> nt!IofCallDriver -> \Device\00000060[0x857817e0]
21:47:19.935 AVAST engine scan C:\Windows
21:47:27.543 AVAST engine scan C:\Windows\system32
21:52:15.591 AVAST engine scan C:\Windows\system32\drivers
21:52:44.236 AVAST engine scan C:\Users\Harveydf
21:53:02.339 Verifying
21:53:12.368 Disk 0 Windows 600 MBR fixed successfully
21:53:23.335 Disk 0 MBR has been saved successfully to "C:\Users\Harveydf\Desktop\MBR.dat"
21:53:23.341 The log file has been saved successfully to "C:\Users\Harveydf\Desktop\aswMBR.txt"
22:04:21.513 AVAST engine scan C:\ProgramData
22:07:14.731 Scan finished successfully
22:07:31.972 Disk 0 MBR has been saved successfully to "C:\Users\Harveydf\Desktop\MBR.dat"
22:07:31.978 The log file has been saved successfully to "C:\Users\Harveydf\Desktop\aswMBR2.txt"


I got excited when it said it saved my mbr to the desktop and hit save file. Then it kept going. It did seem to be bothered.

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`c1fb4000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: d026fa10f7a4253b255e05f63e8ef364

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
Broni,
I'm sorry, there was a message that popped up during the boot kit remover. It was "ATA_PASS_Through Direct is not supported by this controller. SCSI_ PASS-Through not supported by disk I/O. The SCSI pass through part I am paraphrasing. I also had to click the message.
 
That's fine.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Broni,



All went well running Combo Fix. MSE kept giving me the message that “you have security issues that need addressed”

but, I just left that alone and let Combo Fix do its thing. After the log was posted, I saved a copy to the desktop

and started to turn my security on. MSE turned on but PC Tools is not in the tray.




ComboFix 12-04-03.02 - Harveydf 04/03/2012 14:25:13.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2218 [GMT -7:00]
Running from: c:\users\Harveydf\Desktop\H_D_F.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-

grpconv_31bf3856ad364e35_6.0.6000.16386_none_a05162e240c2c82b\grpconv.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 21:35 . 2012-04-03 21:36 -------- d-----w- c:\users\Harveydf\AppData\Local\temp
2012-04-03 21:35 . 2012-04-03 21:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-03 21:35 . 2012-04-03 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 21:35 . 2012-04-03 21:35 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-04-03 21:35 . 2006-11-02 09:45 16896 ----a-w- c:\windows\system32\grpconv.exe
2012-04-02 02:47 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft

Antimalware\Definition Updates\{31E55EC4-127B-4061-97A7-9C04D48E4EAF}\mpengine.dll
2012-04-01 20:58 . 2012-04-01 20:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-26 18:37 . 2012-03-26 18:37 -------- d-----w- c:\program files\ESET
2012-03-26 11:53 . 2012-04-02 00:15 -------- d-----w- c:\windows\ERDNT2
2012-03-26 11:52 . 2012-03-26 11:52 -------- d-----w- c:\program files\ERUNT2
2012-03-24 21:58 . 2012-03-24 22:00 -------- d-----w- c:\windows\Symbols
2012-03-24 15:43 . 2012-03-24 15:43 -------- d-----w- C:\AMD
2012-03-24 07:10 . 2012-03-24 07:10 -------- d-----w- c:\users\Harveydf\AppData\Roaming\DAEMON

Tools
2012-03-23 17:01 . 2012-03-23 17:01 -------- d-----w- c:\programdata\Microsoft Symbols for Visual

Studio and Process Explorer
2012-03-23 16:58 . 2012-03-23 16:58 -------- d-----w- c:\users\Harveydf\Microsoft Symbols for

Visual Studio and Process Explorer
2012-03-23 10:54 . 2012-03-23 11:10 -------- d-----w- c:\program files\BenchMark Tools
2012-03-23 09:08 . 2012-03-23 09:33 -------- d-----w- c:\program files\CrystalDiskInfo
2012-03-22 17:55 . 2009-08-20 07:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-03-22 17:52 . 2012-01-03 16:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-03-22 13:13 . 2012-03-22 14:09 -------- d-----w- c:\program files\7-Zip
2012-03-22 08:48 . 2012-03-24 13:52 -------- d-----w- c:\users\Harvey Standard
2012-03-21 15:32 . 2012-03-21 15:32 -------- d-----w- c:\users\Harveydf\AppData\Roaming\GlarySoft
2012-03-21 15:32 . 2012-03-21 15:32 -------- d-----w- c:\program files\Glary Undelete
2012-03-18 20:39 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft

Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-17 17:42 . 2012-03-17 17:42 713784 ------w- c:\programdata\Microsoft\Microsoft

Antimalware\Definition Updates\{5F54698D-55CD-4254-9766-493841D8D863}\gapaengine.dll
2012-03-17 17:13 . 2012-03-17 17:13 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-17 17:12 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-17 08:34 . 2012-03-29 01:08 -------- d-----w- C:\.Trash-0
2012-03-17 00:40 . 2012-03-17 00:41 -------- d-----w-

c:\users\Harveydf\AppData\Roaming\GetRightToGo
2012-03-17 00:04 . 2012-03-17 00:04 14664 ----a-w- c:\windows\stinger.sys
2012-03-17 00:04 . 2012-04-01 21:09 -------- d-----w- c:\program files\stinger
2012-03-16 19:02 . 2012-03-24 13:02 -------- d-----w- C:\BackSys
2012-03-16 15:22 . 2012-03-16 15:37 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-03-16 15:11 . 2012-03-16 15:11 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-03-16 15:11 . 2012-03-16 15:11 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-03-16 15:10 . 2012-03-16 15:10 2 --shatr- c:\windows\winstart.bat
2012-03-16 15:10 . 2012-01-24 00:01 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-03-16 10:26 . 2012-03-16 10:26 -------- d-----w- c:\users\Harveydf\AppData\Roaming\VSRevoGroup
2012-03-16 09:06 . 2012-03-16 09:06 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-16 09:06 . 2012-03-16 09:06 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-15 13:22 . 2012-03-15 13:35 -------- d-----w- c:\users\Harveydf\AppData\Roaming\Registry

Mechanic
2012-03-15 12:54 . 2011-12-12 21:07 512472 ----a-w- c:\windows\system32\msxml.dll
2012-03-15 12:54 . 2011-12-12 21:07 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-03-15 01:12 . 2011-12-01 23:07 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-15 01:12 . 2011-12-01 23:07 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-15 01:12 . 2011-11-14 22:12 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-15 01:12 . 2011-11-14 22:12 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-15 01:12 . 2012-03-15 12:54 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-15 01:12 . 2012-02-24 17:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-15 01:07 . 2012-03-15 08:38 -------- d-----w- c:\programdata\PC Tools
2012-03-15 01:07 . 2012-03-15 01:07 -------- d-----w- c:\users\Harveydf\AppData\Roaming\TestApp
2012-03-13 23:40 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:40 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 23:40 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 23:40 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 23:40 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 23:40 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:40 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-13 21:39 . 2012-04-02 00:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-13 21:39 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 20:04 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 20:04 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-11 23:58 . 2012-03-12 00:02 -------- d-----w- c:\users\Harveydf\AppData\Roaming\LogView
2012-03-11 23:28 . 2011-02-08 21:13 58496 ----a-w- c:\windows\system32\drivers\silabser.sys
2012-03-11 20:32 . 2012-03-11 20:32 -------- d-----w-

c:\users\Harveydf\AppData\Local\ElevatedDiagnostics
2012-03-11 18:57 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-03-11 18:57 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-03-11 18:53 . 2012-03-11 18:53 -------- d-----w- c:\program files\Silabs
2012-03-11 18:49 . 2011-10-14 23:13 47176 ----a-w- c:\windows\system32\drivers\silabenm.sys
2012-03-11 18:49 . 2011-10-14 23:13 1461992 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
2012-03-11 12:47 . 2012-03-11 12:52 -------- d-----w- c:\users\Harveydf\AppData\Roaming\EurekaLog
2012-03-11 12:47 . 2012-03-14 03:08 -------- d-----w- c:\program files\LogView V2
2012-03-11 12:26 . 2009-08-10 06:36 1112288 ----a-w- c:\windows\system32\WdfCoinstaller01007.dll
2012-03-11 12:26 . 2012-03-11 12:26 -------- d-----w- c:\program files\Junsi
2012-03-11 12:25 . 2012-03-11 12:26 -------- d-----w- c:\windows\system32\Silabs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-16 09:14 . 2011-06-01 07:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 08:29 . 2010-07-30 05:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 03:47 . 2012-02-15 03:47 9182208 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2011-01-27 06:00 791040 ----a-w- c:\windows\system32\aticfx32.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 405504 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:12 . 2012-02-15 03:12 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-02-15 03:10 . 2012-02-15 03:10 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-02-15 03:07 . 2011-11-10 11:06 6200320 ----a-w- c:\windows\system32\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\system32\atioglxx.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-02-15 02:34 . 2007-11-24 00:38 5954048 ----a-w- c:\windows\system32\atiumdag.dll
2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\system32\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\system32\aticaldd.dll
2012-02-15 02:16 . 2011-01-27 05:20 51200 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-02-15 02:12 . 2012-02-15 02:12 264704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2011-11-10 10:11 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2012-02-15 02:12 . 2011-01-27 05:12 30208 ----a-w- c:\windows\system32\atiu9pag.dll
2012-02-15 02:11 . 2011-01-27 05:12 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-01-31 12:44 . 2011-05-25 10:32 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-28 23:07 . 2010-08-17 05:37 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033

\ResourceCache.dll
2012-03-16 09:06 . 2011-11-12 02:03 97208 ----a-w- c:\program files\mozilla

firefox\components\browsercomps.dll
2007-08-24 11:52 . 2008-02-19 16:21 300400 ----a-w- c:\program files\mozilla

firefox\components\coFFPlgn.dll
2011-04-14 21:01 . 2011-08-16 07:36 24376 ----a-w- c:\program files\mozilla

firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Harveydf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT

AutoBackup.lnk]
backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Harveydf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync

Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-03 17:36 136176 ----atw- c:\users\Harveydf\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-08 00:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2010-09-03 17:36 136176 ----atw- c:\users\Harveydf\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3010283643-4083402107-944152190-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 6594252drv;6594252drv;c:\windows\system32\DRIVERS\6594252drv.sys [2011-08-13 489048]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4

\Server\bin\VersionCueCS4.exe [2010-03-31 288112]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 15:59]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 15:59]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000Core.job
- c:\users\Harveydf\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 17:36]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000UA.job
- c:\users\Harveydf\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/?_bc=1
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\
FF - prefs.js: browser.search.selectedEngine - Startpage
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
SafeBoot-18602556.sys
AddRemove-NirSoft VideoCacheView - c:\program files\NirSoft\VideoCacheView\uninst.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Junsi\driver\usb\DriverUninstaller.exe VCP CP210x

Cardinal\SLABCOMM&10C4&EA60
AddRemove-Move Networks Player - IE - c:\users\Harveydf\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&7f237b6&0&UID268435456\Properties\{83da6326-

97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&7f237b6&0&UID268435456\Properties\{a8b865dd-

2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077A\5&7f237b6&0&UID268435460\Properties\{83da6326-97a6-

4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077A\5&7f237b6&0&UID268435460\Properties\{a8b865dd-2e3d-

4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077B\5&7f237b6&0&UID268435456\Properties\{83da6326-97a6-

4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077B\5&7f237b6&0&UID268435456\Properties\{a8b865dd-2e3d-

4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PHL0018\5&7f237b6&0&UID268435456\Properties\{83da6326-97a6-

4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PHL0018\5&7f237b6&0&UID268435456\Properties\{a8b865dd-2e3d-

4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3268)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-04-03 14:44:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 21:43
.
Pre-Run: 221,744,037,888 bytes free
Post-Run: 222,130,561,024 bytes free
.
- - End Of File - - FEE5E1338BE6A0D6E28B5AC5739BF472
 
Please disable "word wrap in Notepad as your logs are hard to read.

Combofix log looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Broni,
Good day! I hope the weather in Daly City is as ours in Santa Rosa and you get to enjoy a little bit of the sun’s rays. I appreciate the work you do. Thank you very much.
I read and re-read your directions before disconnecting from the internet. I double clicked on the OTL icon twice, nothing happened. Therefore, I right clicked and open as administrator; I pasted the clipboard into special scans and created the first scan. No other programs were running and it ran uninterrupted. I was confused about the first scan not knowing whether to download a fresh copy of OTL or just open it and do another scan. I chose to just do another scan and name it OTL2.
I re-read your instructions and thought about the question, “How is the computer running.” I have not been using it much, just to fire it up, and log on, and then send you the files, and log off as quickly as possible. I worked until late last night, but when I came home, I decided to use the computer and watch for clues. I watched some videos on Youtube and decided to try Procmon and Filemon, I already had Process Explorer running watching processes. I noticed some Cswitch deltas for crsss.exe that when I tried to look at it, access was denied and it did not have a company name associated with it. Another process called “system,” had no private bytes and it gave me the same message, and no company name. I am too new to these programs to know what this means particularly; however, I have watched most all of the videos out there. With Procmon and Filemon, I have no experience, but since I have the suite on my desktop I decide to have a look at each. The information was overwhelming. I did configure Procmon to log the boot and saved the file, again it too much information for me at my stage of understanding. I am telling you this because maybe there is something useful in what I am saying.
This afternoon, I logged on and checked my security tools. I opened PC Tools and it said it was not configured to run, so I started it and ran a quick scan. It reported 21 detections of Trogen-Downloader.Murlo with 345 infections. One other Trogen.Generic and two suspicious clouds. I clicked disinfected and it asked for a re-boot. It re-booted and rescanned with nothing found. I started a complete scan and it is going now.
Here are my logs. P.S. I’m curious about the alternate data streams at the end of the first scan and where OTL logfile 1 went. Also, I have never used Acronis.
Update 1405 hrs 32% into full scan with PC Tools list 4 detections of HeurEngine.ZeroDayThreat.

OTL logfile created on: 4/3/2012 5:54:30 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Harveydf\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 66.43% Memory free
7.67 Gb Paging File | 6.74 Gb Available in Paging File | 87.90% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 324.26 Gb Total Space | 205.88 Gb Free Space | 63.49% Space Free | Partition Type: NTFS
Drive D: | 11.03 Gb Total Space | 4.23 Gb Free Space | 38.38% Space Free | Partition Type: NTFS
Drive K: | 24.41 Gb Total Space | 24.32 Gb Free Space | 99.63% Space Free | Partition Type: NTFS

Computer Name: HARVEYDF-PC | User Name: Harveydf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/03 17:47:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
PRC - [2012/02/14 20:13:20 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/02/14 20:12:48 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/12/12 14:07:00 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/09 13:37:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/14 19:11:36 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2007/05/22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Users\Harveydf\AppData\Local\Temp\OJ.exe -- (OJ)
SRV - File not found [Disabled | Stopped] -- C:\Users\Harveydf\AppData\Local\Temp\NBISZU.exe -- (NBISZU)
SRV - File not found [Disabled | Stopped] -- C:\Users\Harveydf\AppData\Local\Temp\MJLVASR.exe -- (MJLVASR)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/02/24 09:16:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2012/02/14 20:12:48 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/12/12 14:07:00 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/30 21:47:31 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2010/01/09 13:37:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/29 14:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\H_D_F\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Harveydf\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012/03/16 08:37:53 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
DRV - [2012/03/16 08:11:06 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\Partizan.sys -- (Partizan)
DRV - [2012/02/24 10:37:08 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/02/24 10:31:08 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012/02/24 09:16:10 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2012/02/24 09:16:10 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2012/02/24 09:16:10 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2012/02/14 20:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/02/14 20:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/02/14 19:12:48 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/12/05 12:46:56 | 000,083,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/10/14 16:13:26 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2011/08/13 03:10:05 | 000,489,048 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\6594252drv.sys -- (6594252drv)
DRV - [2011/06/13 02:20:42 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011/06/13 02:20:42 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/06/13 02:20:29 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/06/13 02:20:26 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/02/08 14:13:44 | 000,058,496 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2008/02/29 11:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/06/29 10:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 04:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/29 15:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 00:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 00:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/04/13 10:54:58 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?_bc=1
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{16644F65-8B6D-44E0-AAB4-B86D9B75BCA8}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{298775AD-1E95-4BAF-9E55-F4CA4DA34671}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{6232A361-7C85-4870-91F9-748683BC7F8D}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{B3CC843C-E2AA-4AC1-A6BB-DF6390A21834}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{D1582633-84CD-4C4D-B9D6-258EC2E2FBD3}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{D8979C30-B6E0-4EC9-9571-AD376265CBF0}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{D9973E72-3043-428F-AF0D-0AF1DAF37178}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Startpage"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.6.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.6
FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.7
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Harveydf\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/16 02:06:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/22 10:52:48 | 000,000,000 | ---D | M]

[2008/08/31 22:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Extensions
[2012/03/22 00:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions
[2012/03/15 22:31:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/06/25 13:16:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/26 18:42:12 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/09/09 01:36:16 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2011/12/24 20:33:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/03 17:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\staged
[2012/03/22 03:19:22 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\video.downloader.plugin@ffpimp.com
[2012/02/19 01:40:08 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\zotero@chnm.gmu.edu
[2011/08/17 06:51:04 | 000,002,160 | ---- | M] () -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\searchplugins\startpage-https.xml
[2011/08/15 20:08:34 | 000,005,457 | ---- | M] () -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\searchplugins\startpage.xml
[2012/03/16 02:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\HARVEYDF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LPPJ4D9T.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\HARVEYDF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LPPJ4D9T.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
() (No name found) -- C:\USERS\HARVEYDF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LPPJ4D9T.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2012/03/16 02:06:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/24 04:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/02/19 01:29:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/16 02:06:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/16 02:06:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/03 14:36:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{193FD7B8-6ED3-43A3-9D42-499D673FB086}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Harveydf\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Harveydf\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========
 
Page 3

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/04/01 09:44:40 | 000,000,088 | ---- | M] () -- C:\.directory
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/06/11 17:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/09/07 22:23:22 | 000,022,610 | ---- | M] () \Calculate MD5Sum Hash -- C:\Calculate MD5Sum Hash
[2012/04/03 14:44:04 | 000,020,236 | ---- | M] () -- C:\ComboFix.txt
[2011/05/13 17:00:10 | 000,000,010 | ---- | M] () -- C:\CONFIG.SYS
[2006/12/07 12:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/04/03 17:35:31 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/01/26 22:28:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/26 22:28:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/03 17:35:29 | 531,628,031 | -HS- | M] () -- C:\pagefile.sys
[2012/04/01 16:30:27 | 000,000,486 | ---- | M] () -- C:\rkill 040112.log
[2012/04/01 17:08:36 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2012/04/01 13:48:37 | 000,058,316 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_13.48.25_log.txt
[2012/04/01 13:49:59 | 000,147,380 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_13.49.20_log.txt
[2012/04/01 13:58:14 | 000,255,576 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_13.56.13_log.txt
[2012/04/01 14:07:07 | 000,121,990 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_14.06.17_log.txt
[2012/04/01 16:32:02 | 000,121,990 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_16.31.13_log.txt
[2012/04/01 21:01:21 | 000,121,956 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_20.59.18_log.txt
[2012/03/26 04:44:07 | 000,250,366 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_26.03.2012_04.40.13_log.txt
[2012/03/26 04:46:15 | 000,129,134 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_26.03.2012_04.44.28_log.txt
[2012/03/26 11:36:50 | 000,250,366 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_26.03.2012_11.34.30_log.txt
[2012/03/26 14:19:19 | 000,376,334 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_26.03.2012_12.50.50_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/19 17:10:11 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 00:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/06/17 22:55:11 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/20 08:28:55 | 000,000,341 | -HS- | M] () -- C:\Users\Harveydf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2009/10/26 20:23:30 | 002,664,072 | ---- | M] () -- C:\Users\Harveydf\Desktop\6NOD32 Online Scanner.exe
[2012/04/01 21:31:10 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
[2012/03/18 19:36:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Harveydf\Desktop\HijackThis.exe
[2012/04/03 18:21:50 | 004,455,431 | R--- | M] (Swearware) -- C:\Users\Harveydf\Desktop\H_D_F.exe
[2012/02/14 13:10:12 | 004,777,280 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Harveydf\Desktop\iexplorer.exe
[2012/04/01 17:19:57 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.60.1.1000.exe
[2012/04/01 06:07:53 | 000,396,041 | ---- | M] () -- C:\Users\Harveydf\Desktop\MiniToolBox.exe
[2012/04/01 17:21:29 | 000,302,592 | ---- | M] () -- C:\Users\Harveydf\Desktop\nnyfhfzx.exe
[2012/04/03 17:47:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
[2012/03/26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Harveydf\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2011/08/10 23:46:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/11 03:23:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/10 04:01:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000Core.job
[2011/08/11 00:11:18 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000UA.job
[2012/04/03 17:35:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/04/03 15:56:37 | 000,032,642 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/02/18 16:27:28 | 000,000,402 | -HS- | M] () -- C:\Users\Harveydf\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/06/08 22:16:21 | 000,000,576 | ---- | M] () -- C:\ProgramData\afl.log
[2008/03/24 12:11:12 | 000,000,799 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2009/03/28 13:05:57 | 000,008,212 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/08/11 20:54:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >
 
My apologies.

========== Files/Folders - Created Within 30 Days ==========

[2012/04/03 17:46:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
[2012/04/03 14:44:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/03 14:44:09 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Local\temp
[2012/04/03 14:41:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/03 14:20:28 | 004,455,431 | R--- | C] (Swearware) -- C:\Users\Harveydf\Desktop\H_D_F.exe
[2012/04/01 22:08:29 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Desktop\bootkit_remover
[2012/04/01 21:30:08 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
[2012/04/01 17:17:39 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.60.1.1000.exe
[2012/04/01 13:58:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/01 06:09:50 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Harveydf\Desktop\TDSSKiller.exe
[2012/03/26 21:22:20 | 004,777,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Harveydf\Desktop\iexplorer.exe
[2012/03/26 11:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/26 06:55:59 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Desktop\TakeOwnership
[2012/03/26 04:53:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT2
[2012/03/26 04:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT2
[2012/03/26 04:39:22 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Desktop\tdsskiller
[2012/03/25 05:00:02 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2012/03/24 14:58:37 | 000,000,000 | ---D | C] -- C:\Windows\Symbols
[2012/03/24 08:43:42 | 000,000,000 | ---D | C] -- C:\AMD
[2012/03/24 05:47:36 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Desktop\backups
[2012/03/24 00:10:26 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\DAEMON Tools
[2012/03/23 10:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Symbols for Visual Studio and Process Explorer
[2012/03/23 09:58:59 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Microsoft Symbols for Visual Studio and Process Explorer
[2012/03/23 09:51:01 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Documents\Visual Studio 2010
[2012/03/23 03:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\BenchMark Tools
[2012/03/23 02:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2012/03/22 07:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/03/22 06:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/03/21 08:32:51 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\GlarySoft
[2012/03/21 08:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Undelete
[2012/03/18 19:36:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Harveydf\Desktop\HijackThis.exe
[2012/03/17 10:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/17 01:34:47 | 000,000,000 | ---D | C] -- C:\.Trash-0
[2012/03/16 17:40:53 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\GetRightToGo
[2012/03/16 17:04:50 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/03/16 17:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/03/16 12:02:00 | 000,000,000 | ---D | C] -- C:\BackSys
[2012/03/16 08:22:38 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2012/03/16 08:11:06 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2012/03/16 08:11:06 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2012/03/16 08:10:57 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Documents\RegRun2
[2012/03/16 08:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2012/03/16 08:10:55 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2012/03/16 04:32:25 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\att.net
[2012/03/16 04:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\att.net
[2012/03/16 03:26:59 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\VSRevoGroup
[2012/03/15 06:22:16 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\Registry Mechanic
[2012/03/15 05:54:22 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2012/03/15 05:54:22 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2012/03/15 05:54:22 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2012/03/15 05:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
[2012/03/15 05:50:58 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\Product_RM
[2012/03/15 04:59:07 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\PCTools
[2012/03/15 01:38:31 | 000,574,424 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2012/03/15 01:38:30 | 000,054,328 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2012/03/15 01:38:30 | 000,035,264 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2012/03/14 18:59:41 | 000,253,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/03/14 18:59:41 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/03/14 18:59:39 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012/03/14 18:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/03/14 18:59:37 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/03/14 18:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/03/14 18:12:24 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2012/03/14 18:12:24 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/03/14 18:12:24 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/03/14 18:12:24 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/03/14 18:12:23 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/03/14 18:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/03/14 18:07:19 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\TestApp
[2012/03/14 18:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/03/14 18:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/03/13 17:43:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/03/13 14:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/13 14:39:24 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/13 14:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/11 16:58:47 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\LogView
[2012/03/11 16:28:50 | 000,058,496 | ---- | C] (Silicon Laboratories) -- C:\Windows\System32\drivers\silabser.sys
[2012/03/11 13:32:23 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Local\ElevatedDiagnostics
[2012/03/11 11:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Silabs
[2012/03/11 11:49:53 | 000,047,176 | ---- | C] (Silicon Laboratories) -- C:\Windows\System32\drivers\silabenm.sys
[2012/03/11 05:47:38 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\EurekaLog
[2012/03/11 05:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\LogView V2
[2012/03/11 05:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Junsi
[2012/03/11 05:25:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Silabs

========== Files - Modified Within 30 Days ==========

[2012/04/03 18:37:16 | 001,008,141 | ---- | M] () -- C:\Users\Harveydf\Desktop\rkill.scr
[2012/04/03 18:21:50 | 004,455,431 | R--- | M] (Swearware) -- C:\Users\Harveydf\Desktop\H_D_F.exe
[2012/04/03 17:47:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
[2012/04/03 17:40:05 | 000,710,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/03 17:40:05 | 000,145,518 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/03 17:36:02 | 000,000,025 | ---- | M] () -- C:\Windows\System32\TLB_Disable.ini
[2012/04/03 17:35:39 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 17:35:39 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 17:35:31 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/03 14:36:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/01 22:07:31 | 000,000,512 | ---- | M] () -- C:\Users\Harveydf\Desktop\MBR 040112 .dat
[2012/04/01 21:31:33 | 000,044,607 | ---- | M] () -- C:\Users\Harveydf\Desktop\bootkit_remover.zip
[2012/04/01 21:31:10 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
[2012/04/01 20:56:44 | 002,048,299 | ---- | M] () -- C:\Users\Harveydf\Desktop\tdsskiller.zip
[2012/04/01 17:21:29 | 000,302,592 | ---- | M] () -- C:\Users\Harveydf\Desktop\nnyfhfzx.exe
[2012/04/01 17:19:57 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.60.1.1000.exe
[2012/04/01 14:03:00 | 000,000,680 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\d3d9caps.dat
[2012/04/01 12:53:11 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/01 09:56:27 | 000,000,088 | ---- | M] () -- C:\Users\Harveydf\.directory
[2012/04/01 09:44:40 | 000,000,088 | ---- | M] () -- C:\.directory
[2012/04/01 06:07:53 | 000,396,041 | ---- | M] () -- C:\Users\Harveydf\Desktop\MiniToolBox.exe
[2012/03/26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Harveydf\Desktop\TDSSKiller.exe
[2012/03/26 12:31:21 | 000,000,000 | ---- | M] () -- C:\Users\Harveydf\defogger_reenable
[2012/03/26 12:22:02 | 000,359,574 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\census.cache
[2012/03/26 12:21:59 | 000,188,735 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\ars.cache
[2012/03/26 06:53:50 | 000,000,622 | ---- | M] () -- C:\Users\Harveydf\Desktop\TakeOwnership.zip
[2012/03/26 04:52:12 | 000,000,740 | ---- | M] () -- C:\Users\Harveydf\Desktop\NTREGOPT.lnk
[2012/03/26 04:52:12 | 000,000,721 | ---- | M] () -- C:\Users\Harveydf\Desktop\ERUNT.lnk
[2012/03/26 04:16:53 | 002,893,192 | ---- | M] () -- C:\Users\Harveydf\Desktop\Tuluka_v1.0.394.77.zip
[2012/03/25 11:30:45 | 000,000,082 | ---- | M] () -- C:\Users\Harveydf\Desktop\Mark's Blog Index.URL
[2012/03/24 08:49:04 | 003,239,696 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/03/24 06:53:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat.bak
[2012/03/24 00:46:05 | 000,000,689 | ---- | M] () -- C:\Users\Harveydf\Desktop\Temp Internet Files.lnk
[2012/03/23 09:34:45 | 000,000,609 | ---- | M] () -- C:\Users\Harveydf\Desktop\SysinternalsSuite.lnk
[2012/03/22 16:16:55 | 002,649,287 | ---- | M] () -- C:\Users\Harveydf\Documents\Windows 7 Tutorial on Drive Backup.pdf
[2012/03/22 15:19:14 | 000,000,938 | ---- | M] () -- C:\Users\Harveydf\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/03/22 04:26:07 | 002,722,438 | ---- | M] () -- C:\Users\Harveydf\Documents\032112 performance report.html
[2012/03/21 23:53:00 | 446,722,708 | ---- | M] () -- C:\Users\Harveydf\Documents\Complete_BackUp_032112.reg
[2012/03/21 23:21:05 | 000,002,042 | ---- | M] () -- C:\Users\Harveydf\Documents\Lnk_Fix_Vist.reg
[2012/03/19 10:58:06 | 002,382,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/19 10:31:49 | 000,011,886 | ---- | M] () -- C:\Users\Harveydf\Documents\cc_20120319_103122.reg
[2012/03/18 19:36:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Harveydf\Desktop\HijackThis.exe
[2012/03/16 17:04:50 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/03/16 16:54:31 | 002,335,270 | ---- | M] () -- C:\Windows\System32\648B200.mht
[2012/03/16 08:37:53 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2012/03/16 08:11:06 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2012/03/16 08:11:06 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2012/03/16 08:10:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/16 08:10:59 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2012/03/16 08:10:59 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/03/13 17:42:17 | 172,175,881 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/11 11:57:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf
[2012/03/11 11:57:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/03/11 08:04:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01007.Wdf

========== Files Created - No Company Name ==========

[2012/04/03 14:22:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/01 21:53:23 | 000,000,512 | ---- | C] () -- C:\Users\Harveydf\Desktop\MBR 040112 .dat
[2012/04/01 21:31:33 | 000,044,607 | ---- | C] () -- C:\Users\Harveydf\Desktop\bootkit_remover.zip
[2012/04/01 17:21:29 | 000,302,592 | ---- | C] () -- C:\Users\Harveydf\Desktop\nnyfhfzx.exe
[2012/04/01 17:15:13 | 3488,079,872 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/01 09:56:27 | 000,000,088 | ---- | C] () -- C:\Users\Harveydf\.directory
[2012/04/01 09:44:40 | 000,000,088 | ---- | C] () -- C:\.directory
[2012/04/01 06:11:14 | 000,396,041 | ---- | C] () -- C:\Users\Harveydf\Desktop\MiniToolBox.exe
[2012/04/01 06:09:24 | 001,008,141 | ---- | C] () -- C:\Users\Harveydf\Desktop\rkill.scr
[2012/03/26 12:31:21 | 000,000,000 | ---- | C] () -- C:\Users\Harveydf\defogger_reenable
[2012/03/26 06:53:46 | 000,000,622 | ---- | C] () -- C:\Users\Harveydf\Desktop\TakeOwnership.zip
[2012/03/26 04:52:12 | 000,000,740 | ---- | C] () -- C:\Users\Harveydf\Desktop\NTREGOPT.lnk
[2012/03/26 04:52:12 | 000,000,721 | ---- | C] () -- C:\Users\Harveydf\Desktop\ERUNT.lnk
[2012/03/26 04:32:39 | 002,048,299 | ---- | C] () -- C:\Users\Harveydf\Desktop\tdsskiller.zip
[2012/03/26 04:14:30 | 002,893,192 | ---- | C] () -- C:\Users\Harveydf\Desktop\Tuluka_v1.0.394.77.zip
[2012/03/26 02:07:25 | 002,664,072 | ---- | C] () -- C:\Users\Harveydf\Desktop\6NOD32 Online Scanner.exe
[2012/03/25 11:30:45 | 000,000,082 | ---- | C] () -- C:\Users\Harveydf\Desktop\Mark's Blog Index.URL
[2012/03/24 02:59:52 | 000,000,025 | ---- | C] () -- C:\Windows\System32\TLB_Disable.ini
[2012/03/23 09:32:21 | 000,000,609 | ---- | C] () -- C:\Users\Harveydf\Desktop\SysinternalsSuite.lnk
[2012/03/22 16:16:55 | 002,649,287 | ---- | C] () -- C:\Users\Harveydf\Documents\Windows 7 Tutorial on Drive Backup.pdf
[2012/03/22 07:01:56 | 002,722,438 | ---- | C] () -- C:\Users\Harveydf\Documents\032112 performance report.html
[2012/03/21 23:52:24 | 446,722,708 | ---- | C] () -- C:\Users\Harveydf\Documents\Complete_BackUp_032112.reg
[2012/03/21 23:21:05 | 000,002,042 | ---- | C] () -- C:\Users\Harveydf\Documents\Lnk_Fix_Vist.reg
[2012/03/19 10:31:28 | 000,011,886 | ---- | C] () -- C:\Users\Harveydf\Documents\cc_20120319_103122.reg
[2012/03/19 02:17:17 | 000,022,610 | ---- | C] () -- C:\Calculate MD5Sum Hash
[2012/03/17 10:13:41 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/17 10:13:26 | 000,001,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/16 16:54:31 | 002,335,270 | ---- | C] () -- C:\Windows\System32\648B200.mht
[2012/03/16 08:10:59 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/03/16 04:55:43 | 000,000,938 | ---- | C] () -- C:\Users\Harveydf\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/03/15 05:54:22 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012/03/15 01:39:49 | 003,239,696 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/03/14 19:39:30 | 000,000,680 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\d3d9caps.dat
[2012/03/13 17:42:17 | 172,175,881 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/11 11:57:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf
[2012/03/11 11:57:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/03/11 11:57:15 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012/03/11 08:04:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01007.Wdf
[2012/03/02 02:27:31 | 000,000,288 | ---- | C] () -- C:\Users\Harveydf\AppData\Roaming\.backup.dm
[2012/01/10 14:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/09/13 00:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/15 23:07:05 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011/08/11 20:54:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/11 20:20:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/11 20:20:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/11 20:20:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/11 20:20:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/11 13:03:55 | 000,359,574 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\census.cache
[2011/08/11 13:03:36 | 000,188,735 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\ars.cache
[2011/08/11 12:44:13 | 000,000,036 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\housecall.guid.cache
[2011/08/01 23:43:56 | 000,037,256 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2011/06/11 17:55:18 | 000,000,022 | -HS- | C] () -- C:\Users\Harveydf\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/05/15 19:26:53 | 000,075,776 | ---- | C] () -- C:\Windows\SendToClip.exe
[2011/04/02 23:25:43 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2011/04/02 23:25:12 | 000,000,191 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/03/23 20:50:21 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/01/26 22:12:00 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/08/15 14:20:55 | 001,055,498 | ---- | C] () -- C:\Windows\System32\libodbc++.dll

========== LOP Check ==========

[2012/03/24 00:30:34 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Audacity
[2010/05/31 18:20:42 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Aureas85
[2009/04/26 21:25:15 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Avery
[2011/08/04 02:50:15 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/24 00:10:33 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\DAEMON Tools
[2010/08/15 14:25:54 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Dev-Cpp
[2011/05/14 12:18:52 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\DisplayTune
[2009/08/20 21:02:36 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Elluminate
[2012/03/11 05:52:08 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\EurekaLog
[2012/03/16 17:41:28 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\GetRightToGo
[2012/03/21 08:32:51 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\GlarySoft
[2011/05/15 19:31:27 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\GPSMaster
[2011/09/09 15:01:25 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\GrabPro
[2008/08/09 19:41:59 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\HotSync
[2011/08/01 20:53:46 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Image Zone Express
[2011/08/04 06:55:19 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\ImgBurn
[2011/04/10 16:51:04 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\InfraRecorder
[2008/08/09 20:02:28 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Leadertech
[2012/03/11 17:02:13 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\LogView
[2011/02/07 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Mobipocket
[2011/12/21 20:52:45 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\MyPhoneExplorer
[2012/03/15 04:59:07 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\PCTools
[2008/03/24 12:27:11 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Printer Info Cache
[2012/03/15 05:50:58 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Product_RM
[2011/09/09 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\ProgSense
[2012/03/15 06:35:25 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Registry Mechanic
[2008/02/18 21:20:57 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\SampleView
[2012/03/14 01:24:59 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\SanDisk
[2008/03/07 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Spare Backup
[2008/02/19 23:29:37 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Template
[2012/03/14 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\TestApp
[2011/04/09 00:43:38 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\uTorrent
[2012/03/16 03:26:59 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\VSRevoGroup
[2010/11/07 17:08:07 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\XMind
[2012/04/03 15:56:37 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    SRV - File not found [Disabled | Stopped] -- C:\Users\Harveydf\AppData\Local\Temp\OJ.exe -- (OJ)
    SRV - File not found [Disabled | Stopped] -- C:\Users\Harveydf\AppData\Local\Temp\NBISZU.exe -- (NBISZU)
    SRV - File not found [Disabled | Stopped] -- C:\Users\Harveydf\AppData\Local\Temp\MJLVASR.exe -- (MJLVASR)
    O3 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    [2012/03/16 08:10:59 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Broni,
I was waiting for PC Tools to finish its scan, it was up to 8 HuerEngine.ZeroDay threats. I left the house and came back and on the screen PC Tools said, "Congratulation no threats found," That was confusing. I was not connected to the internet, and I had OLT load with its instructions to run the Fix. So then I clicked RunFix, it locked up after maybe 20 seconds. Then the icons on desktop disappeared and Microsoft came up with the warning that it had stopped working and it was going to close the program. I logged off the computer and booted a cd to get your direction before I continued with Security Check and the other three programs or I can do it again?
 
Broni,

I replied twice but nothing posted. I booted into safe with networking and copied the code. disconnected from the internet and ran OTL as an administrator. When I copied the code into OTL and hit FixScan all the desktop icons disappeared, I waited but it looked like it was not working. I started Task Manager and said it was still running. So went back and minimized the screen and then maximized it. Then the bar on the bottom started jumping. It ran for quite some time, However, I think they gave us the slip. Here is the log. Do you want me to get you another OTL scan or procede with the plan?

All processes killed

========== OTL ==========

Error: No service named OJ was found to stop!

Service\Driver key OJ not found.

File C:\Users\Harveydf\AppData\Local\Temp\OJ.exe not found.

Error: No service named NBISZU was found to stop!

Service\Driver key NBISZU not found.

File C:\Users\Harveydf\AppData\Local\Temp\NBISZU.exe not found.

Error: No service named MJLVASR was found to stop!

Service\Driver key MJLVASR not found.

File C:\Users\Harveydf\AppData\Local\Temp\MJLVASR.exe not found.

Registry value HKEY_USERS\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.

Registry key HKEY_USERS\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ not found.

Registry key HKEY_USERS\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ not found.

Registry key HKEY_USERS\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ not found.

ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

Unable to delete ADS C:\ProgramData\TEMP:D1B5B4F1 .

Unable to delete ADS C:\ProgramData\TEMP:430C6D84 .

File C:\Windows\winstart.bat not found.

========== COMMANDS ==========



[EMPTYTEMP]



User: All Users



User: AppData

->Temp folder emptied: 0 bytes



User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes



User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes



User: Harvey Standard

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 420082245 bytes

->Flash cache emptied: 61353 bytes



User: Harveydf

->Temp folder emptied: 42036120 bytes

->Temporary Internet Files folder emptied: 13602605 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 92893273 bytes

->Flash cache emptied: 57190 bytes



User: Public

->Temp folder emptied: 0 bytes



%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 36456 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes



Total Files Cleaned = 542.00 mb





[EMPTYJAVA]



User: All Users



User: AppData



User: Default



User: Default User



User: Harvey Standard



User: Harveydf

->Java cache emptied: 0 bytes



User: Public



Total Java Files Cleaned = 0.00 mb





[EMPTYFLASH]



User: All Users



User: AppData



User: Default

->Flash cache emptied: 0 bytes



User: Default User

->Flash cache emptied: 0 bytes



User: Harvey Standard

->Flash cache emptied: 0 bytes



User: Harveydf

->Flash cache emptied: 0 bytes



User: Public



Total Flash Files Cleaned = 0.00 mb





OTL by OldTimer - Version 3.2.39.2 log created on 04042012_203927



Files\Folders moved on Reboot...



Registry entries deleted on Reboot...
 
Back