Backboot.gen Infection Removal

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages
1
2
3
→

You cannot start a new topic
This topic is locked

Backboot.gen Infection Removal Need help fixing it

#1 Goose84

Member

Group: Members
Posts: 26
Joined: 31-January 12
Gender:Male

Posted 02 February 2012 - 10:04 AM

I ran TDSSKiller and it found system32\backboot.gen. Allowed it to work but now have no USB function. Have tried remove USB host controller driver and letting computer reinstall but this does nothing. Went to Intel website and tried to update driver...again nothing. Concerned that the rootkit may still be affecting this machine. The error codes when displayed when Win 7 tries to update drive are 28 and 39.

DDS log...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Kevin at 8:19:05 on 2012-02-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3241.1905 [GMT -6:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Intel\Services\IPT\jhi_service.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG2012\avgmfapx.exe
C:\Windows\system32\MsiExec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.23\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.23\AVG Secure Search_toolbar.dll
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [TdmNotify] c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\TdmNotify.exe
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{24E13C7D-6989-4894-BFE4-1DD923A34E5C} : DhcpNameServer = 97.64.168.12 97.64.183.165
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-8-9 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-8-9 110752]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2011-2-23 212944]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-31 652360]
R2 MSSQL$CMSDENALI;SQL Server (CMSDENALI);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-8-9 2656536]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2012-1-31 869216]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\dell\dell data protection\access\advanced\wave\authentication manager\WaveAMService.exe [2011-7-1 1131520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2011-8-9 238760]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-8-9 269824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-26 20464]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-8-9 41088]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-8-9 62208]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-8-9 141568]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CMSLicenseService;CMS License Service;c:\program files\cougar mountain software\denali\CMSLicenseService.exe [2011-12-22 179712]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-20 126464]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-20 19456]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-15 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-01-31 17:32:28 -------- d-----w- c:\windows\system32\catroot2
2012-01-31 16:40:26 -------- d-----w- c:\programdata\Driver Tool
2012-01-31 16:32:15 -------- d-----w- c:\programdata\AVG Secure Search
2012-01-31 16:32:13 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-01-31 16:32:13 -------- d-----w- c:\program files\AVG Secure Search
2012-01-31 15:44:15 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-01-31 15:43:42 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-30 19:51:56 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-30 19:51:54 -------- d-----w- c:\users\kevin\appdata\local\temp
2012-01-30 18:49:08 8425656 ----a-w- c:\users\kevin\appdata\roaming\DRVR_WIN_R293337.EXE
2012-01-30 16:20:29 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-01-30 15:18:54 -------- d-----w- c:\program files\SystemRequirementsLab
2012-01-27 19:53:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-27 15:48:54 98816 ----a-w- c:\windows\sed.exe
2012-01-27 15:48:54 518144 ----a-w- c:\windows\SWREG.exe
2012-01-27 15:48:54 256000 ----a-w- c:\windows\PEV.exe
2012-01-27 15:48:54 208896 ----a-w- c:\windows\MBR.exe
2012-01-26 20:50:31 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-26 20:50:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-25 14:34:33 -------- d-----w- c:\users\kevin\appdata\roaming\Malwarebytes
2012-01-25 14:34:29 -------- d-----w- c:\programdata\Malwarebytes
2012-01-20 20:10:02 287875 ----a-w- c:\windows\system32\~.tmp
2012-01-18 19:51:19 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-18 19:51:19 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-18 19:51:19 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-18 19:51:19 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-18 19:51:19 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-18 19:51:19 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-18 19:51:19 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-18 19:51:19 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-18 19:51:19 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-18 19:51:19 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-11 20:02:01 -------- d-----w- C:\COUGAR
2012-01-11 06:04:03 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 06:04:03 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 06:04:03 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 06:04:03 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-04 19:44:37 -------- d-----w- c:\users\kevin\appdata\roaming\RealNetworks
.
==================== Find3M ====================
.
2012-01-25 16:27:43 848 --sha-w- c:\programdata\KGyGaAvL.sys
2012-01-24 16:29:47 736 ----a-w- c:\windows\RMTEMP~.EXE
2012-01-13 08:28:16 1536 ----a-w- c:\windows\system32\RtkMsgs.dll
2011-12-12 14:02:10 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-12 14:02:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 15:25:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 11:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 8:19:29.21 ===============

Attached File(s)

Attach.txt (26.95K)
Number of downloads: 0
ark.txt (16.44K)
Number of downloads: 2

#2 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 27,527
Joined: 25-January 08
Gender:Female
Location:At home

Posted 06 February 2012 - 07:36 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.

In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
wininit.exe
hlp.dat
/md5stop

Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#3 Goose84

Member

Group: Members
Posts: 26
Joined: 31-January 12
Gender:Male

Posted 06 February 2012 - 09:10 AM

TL logfile created on: 2/6/2012 7:51:03 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.16 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 63.39% Memory free
6.33 Gb Paging File | 4.94 Gb Available in Paging File | 78.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.11 Gb Total Space | 180.55 Gb Free Space | 77.79% Space Free | Partition Type: NTFS

Computer Name: OS2 | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/06 07:49:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
PRC - [2012/02/01 09:05:58 | 005,781,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgmfapx.exe
PRC - [2012/01/31 10:32:14 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2012/01/31 10:32:13 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/12 08:02:10 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/09 21:44:52 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/08/08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/01 12:28:34 | 001,131,520 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
PRC - [2011/05/27 16:39:28 | 002,605,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
PRC - [2011/05/27 16:39:18 | 000,214,384 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
PRC - [2011/02/23 23:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Services\IPT\jhi_service.exe
PRC - [2011/01/17 14:41:56 | 001,923,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2010/11/20 15:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/04 12:38:08 | 002,697,832 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
PRC - [2010/09/21 23:05:22 | 000,110,752 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2010/09/15 10:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2009/07/06 13:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/07/19 16:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2007/07/19 16:54:40 | 000,656,640 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/31 10:32:13 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/01/11 03:02:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 02:25:19 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/10/13 02:25:19 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4ffea70edf9aa81cba6a5be8070d3dd9\IAStorUtil.ni.dll
MOD - [2011/10/13 02:25:19 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll
MOD - [2011/10/13 02:21:24 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 02:21:19 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:21:01 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 02:20:59 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 02:20:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 02:20:53 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 02:20:50 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/28 22:34:16 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2010/11/24 21:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

========== Win32 Services (SafeList) ==========

SRV - [2012/01/31 10:32:14 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/22 08:33:12 | 000,179,712 | ---- | M] (Cougar Mountain Software) [Auto | Stopped] -- C:\Program Files\Cougar Mountain Software\Denali\CMSLicenseService.exe -- (CMSLicenseService)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/15 08:59:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/08/08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/01 12:28:34 | 001,131,520 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV - [2011/05/27 16:39:28 | 002,605,424 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2011/05/24 14:13:38 | 001,508,232 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2011/02/23 23:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel®
SRV - [2010/11/25 04:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 04:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/09/21 23:05:22 | 000,110,752 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel®
SRV - [2010/07/13 13:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/07/19 16:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/09 21:44:57 | 000,296,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2011/08/09 21:44:54 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2011/08/09 21:44:53 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2011/08/09 21:44:53 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/11/20 15:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:29:03 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV - [2010/11/20 15:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 15:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 15:29:03 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV - [2010/11/20 15:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 15:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/19 06:34:14 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/11/19 06:34:12 | 000,062,208 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/10/28 09:41:02 | 000,238,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress) Intel®
DRV - [2010/10/19 20:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel®
DRV - [2010/10/15 02:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/10/04 12:38:20 | 002,749,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/04 12:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3861351566-1611151230-2339014310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-3861351566-1611151230-2339014310-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/23 08:04:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.23\ [2012/01/31 10:32:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 10:32:20 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/01/30 13:51:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3861351566-1611151230-2339014310-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3861351566-1611151230-2339014310-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24E13C7D-6989-4894-BFE4-1DD923A34E5C}: DhcpNameServer = 97.64.168.12 97.64.183.165
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/06 07:49:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/06 07:49:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012/02/06 07:45:11 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
[2012/02/02 08:16:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kevin\Desktop\dds.scr
[2012/02/02 08:04:04 | 015,492,608 | ---- | C] (Luis Cobian, CobianSoft) -- C:\Users\Kevin\Desktop\cbSetup.exe
[2012/02/01 07:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/01 07:43:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/01 07:43:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/01 07:43:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/01/31 15:12:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\denali post error
[2012/01/31 11:32:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2012/01/31 10:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Tool
[2012/01/31 10:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/01/31 10:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/01/31 10:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/01/31 10:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/01/31 09:46:33 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\old usb drivers
[2012/01/31 09:44:15 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012/01/31 09:44:01 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Users\Kevin\Desktop\usbhub.sys
[2012/01/30 13:51:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/30 13:51:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/30 13:51:54 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\temp
[2012/01/30 12:49:08 | 008,425,656 | ---- | C] (Dell Inc.) -- C:\Users\Kevin\AppData\Roaming\DRVR_WIN_R293337.EXE
[2012/01/30 10:20:29 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2012/01/30 09:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/01/27 13:53:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/27 09:48:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/27 09:48:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/27 09:48:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/27 08:19:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/27 08:12:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/27 08:11:04 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kevin\Desktop\tdsskiller.exe
[2012/01/26 14:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/26 14:50:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/26 14:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/25 08:56:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/25 08:34:33 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2012/01/25 08:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/18 13:51:19 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/18 13:51:19 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/11 14:02:01 | 000,000,000 | ---D | C] -- C:\COUGAR
[2012/01/11 00:04:03 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 00:04:03 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/11 00:04:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2011/09/13 01:12:07 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/06 07:49:20 | 088,314,941 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/06 07:49:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012/02/06 07:44:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/06 07:44:37 | 2548,772,864 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 14:01:18 | 088,091,593 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
[2012/02/02 08:28:12 | 000,294,216 | ---- | M] () -- C:\Users\Kevin\Desktop\gmer.zip
[2012/02/02 08:16:51 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kevin\Desktop\dds.scr
[2012/02/02 08:15:28 | 000,000,000 | ---- | M] () -- C:\Users\Kevin\defogger_reenable
[2012/02/02 08:14:01 | 000,050,477 | ---- | M] () -- C:\Users\Kevin\Desktop\Defogger.exe
[2012/02/02 08:04:29 | 015,492,608 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Users\Kevin\Desktop\cbSetup.exe
[2012/02/02 07:22:17 | 000,021,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 07:22:17 | 000,021,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 07:18:59 | 000,621,422 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/02/01 08:38:53 | 000,032,424 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/01/31 10:35:58 | 000,621,168 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm.old
[2012/01/31 10:32:20 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/31 10:24:56 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/31 09:44:38 | 000,001,996 | -H-- | M] () -- C:\Users\Kevin\Documents\Default.rdp
[2012/01/30 13:51:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/30 12:49:16 | 008,425,656 | ---- | M] (Dell Inc.) -- C:\Users\Kevin\AppData\Roaming\DRVR_WIN_R293337.EXE
[2012/01/30 08:40:16 | 000,711,960 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/30 08:40:16 | 000,140,692 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/30 07:35:36 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kevin\Desktop\tdsskiller.exe
[2012/01/25 10:27:43 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/01/24 10:29:47 | 000,000,736 | ---- | M] () -- C:\Windows\RMTEMP~.EXE
[2012/01/20 16:13:04 | 000,078,086 | ---- | M] () -- C:\Users\Public\Documents\jmc2011w2.pdf
[2012/01/20 16:11:41 | 000,224,276 | ---- | M] () -- C:\Users\Public\Documents\2011 osc w2.pdf
[2012/01/16 07:38:40 | 000,018,204 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/01/13 02:28:16 | 000,001,536 | ---- | M] () -- C:\Windows\System32\RtkMsgs.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/02 08:28:09 | 000,294,216 | ---- | C] () -- C:\Users\Kevin\Desktop\gmer.zip
[2012/02/02 08:15:28 | 000,000,000 | ---- | C] () -- C:\Users\Kevin\defogger_reenable
[2012/02/02 08:14:01 | 000,050,477 | ---- | C] () -- C:\Users\Kevin\Desktop\Defogger.exe
[2012/01/31 10:32:20 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/27 09:48:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/27 09:48:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/27 09:48:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/27 09:48:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/27 09:48:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/26 14:50:32 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/20 16:13:04 | 000,078,086 | ---- | C] () -- C:\Users\Public\Documents\jmc2011w2.pdf
[2012/01/20 16:11:41 | 000,224,276 | ---- | C] () -- C:\Users\Public\Documents\2011 osc w2.pdf
[2011/12/16 14:26:37 | 000,001,130 | -HS- | C] () -- C:\Users\Kevin\AppData\Local\f8gx23m8dc2exo
[2011/12/16 14:26:37 | 000,001,130 | -HS- | C] () -- C:\ProgramData\f8gx23m8dc2exo
[2011/12/15 14:07:08 | 000,001,202 | -HS- | C] () -- C:\Users\Kevin\AppData\Local\054452l2d078j880h735m5rji6p4
[2011/12/15 14:07:08 | 000,001,202 | -HS- | C] () -- C:\ProgramData\054452l2d078j880h735m5rji6p4
[2011/12/13 08:09:02 | 000,001,378 | -HS- | C] () -- C:\Users\Kevin\AppData\Local\oawrkl3i6nhb5npd2otm1w880k4g
[2011/12/13 08:09:02 | 000,001,378 | -HS- | C] () -- C:\ProgramData\oawrkl3i6nhb5npd2otm1w880k4g
[2011/12/09 08:36:06 | 000,000,998 | -HS- | C] () -- C:\Users\Kevin\AppData\Local\156841k5h625f248c287f0gyj7v0
[2011/12/09 08:36:06 | 000,000,998 | -HS- | C] () -- C:\ProgramData\156841k5h625f248c287f0gyj7v0
[2011/12/01 14:33:30 | 000,001,210 | -HS- | C] () -- C:\Users\Kevin\AppData\Local\sdsybo3e1nla1yha0yfb1h531y7b
[2011/12/01 14:33:30 | 000,001,210 | -HS- | C] () -- C:\ProgramData\sdsybo3e1nla1yha0yfb1h531y7b
[2011/11/28 08:25:01 | 000,001,130 | -HS- | C] () -- C:\Users\Kevin\AppData\Local\3f48tv1q66o284
[2011/11/28 08:25:01 | 000,001,130 | -HS- | C] () -- C:\ProgramData\3f48tv1q66o284
[2011/09/14 14:14:33 | 000,000,042 | ---- | C] () -- C:\Windows\cms.INI
[2011/09/14 09:03:18 | 000,000,037 | ---- | C] () -- C:\Windows\rrw.ini
[2011/09/14 09:03:08 | 000,000,736 | ---- | C] () -- C:\Windows\RMTEMP~.EXE
[2011/09/13 12:35:16 | 000,365,568 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2011/09/13 12:35:16 | 000,169,472 | ---- | C] () -- C:\Windows\System32\ZLhp1020.DLL
[2011/09/13 12:34:48 | 000,245,248 | ---- | C] () -- C:\Windows\System32\zshp1020s.dll
[2011/09/13 12:20:24 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1020.dll
[2011/09/13 01:12:07 | 013,906,944 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011/09/13 01:12:07 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011/09/13 01:12:07 | 000,218,304 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011/09/13 01:12:07 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2011/09/13 01:11:19 | 000,001,536 | ---- | C] () -- C:\Windows\System32\RtkMsgs.dll
[2011/09/07 10:07:57 | 000,003,584 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/07 10:07:43 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/09/07 09:07:16 | 000,000,017 | ---- | C] () -- C:\Users\Kevin\AppData\Local\resmon.resmoncfg
[2011/08/26 09:49:02 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/08/09 21:35:17 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011/08/09 21:35:17 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/08/09 21:35:17 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/08/09 19:59:50 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011/08/09 19:57:40 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2011/05/12 16:33:50 | 000,074,752 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2011/05/12 16:33:48 | 000,087,040 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2011/05/12 16:33:46 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2011/05/12 16:33:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2011/05/12 16:33:44 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2011/05/12 16:33:40 | 000,088,064 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2011/05/12 16:33:38 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2011/05/12 16:33:38 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2011/05/12 16:33:36 | 000,091,136 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2011/05/12 16:33:34 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2011/05/12 16:33:34 | 000,084,480 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2011/05/12 16:33:32 | 000,095,744 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2011/05/12 16:33:30 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2011/05/12 16:33:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2011/05/12 16:33:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2011/05/12 16:33:26 | 000,074,240 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2011/05/12 16:33:24 | 000,090,624 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2011/05/12 16:33:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2011/05/12 16:33:22 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2011/05/12 16:33:20 | 000,092,160 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2011/05/12 16:33:20 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2011/05/12 16:33:18 | 000,096,256 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2011/05/12 16:33:16 | 000,078,848 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2011/05/12 16:33:14 | 000,093,696 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2011/05/12 16:33:14 | 000,080,384 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2011/05/12 16:33:12 | 000,093,696 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2011/05/12 16:33:10 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2011/05/12 16:33:08 | 000,094,720 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2011/05/12 16:33:06 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2011/03/21 15:13:58 | 000,012,288 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010/11/20 15:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/09/26 17:51:44 | 004,054,056 | ---- | C] () -- C:\Windows\System32\PhotoLooksRenderer.dll
[2010/08/19 16:18:20 | 001,008,640 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,396,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,711,960 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,140,692 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/03/25 08:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2007/08/16 16:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2006/06/30 11:58:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2006/06/30 11:58:44 | 000,126,976 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/08/09 21:44:52 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 15:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/08/09 21:44:52 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/08/09 21:44:52 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/08/09 21:44:52 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 15:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 15:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 15:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< End of report >

OTL Extras logfile created on: 2/6/2012 7:51:03 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.16 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 63.39% Memory free
6.33 Gb Paging File | 4.94 Gb Available in Paging File | 78.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.11 Gb Total Space | 180.55 Gb Free Space | 77.79% Space Free | Partition Type: NTFS

Computer Name: OS2 | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Photo Pro X3] -- "C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C349C-DC75-4F6F-9B8D-61E37DC323B6}" = Magic Bullet PhotoLooks for PaintShop Photo Pro
"{068857D8-FDD1-4F29-8F74-E9DE91E8A587}" = Crystal Reports 2008 SP3
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CCAF47C-E428-48C2-82B2-5F25CE1D67DA}" = Gemalto
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20608BFA-6068-48FE-A410-400F2A124C27}" = Microsoft SQL Server Management Studio Express
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 30
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (CMSDENALI)
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63CD55E5-2938-46FA-88E6-AE8EADDC7937}" = Wave Infrastructure Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A1334E7-B58E-4650-8671-EDEC132EBCB8}" = Denali
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel® Network Connections 15.7.176.1
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A7FE99B6-E077-4F52-BC6A-E24C338F3C23}" = Crystal Reports XI Release 2 .NET 2005 Server
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}" = PC-CCID
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Able2Extract v4.0" = Able2Extract v4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2012
"CCleaner" = CCleaner
"HP-LaserJet 1020 series" = LaserJet 1020 series
"InstallShield_{004C349C-DC75-4F6F-9B8D-61E37DC323B6}" = Magic Bullet PhotoLooks for PaintShop Photo Pro
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{7A1334E7-B58E-4650-8671-EDEC132EBCB8}" = Denali
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PROSetDX" = Intel® Network Connections 15.7.176.1
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3861351566-1611151230-2339014310-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5232553a5a8c9d7f" = Financial Dashboard

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2012 9:57:08 AM | Computer Name = OS2 | Source = MsiInstaller | ID = 11330
Description =

Error - 2/6/2012 9:57:09 AM | Computer Name = OS2 | Source = MsiInstaller | ID = 11330
Description =

Error - 2/6/2012 9:57:11 AM | Computer Name = OS2 | Source = MsiInstaller | ID = 11330
Description =

Error - 2/6/2012 9:57:13 AM | Computer Name = OS2 | Source = MsiInstaller | ID = 11330
Description =

Error - 2/6/2012 9:57:15 AM | Computer Name = OS2 | Source = MsiInstaller | ID = 11330
Description =

Error - 2/6/2012 9:57:16 AM | Computer Name = OS2 | Source = MsiInstaller | ID = 11330
Description =

Error - 2/6/2012 9:57:18 AM | Computer Name = OS2 | Source = MsiInstaller | ID = 11330
Description =

Error - 2/6/2012 9:57:20 AM | Computer Name = OS2 | Source = MsiInstaller | ID = 11330
Description =

Error - 2/6/2012 9:57:21 AM | Computer Name = OS2 | Source = MsiInstaller | ID = 11330
Description =

Error - 2/6/2012 9:57:23 AM | Computer Name = OS2 | Source = MsiInstaller | ID = 11330
Description =

[ CMSDenali Events ]
Error - 2/1/2012 8:00:58 AM | Computer Name = OS2 | Source = CMSDenali_CMSLicenseService | ID = 5
Description = Process ID1596 <ROOT><MESSAGE>A network-related or instance-specific
error occurred while establishing a connection to SQL Server. The server was not
found or was not accessible. Verify that the instance name is correct and that
SQL Server is configured to allow remote connections. (provider: Named Pipes Provider,
error: 40 - Could not open a connection to SQL Server)</MESSAGE><SOURCE>.Net SqlClient
Data Provider</SOURCE><STACKTRACE> at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open()

at CMSUtil.CLS_SQL.GetSQLData(String p_strSQL, stuSQLConnectionInfo& p_ConInfo,
DataResult& p_result)</STACKTRACE><TARGETSITE>OnError</TARGETSITE></ROOT>

Error - 2/1/2012 8:00:58 AM | Computer Name = OS2 | Source = CMSDenali_CMSLicenseService | ID = 5
Description = Process ID1596 <ROOT><MESSAGE>Cannot find table 0.</MESSAGE><SOURCE>System.Data</SOURCE><STACKTRACE>
at System.Data.DataTableCollection.get_Item(Int32 index) at CMSUtil.FRM_LicenseServer.ServerName(stuServer&
p_stu) at CMSLicenseService.cls_CMSLicenseService.GetPrimaryInfo(stuServer&
stuPrimaryServer, Boolean& bolServerInfoSaved, String& strPort, Boolean
bolInfoInReg) at CMSLicenseService.cls_CMSLicenseService.OnStart(String[] args)</STACKTRACE><TARGETSITE>get_Item</TARGETSITE></ROOT>

Error - 2/2/2012 9:15:00 AM | Computer Name = OS2 | Source = CMSDenali_CMSLicenseService | ID = 5
Description =

Error - 2/2/2012 9:15:15 AM | Computer Name = OS2 | Source = CMSDenali_CMSLicenseService | ID = 5
Description =

Error - 2/2/2012 9:15:15 AM | Computer Name = OS2 | Source = CMSDenali_CMSLicenseService | ID = 5
Description = Process ID1960 <ROOT><MESSAGE>A network-related or instance-specific
error occurred while establishing a connection to SQL Server. The server was not
found or was not accessible. Verify that the instance name is correct and that
SQL Server is configured to allow remote connections. (provider: Named Pipes Provider,
error: 40 - Could not open a connection to SQL Server)</MESSAGE><SOURCE>.Net SqlClient
Data Provider</SOURCE><STACKTRACE> at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open()

at CMSUtil.CLS_SQL.GetSQLData(String p_strSQL, stuSQLConnectionInfo& p_ConInfo,
DataResult& p_result)</STACKTRACE><TARGETSITE>OnError</TARGETSITE></ROOT>

Error - 2/2/2012 9:15:15 AM | Computer Name = OS2 | Source = CMSDenali_CMSLicenseService | ID = 5
Description = Process ID1960 <ROOT><MESSAGE>Cannot find table 0.</MESSAGE><SOURCE>System.Data</SOURCE><STACKTRACE>
at System.Data.DataTableCollection.get_Item(Int32 index) at CMSUtil.FRM_LicenseServer.ServerName(stuServer&
p_stu) at CMSLicenseService.cls_CMSLicenseService.GetPrimaryInfo(stuServer&
stuPrimaryServer, Boolean& bolServerInfoSaved, String& strPort, Boolean
bolInfoInReg) at CMSLicenseService.cls_CMSLicenseService.OnStart(String[] args)</STACKTRACE><TARGETSITE>get_Item</TARGETSITE></ROOT>

Error - 2/6/2012 9:45:36 AM | Computer Name = OS2 | Source = CMSDenali_CMSLicenseService | ID = 5
Description =

Error - 2/6/2012 9:45:52 AM | Computer Name = OS2 | Source = CMSDenali_CMSLicenseService | ID = 5
Description =

Error - 2/6/2012 9:45:52 AM | Computer Name = OS2 | Source = CMSDenali_CMSLicenseService | ID = 5
Description = Process ID796 <ROOT><MESSAGE>A network-related or instance-specific
error occurred while establishing a connection to SQL Server. The server was not
found or was not accessible. Verify that the instance name is correct and that
SQL Server is configured to allow remote connections. (provider: Named Pipes Provider,
error: 40 - Could not open a connection to SQL Server)</MESSAGE><SOURCE>.Net SqlClient
Data Provider</SOURCE><STACKTRACE> at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open()

at CMSUtil.CLS_SQL.GetSQLData(String p_strSQL, stuSQLConnectionInfo& p_ConInfo,
DataResult& p_result)</STACKTRACE><TARGETSITE>OnError</TARGETSITE></ROOT>

Error - 2/6/2012 9:45:52 AM | Computer Name = OS2 | Source = CMSDenali_CMSLicenseService | ID = 5
Description = Process ID796 <ROOT><MESSAGE>Cannot find table 0.</MESSAGE><SOURCE>System.Data</SOURCE><STACKTRACE>
at System.Data.DataTableCollection.get_Item(Int32 index) at CMSUtil.FRM_LicenseServer.ServerName(stuServer&
p_stu) at CMSLicenseService.cls_CMSLicenseService.GetPrimaryInfo(stuServer&
stuPrimaryServer, Boolean& bolServerInfoSaved, String& strPort, Boolean
bolInfoInReg) at CMSLicenseService.cls_CMSLicenseService.OnStart(String[] args)</STACKTRACE><TARGETSITE>get_Item</TARGETSITE></ROOT>

[ System Events ]
Error - 1/31/2012 12:07:07 PM | Computer Name = OS2 | Source = NetBT | ID = 4321
Description = The name "OSCGROUP :1d" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 10.0.0.1 did not
allow the name to be claimed by this computer.

Error - 1/31/2012 12:07:41 PM | Computer Name = OS2 | Source = NetBT | ID = 4321
Description = The name "OSCGROUP :1d" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 10.0.0.1 did not
allow the name to be claimed by this computer.

Error - 1/31/2012 12:07:46 PM | Computer Name = OS2 | Source = BROWSER | ID = 8020
Description =

Error - 1/31/2012 12:07:57 PM | Computer Name = OS2 | Source = NetBT | ID = 4321
Description = The name "OSCGROUP :1d" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 10.0.0.1 did not
allow the name to be claimed by this computer.

Error - 1/31/2012 12:13:07 PM | Computer Name = OS2 | Source = NetBT | ID = 4321
Description = The name "OSCGROUP :1d" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 10.0.0.1 did not
allow the name to be claimed by this computer.

Error - 1/31/2012 12:17:20 PM | Computer Name = OS2 | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 1/31/2012 12:18:17 PM | Computer Name = OS2 | Source = NetBT | ID = 4321
Description = The name "OSCGROUP :1d" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 10.0.0.1 did not
allow the name to be claimed by this computer.

Error - 1/31/2012 12:21:45 PM | Computer Name = OS2 | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 1/31/2012 12:22:20 PM | Computer Name = OS2 | Source = Service Control Manager | ID = 7034
Description = The CMS License Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/31/2012 12:22:33 PM | Computer Name = OS2 | Source = NetBT | ID = 4321
Description = The name "OSCGROUP :1d" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 10.0.0.1 did not
allow the name to be claimed by this computer.

< End of report >

#4 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 27,527
Joined: 25-January 08
Gender:Female
Location:At home

Posted 06 February 2012 - 09:27 AM

Hi,

do you have the log from TDSSKiller? Could you please post it?

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#5 Goose84

Member

Group: Members
Posts: 26
Joined: 31-January 12
Gender:Male

Posted 06 February 2012 - 10:43 AM

Unfortunatley I do not have the log for TDSSKiller:(

#6 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 27,527
Joined: 25-January 08
Gender:Female
Location:At home

Posted 06 February 2012 - 10:51 AM

Hi,

can you please download TDSSQlook to your desktop and run it. It will create a log file on the Desktop called TDSSQ.txt. Post the content of the file in your next reply.

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#7 Goose84

Member

Group: Members
Posts: 26
Joined: 31-January 12
Gender:Male

Posted 06 February 2012 - 11:05 AM

TDSSKiller Quarantine Information log
Version 1.0.0.4
***** START SCAN Mon 02/06/2012 10:01:55.72 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.6.9.0_27.01.2012_13.51.20_log.txt
TDSSKiller.2.6.9.0_27.01.2012_14.23.08_log.txt
TDSSKiller.2.6.9.0_30.01.2012_07.43.11_log.txt
TDSSKiller.2.7.7.0_01.02.2012_06.29.15_log.txt
TDSSKiller.2.7.7.0_01.02.2012_06.29.52_log.txt
TDSSKiller.2.7.7.0_01.02.2012_10.55.40_log.txt
TDSSKiller.2.7.7.0_01.02.2012_10.56.19_log.txt
TDSSKiller.2.7.7.0_01.02.2012_10.56.45_log.txt
TDSSKiller.2.7.7.0_30.01.2012_08.34.24_log.txt
TDSSKiller.2.7.7.0_30.01.2012_08.36.32_log.txt
TDSSKiller.2.7.7.0_30.01.2012_11.02.29_log.txt
TDSSKiller.2.7.7.0_30.01.2012_11.02.55_log.txt
TDSSKiller.2.7.7.0_31.01.2012_10.22.46_log.txt
TDSSKiller.2.7.7.0_31.01.2012_10.23.32_log.txt

---------- TDSSStarter logs ----------

---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\30.01.2012_07.43.11
C:\TDSSKiller_Quarantine\27.01.2012_14.23.08
C:\TDSSKiller_Quarantine\27.01.2012_13.51.20
C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0001
C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0000
C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0000\mbr0000
C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0000\object.ini
C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0000\mbr0000\object.ini
C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0000\mbr0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0000\mbr0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0001\mbr0000
C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0001\object.ini
C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0001\mbr0000\object.ini
C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0001\mbr0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0001\mbr0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.01.2012_14.23.08\mbr0000
C:\TDSSKiller_Quarantine\27.01.2012_14.23.08\mbr0000\mbr0000
C:\TDSSKiller_Quarantine\27.01.2012_14.23.08\mbr0000\object.ini
C:\TDSSKiller_Quarantine\27.01.2012_14.23.08\mbr0000\mbr0000\object.ini
C:\TDSSKiller_Quarantine\27.01.2012_14.23.08\mbr0000\mbr0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.01.2012_14.23.08\mbr0000\mbr0000\tsk0000.ini
C:\TDSSKiller_Quarantine\30.01.2012_07.43.11\mbr0000
C:\TDSSKiller_Quarantine\30.01.2012_07.43.11\mbr0000\mbr0000
C:\TDSSKiller_Quarantine\30.01.2012_07.43.11\mbr0000\object.ini
C:\TDSSKiller_Quarantine\30.01.2012_07.43.11\mbr0000\mbr0000\object.ini
C:\TDSSKiller_Quarantine\30.01.2012_07.43.11\mbr0000\mbr0000\tsk0000.dta
C:\TDSSKiller_Quarantine\30.01.2012_07.43.11\mbr0000\mbr0000\tsk0000.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0000\object.ini

[InfectedObject]
Verdict: Rootkit.Win32.BackBoot.gen

=== C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0000\mbr0000\object.ini

[InfectedObject]
Type: MBR
Name: \Device\Harddisk0\DR0

=== C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0000\mbr0000\tsk0000.ini

[InfectedFile]
Type: Raw image

=== C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0001\object.ini

[InfectedObject]
Verdict: Rootkit.Win32.BackBoot.gen

=== C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0001\mbr0000\object.ini

[InfectedObject]
Type: MBR
Name: \Device\Harddisk0\DR0

=== C:\TDSSKiller_Quarantine\27.01.2012_13.51.20\mbr0001\mbr0000\tsk0000.ini

[InfectedFile]
Type: Raw image

=== C:\TDSSKiller_Quarantine\27.01.2012_14.23.08\mbr0000\object.ini

[InfectedObject]
Verdict: Rootkit.Win32.BackBoot.gen

=== C:\TDSSKiller_Quarantine\27.01.2012_14.23.08\mbr0000\mbr0000\object.ini

[InfectedObject]
Type: MBR
Name: \Device\Harddisk0\DR0

=== C:\TDSSKiller_Quarantine\27.01.2012_14.23.08\mbr0000\mbr0000\tsk0000.ini

[InfectedFile]
Type: Raw image

=== C:\TDSSKiller_Quarantine\30.01.2012_07.43.11\mbr0000\object.ini

[InfectedObject]
Verdict: Rootkit.Win32.BackBoot.gen

=== C:\TDSSKiller_Quarantine\30.01.2012_07.43.11\mbr0000\mbr0000\object.ini

[InfectedObject]
Type: MBR
Name: \Device\Harddisk0\DR0

=== C:\TDSSKiller_Quarantine\30.01.2012_07.43.11\mbr0000\mbr0000\tsk0000.ini

[InfectedFile]
Type: Raw image

#8 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 27,527
Joined: 25-January 08
Gender:Female
Location:At home

Posted 06 February 2012 - 11:11 AM

Hi,

ok, it would seem that the infected item detected was the MBR. Could you please run a new scan with TDSSKiller:
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#9 Goose84

Member

Group: Members
Posts: 26
Joined: 31-January 12
Gender:Male

Posted 06 February 2012 - 11:39 AM

10:30:16.0137 6848 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
10:30:16.0964 6848 ============================================================
10:30:16.0964 6848 Current date / time: 2012/02/06 10:30:16.0964
10:30:16.0964 6848 SystemInfo:
10:30:16.0964 6848
10:30:16.0964 6848 OS Version: 6.1.7601 ServicePack: 1.0
10:30:16.0964 6848 Product type: Workstation
10:30:16.0964 6848 ComputerName: OS2
10:30:16.0964 6848 UserName: Kevin
10:30:16.0964 6848 Windows directory: C:\Windows
10:30:16.0964 6848 System windows directory: C:\Windows
10:30:16.0964 6848 Processor architecture: Intel x86
10:30:16.0964 6848 Number of processors: 4
10:30:16.0964 6848 Page size: 0x1000
10:30:16.0964 6848 Boot type: Normal boot
10:30:16.0964 6848 ============================================================
10:30:17.0323 6848 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:30:17.0323 6848 \Device\Harddisk0\DR0:
10:30:17.0323 6848 MBR used
10:30:17.0323 6848 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x178000
10:30:17.0323 6848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18C000, BlocksNum 0x1D038000
10:30:17.0338 6848 Initialize success
10:30:17.0338 6848 ============================================================
10:30:19.0148 7804 ============================================================
10:30:19.0148 7804 Scan started
10:30:19.0148 7804 Mode: Manual;
10:30:19.0148 7804 ============================================================
10:30:20.0646 7804 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:30:20.0646 7804 1394ohci - ok
10:30:20.0739 7804 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:30:20.0739 7804 ACPI - ok
10:30:20.0833 7804 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:30:20.0833 7804 AcpiPmi - ok
10:30:21.0051 7804 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
10:30:21.0051 7804 adp94xx - ok
10:30:21.0129 7804 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
10:30:21.0145 7804 adpahci - ok
10:30:21.0192 7804 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
10:30:21.0192 7804 adpu320 - ok
10:30:21.0270 7804 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:30:21.0270 7804 AFD - ok
10:30:21.0332 7804 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:30:21.0332 7804 agp440 - ok
10:30:21.0394 7804 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
10:30:21.0394 7804 aic78xx - ok
10:30:21.0504 7804 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:30:21.0504 7804 aliide - ok
10:30:21.0597 7804 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:30:21.0597 7804 amdagp - ok
10:30:21.0675 7804 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:30:21.0675 7804 amdide - ok
10:30:21.0753 7804 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
10:30:21.0753 7804 AmdK8 - ok
10:30:21.0847 7804 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
10:30:21.0847 7804 AmdPPM - ok
10:30:21.0925 7804 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:30:21.0925 7804 amdsata - ok
10:30:22.0018 7804 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
10:30:22.0018 7804 amdsbs - ok
10:30:22.0112 7804 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:30:22.0112 7804 amdxata - ok
10:30:22.0237 7804 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:30:22.0237 7804 AppID - ok
10:30:22.0330 7804 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
10:30:22.0330 7804 arc - ok
10:30:22.0424 7804 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
10:30:22.0424 7804 arcsas - ok
10:30:22.0533 7804 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:30:22.0533 7804 AsyncMac - ok
10:30:22.0611 7804 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:30:22.0611 7804 atapi - ok
10:30:22.0705 7804 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys
10:30:22.0705 7804 Avgfwfd - ok
10:30:22.0783 7804 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:30:22.0783 7804 AVGIDSDriver - ok
10:30:22.0876 7804 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:30:22.0876 7804 AVGIDSEH - ok
10:30:22.0954 7804 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:30:22.0954 7804 AVGIDSFilter - ok
10:30:23.0032 7804 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
10:30:23.0032 7804 AVGIDSShim - ok
10:30:23.0110 7804 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
10:30:23.0126 7804 Avgldx86 - ok
10:30:23.0204 7804 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
10:30:23.0204 7804 Avgmfx86 - ok
10:30:23.0298 7804 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
10:30:23.0298 7804 Avgrkx86 - ok
10:30:23.0376 7804 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
10:30:23.0376 7804 Avgtdix - ok
10:30:23.0469 7804 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
10:30:23.0469 7804 b06bdrv - ok
10:30:23.0547 7804 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:30:23.0547 7804 b57nd60x - ok
10:30:23.0625 7804 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:30:23.0625 7804 Beep - ok
10:30:23.0734 7804 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:30:23.0734 7804 blbdrive - ok
10:30:23.0812 7804 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:30:23.0812 7804 bowser - ok
10:30:23.0875 7804 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
10:30:23.0875 7804 BrFiltLo - ok
10:30:23.0953 7804 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
10:30:23.0953 7804 BrFiltUp - ok
10:30:24.0046 7804 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
10:30:24.0046 7804 BridgeMP - ok
10:30:24.0124 7804 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:30:24.0124 7804 Brserid - ok
10:30:24.0202 7804 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:30:24.0218 7804 BrSerWdm - ok
10:30:24.0296 7804 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:30:24.0296 7804 BrUsbMdm - ok
10:30:24.0374 7804 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:30:24.0374 7804 BrUsbSer - ok
10:30:24.0436 7804 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
10:30:24.0452 7804 BTHMODEM - ok
10:30:24.0546 7804 catchme - ok
10:30:24.0608 7804 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:30:24.0608 7804 cdfs - ok
10:30:24.0702 7804 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
10:30:24.0702 7804 cdrom - ok
10:30:24.0780 7804 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
10:30:24.0780 7804 circlass - ok
10:30:24.0858 7804 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:30:24.0858 7804 CLFS - ok
10:30:24.0951 7804 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
10:30:24.0951 7804 CmBatt - ok
10:30:25.0014 7804 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:30:25.0014 7804 cmdide - ok
10:30:25.0123 7804 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:30:25.0123 7804 CNG - ok
10:30:25.0201 7804 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:30:25.0201 7804 Compbatt - ok
10:30:25.0294 7804 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:30:25.0294 7804 CompositeBus - ok
10:30:25.0388 7804 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
10:30:25.0388 7804 cpudrv - ok
10:30:25.0450 7804 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
10:30:25.0450 7804 crcdisk - ok
10:30:25.0560 7804 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:30:25.0560 7804 CSC - ok
10:30:25.0669 7804 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:30:25.0669 7804 DfsC - ok
10:30:25.0762 7804 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:30:25.0762 7804 discache - ok
10:30:25.0856 7804 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
10:30:25.0856 7804 Disk - ok
10:30:25.0918 7804 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
10:30:25.0934 7804 dmvsc - ok
10:30:26.0012 7804 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:30:26.0012 7804 drmkaud - ok
10:30:26.0090 7804 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:30:26.0106 7804 DXGKrnl - ok
10:30:26.0184 7804 e1cexpress (94ad8bae670e55bf646796b56bac53a4) C:\Windows\system32\DRIVERS\e1c6232.sys
10:30:26.0184 7804 e1cexpress - ok
10:30:26.0308 7804 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
10:30:26.0355 7804 ebdrv - ok
10:30:26.0449 7804 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
10:30:26.0449 7804 ElbyCDIO - ok
10:30:26.0574 7804 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
10:30:26.0574 7804 elxstor - ok
10:30:26.0652 7804 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:30:26.0652 7804 ErrDev - ok
10:30:26.0761 7804 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:30:26.0761 7804 exfat - ok
10:30:26.0854 7804 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:30:26.0854 7804 fastfat - ok
10:30:26.0948 7804 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
10:30:26.0948 7804 fdc - ok
10:30:27.0042 7804 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:30:27.0042 7804 FileInfo - ok
10:30:27.0120 7804 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:30:27.0120 7804 Filetrace - ok
10:30:27.0213 7804 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
10:30:27.0213 7804 flpydisk - ok
10:30:27.0307 7804 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:30:27.0322 7804 FltMgr - ok
10:30:27.0400 7804 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:30:27.0416 7804 FsDepends - ok
10:30:27.0494 7804 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:30:27.0494 7804 Fs_Rec - ok
10:30:27.0588 7804 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:30:27.0588 7804 fvevol - ok
10:30:27.0681 7804 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
10:30:27.0681 7804 gagp30kx - ok
10:30:27.0744 7804 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:30:27.0759 7804 hcw85cir - ok
10:30:27.0837 7804 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:30:27.0837 7804 HDAudBus - ok
10:30:27.0915 7804 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:30:27.0915 7804 HidBatt - ok
10:30:27.0993 7804 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
10:30:27.0993 7804 HidBth - ok
10:30:28.0071 7804 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
10:30:28.0087 7804 HidIr - ok
10:30:28.0149 7804 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
10:30:28.0149 7804 HidUsb - ok
10:30:28.0243 7804 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:30:28.0243 7804 HpSAMD - ok
10:30:28.0336 7804 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:30:28.0352 7804 HTTP - ok
10:30:28.0414 7804 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:30:28.0414 7804 hwpolicy - ok
10:30:28.0508 7804 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
10:30:28.0508 7804 i8042prt - ok
10:30:28.0617 7804 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\drivers\iaStor.sys
10:30:28.0617 7804 iaStor - ok
10:30:28.0711 7804 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:30:28.0726 7804 iaStorV - ok
10:30:28.0945 7804 igfx (721a8d48b2dc8c1c58c61cb948491ea8) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:30:29.0101 7804 igfx - ok
10:30:29.0194 7804 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
10:30:29.0194 7804 iirsp - ok
10:30:29.0319 7804 IntcAzAudAddService (55da507ff4762d38427c19dbfdf56763) C:\Windows\system32\drivers\RTDVHDA.sys
10:30:29.0350 7804 IntcAzAudAddService - ok
10:30:29.0444 7804 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys
10:30:29.0444 7804 IntcDAud - ok
10:30:29.0538 7804 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:30:29.0538 7804 intelide - ok
10:30:29.0600 7804 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:30:29.0600 7804 intelppm - ok
10:30:29.0678 7804 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:30:29.0678 7804 IpFilterDriver - ok
10:30:29.0772 7804 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:30:29.0772 7804 IPMIDRV - ok
10:30:29.0818 7804 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:30:29.0818 7804 IPNAT - ok
10:30:29.0881 7804 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:30:29.0881 7804 IRENUM - ok
10:30:29.0974 7804 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:30:29.0974 7804 isapnp - ok
10:30:30.0052 7804 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:30:30.0052 7804 iScsiPrt - ok
10:30:30.0146 7804 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:30:30.0146 7804 kbdclass - ok
10:30:30.0224 7804 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
10:30:30.0224 7804 kbdhid - ok
10:30:30.0333 7804 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:30:30.0333 7804 KSecDD - ok
10:30:30.0411 7804 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:30:30.0411 7804 KSecPkg - ok
10:30:30.0520 7804 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:30:30.0520 7804 lltdio - ok
10:30:30.0614 7804 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
10:30:30.0630 7804 LSI_FC - ok
10:30:30.0708 7804 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
10:30:30.0708 7804 LSI_SAS - ok
10:30:30.0786 7804 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
10:30:30.0786 7804 LSI_SAS2 - ok
10:30:30.0864 7804 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
10:30:30.0879 7804 LSI_SCSI - ok
10:30:30.0957 7804 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:30:30.0957 7804 luafv - ok
10:30:31.0051 7804 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
10:30:31.0066 7804 MBAMProtector - ok
10:30:31.0160 7804 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
10:30:31.0160 7804 megasas - ok
10:30:31.0238 7804 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
10:30:31.0238 7804 MegaSR - ok
10:30:31.0316 7804 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys
10:30:31.0332 7804 MEI - ok
10:30:31.0394 7804 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:30:31.0410 7804 Modem - ok
10:30:31.0456 7804 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:30:31.0456 7804 monitor - ok
10:30:31.0534 7804 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:30:31.0550 7804 mouclass - ok
10:30:31.0628 7804 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:30:31.0628 7804 mouhid - ok
10:30:31.0722 7804 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:30:31.0722 7804 mountmgr - ok
10:30:31.0784 7804 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:30:31.0800 7804 mpio - ok
10:30:31.0878 7804 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:30:31.0878 7804 mpsdrv - ok
10:30:31.0956 7804 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:30:31.0956 7804 MRxDAV - ok
10:30:32.0034 7804 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:30:32.0034 7804 mrxsmb - ok
10:30:32.0127 7804 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:30:32.0127 7804 mrxsmb10 - ok
10:30:32.0221 7804 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:30:32.0221 7804 mrxsmb20 - ok
10:30:32.0283 7804 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:30:32.0299 7804 msahci - ok
10:30:32.0377 7804 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:30:32.0377 7804 msdsm - ok
10:30:32.0455 7804 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:30:32.0455 7804 Msfs - ok
10:30:32.0533 7804 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:30:32.0533 7804 mshidkmdf - ok
10:30:32.0595 7804 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:30:32.0595 7804 msisadrv - ok
10:30:32.0689 7804 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:30:32.0689 7804 MSKSSRV - ok
10:30:32.0767 7804 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:30:32.0767 7804 MSPCLOCK - ok
10:30:32.0860 7804 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:30:32.0860 7804 MSPQM - ok
10:30:32.0923 7804 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:30:32.0923 7804 MsRPC - ok
10:30:32.0938 7804 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
10:30:32.0938 7804 mssmbios - ok
10:30:33.0016 7804 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:30:33.0016 7804 MSTEE - ok
10:30:33.0094 7804 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
10:30:33.0094 7804 MTConfig - ok
10:30:33.0172 7804 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:30:33.0172 7804 Mup - ok
10:30:33.0266 7804 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:30:33.0282 7804 NativeWifiP - ok
10:30:33.0360 7804 NDIS (3723262737d90f58059ceda7373b0387) C:\Windows\system32\drivers\ndis.sys
10:30:33.0375 7804 NDIS - ok
10:30:33.0453 7804 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:30:33.0469 7804 NdisCap - ok
10:30:33.0547 7804 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:30:33.0547 7804 NdisTapi - ok
10:30:33.0625 7804 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:30:33.0625 7804 Ndisuio - ok
10:30:33.0703 7804 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:30:33.0703 7804 NdisWan - ok
10:30:33.0796 7804 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:30:33.0796 7804 NDProxy - ok
10:30:33.0906 7804 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:30:33.0906 7804 NetBIOS - ok
10:30:33.0984 7804 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:30:33.0984 7804 NetBT - ok
10:30:34.0077 7804 netvsc (104be93f0607c6aa0d85319581f96ec2) C:\Windows\system32\DRIVERS\netvsc60.sys
10:30:34.0077 7804 netvsc - ok
10:30:34.0155 7804 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
10:30:34.0155 7804 nfrd960 - ok
10:30:34.0249 7804 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:30:34.0249 7804 Npfs - ok
10:30:34.0327 7804 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:30:34.0327 7804 nsiproxy - ok
10:30:34.0436 7804 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:30:34.0452 7804 Ntfs - ok
10:30:34.0530 7804 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:30:34.0530 7804 Null - ok
10:30:34.0623 7804 nusb3hub (156bd6cf8a9ec8292c84e04d09bf0472) C:\Windows\system32\DRIVERS\nusb3hub.sys
10:30:34.0623 7804 nusb3hub - ok
10:30:34.0717 7804 nusb3xhc (3b8166bb6d665e9242f05eb2bf68527a) C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:30:34.0717 7804 nusb3xhc - ok
10:30:34.0842 7804 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:30:34.0842 7804 nvraid - ok
10:30:35.0154 7804 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:30:35.0169 7804 nvstor - ok
10:30:35.0325 7804 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:30:35.0325 7804 nv_agp - ok
10:30:35.0403 7804 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:30:35.0403 7804 ohci1394 - ok
10:30:35.0497 7804 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
10:30:35.0497 7804 Parport - ok
10:30:35.0575 7804 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
10:30:35.0575 7804 partmgr - ok
10:30:35.0653 7804 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
10:30:35.0653 7804 Parvdm - ok
10:30:35.0762 7804 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
10:30:35.0762 7804 PBADRV - ok
10:30:35.0840 7804 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:30:35.0840 7804 pci - ok
10:30:35.0934 7804 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:30:35.0934 7804 pciide - ok
10:30:36.0027 7804 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
10:30:36.0027 7804 pcmcia - ok
10:30:36.0105 7804 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:30:36.0105 7804 pcw - ok
10:30:36.0214 7804 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:30:36.0214 7804 PEAUTH - ok
10:30:36.0324 7804 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:30:36.0324 7804 PptpMiniport - ok
10:30:36.0402 7804 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
10:30:36.0402 7804 Processor - ok
10:30:36.0511 7804 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:30:36.0511 7804 Psched - ok
10:30:36.0620 7804 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
10:30:36.0620 7804 PxHelp20 - ok
10:30:36.0729 7804 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
10:30:36.0745 7804 ql2300 - ok
10:30:36.0838 7804 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
10:30:36.0838 7804 ql40xx - ok
10:30:36.0932 7804 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:30:36.0932 7804 QWAVEdrv - ok
10:30:37.0010 7804 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:30:37.0010 7804 RasAcd - ok
10:30:37.0119 7804 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:30:37.0119 7804 RasAgileVpn - ok
10:30:37.0197 7804 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:30:37.0213 7804 Rasl2tp - ok
10:30:37.0306 7804 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:30:37.0306 7804 RasPppoe - ok
10:30:37.0400 7804 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:30:37.0400 7804 RasSstp - ok
10:30:37.0478 7804 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:30:37.0478 7804 rdbss - ok
10:30:37.0572 7804 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:30:37.0572 7804 rdpbus - ok
10:30:37.0665 7804 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:30:37.0665 7804 RDPCDD - ok
10:30:37.0759 7804 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:30:37.0759 7804 RDPDR - ok
10:30:37.0852 7804 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:30:37.0852 7804 RDPENCDD - ok
10:30:37.0930 7804 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:30:37.0930 7804 RDPREFMP - ok
10:30:38.0008 7804 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
10:30:38.0008 7804 RDPWD - ok
10:30:38.0086 7804 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:30:38.0102 7804 rdyboost - ok
10:30:38.0211 7804 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:30:38.0211 7804 rspndr - ok
10:30:38.0289 7804 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:30:38.0289 7804 s3cap - ok
10:30:38.0383 7804 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:30:38.0383 7804 sbp2port - ok
10:30:38.0461 7804 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:30:38.0461 7804 scfilter - ok
10:30:38.0554 7804 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:30:38.0554 7804 secdrv - ok
10:30:38.0664 7804 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:30:38.0664 7804 Serenum - ok
10:30:38.0757 7804 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:30:38.0757 7804 Serial - ok
10:30:38.0851 7804 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
10:30:38.0851 7804 sermouse - ok
10:30:38.0944 7804 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:30:38.0944 7804 sffdisk - ok
10:30:39.0022 7804 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:30:39.0022 7804 sffp_mmc - ok
10:30:39.0100 7804 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:30:39.0100 7804 sffp_sd - ok
10:30:39.0178 7804 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
10:30:39.0178 7804 sfloppy - ok
10:30:39.0288 7804 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:30:39.0288 7804 sisagp - ok
10:30:39.0366 7804 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
10:30:39.0366 7804 SiSRaid2 - ok
10:30:39.0444 7804 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
10:30:39.0444 7804 SiSRaid4 - ok
10:30:39.0537 7804 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:30:39.0537 7804 Smb - ok
10:30:39.0631 7804 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:30:39.0631 7804 spldr - ok
10:30:39.0740 7804 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:30:39.0740 7804 srv - ok
10:30:39.0818 7804 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:30:39.0818 7804 srv2 - ok
10:30:39.0912 7804 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:30:39.0912 7804 srvnet - ok
10:30:39.0990 7804 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
10:30:39.0990 7804 stexstor - ok
10:30:40.0099 7804 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:30:40.0099 7804 storvsc - ok
10:30:40.0177 7804 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
10:30:40.0177 7804 swenum - ok
10:30:40.0255 7804 SynthVid (04990c25043705985f1ec40bf704aaac) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
10:30:40.0255 7804 SynthVid - ok
10:30:40.0348 7804 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
10:30:40.0364 7804 Tcpip - ok
10:30:40.0473 7804 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
10:30:40.0489 7804 TCPIP6 - ok
10:30:40.0567 7804 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:30:40.0567 7804 tcpipreg - ok
10:30:40.0660 7804 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:30:40.0660 7804 TDPIPE - ok
10:30:40.0738 7804 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
10:30:40.0738 7804 TDTCP - ok
10:30:40.0832 7804 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:30:40.0832 7804 tdx - ok
10:30:40.0926 7804 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
10:30:40.0926 7804 TermDD - ok
10:30:41.0019 7804 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:30:41.0019 7804 tssecsrv - ok
10:30:41.0082 7804 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:30:41.0082 7804 TsUsbFlt - ok
10:30:41.0160 7804 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
10:30:41.0160 7804 TsUsbGD - ok
10:30:41.0253 7804 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:30:41.0253 7804 tunnel - ok
10:30:41.0331 7804 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
10:30:41.0347 7804 uagp35 - ok
10:30:41.0425 7804 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:30:41.0425 7804 udfs - ok
10:30:41.0518 7804 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:30:41.0518 7804 uliagpkx - ok
10:30:41.0596 7804 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
10:30:41.0596 7804 umbus - ok
10:30:41.0674 7804 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
10:30:41.0674 7804 UmPass - ok
10:30:41.0784 7804 usbccgp (4663ad7f61519e88687393bfcb154e4c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:30:41.0799 7804 usbccgp - ok
10:30:41.0877 7804 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:30:41.0877 7804 usbcir - ok
10:30:41.0955 7804 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:30:41.0955 7804 usbehci - ok
10:30:42.0049 7804 usbhub (57ca3e7c775c22c62927a41838e10938) C:\Windows\system32\DRIVERS\usbhub.sys
10:30:42.0049 7804 usbhub - ok
10:30:42.0127 7804 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
10:30:42.0127 7804 usbohci - ok
10:30:42.0205 7804 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:30:42.0205 7804 usbprint - ok
10:30:42.0267 7804 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:30:42.0267 7804 USBSTOR - ok
10:30:42.0361 7804 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
10:30:42.0361 7804 usbuhci - ok
10:30:42.0454 7804 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
10:30:42.0454 7804 VClone - ok
10:30:42.0548 7804 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:30:42.0548 7804 vdrvroot - ok
10:30:42.0642 7804 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:30:42.0642 7804 vga - ok
10:30:42.0720 7804 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:30:42.0720 7804 VgaSave - ok
10:30:42.0813 7804 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:30:42.0813 7804 vhdmp - ok
10:30:42.0922 7804 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:30:42.0922 7804 viaagp - ok
10:30:43.0000 7804 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
10:30:43.0000 7804 ViaC7 - ok
10:30:43.0078 7804 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:30:43.0094 7804 viaide - ok
10:30:43.0156 7804 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:30:43.0156 7804 VMBusHID - ok
10:30:43.0234 7804 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:30:43.0234 7804 volmgr - ok
10:30:43.0328 7804 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:30:43.0328 7804 volmgrx - ok
10:30:43.0406 7804 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:30:43.0422 7804 volsnap - ok
10:30:43.0500 7804 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
10:30:43.0500 7804 vpcbus - ok
10:30:43.0609 7804 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
10:30:43.0609 7804 vpcnfltr - ok
10:30:43.0702 7804 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
10:30:43.0702 7804 vpcusb - ok
10:30:43.0796 7804 vpcvmm (e8e4757a9dc0b2836a85f932227b5bd6) C:\Windows\system32\drivers\vpcvmm.sys
10:30:43.0796 7804 vpcvmm - ok
10:30:43.0874 7804 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
10:30:43.0890 7804 vsmraid - ok
10:30:43.0968 7804 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
10:30:43.0968 7804 vwifibus - ok
10:30:44.0061 7804 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
10:30:44.0061 7804 WacomPen - ok
10:30:44.0155 7804 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:30:44.0155 7804 WANARP - ok
10:30:44.0155 7804 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:30:44.0170 7804 Wanarpv6 - ok
10:30:44.0264 7804 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
10:30:44.0264 7804 Wd - ok
10:30:44.0358 7804 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:30:44.0358 7804 Wdf01000 - ok
10:30:44.0467 7804 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:30:44.0467 7804 WfpLwf - ok
10:30:44.0545 7804 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:30:44.0545 7804 WIMMount - ok
10:30:44.0638 7804 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:30:44.0654 7804 WmiAcpi - ok
10:30:44.0732 7804 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:30:44.0732 7804 ws2ifsl - ok
10:30:44.0857 7804 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:30:44.0857 7804 WudfPf - ok
10:30:44.0950 7804 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:30:44.0950 7804 WUDFRd - ok
10:30:44.0982 7804 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:30:45.0044 7804 \Device\Harddisk0\DR0 - ok
10:30:45.0044 7804 Boot (0x1200) (c634f32c42eeb4f4084554c694e42521) \Device\Harddisk0\DR0\Partition0
10:30:45.0044 7804 \Device\Harddisk0\DR0\Partition0 - ok
10:30:45.0060 7804 Boot (0x1200) (d63964772a963b5847a6d5bd93ec48dc) \Device\Harddisk0\DR0\Partition1
10:30:45.0060 7804 \Device\Harddisk0\DR0\Partition1 - ok
10:30:45.0060 7804 ============================================================
10:30:45.0060 7804 Scan finished
10:30:45.0060 7804 ============================================================
10:30:45.0060 7780 Detected object count: 0
10:30:45.0060 7780 Actual detected object count: 0
10:31:20.0487 6792 Deinitialize success

#10 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 27,527
Joined: 25-January 08
Gender:Female
Location:At home

Posted 06 February 2012 - 11:52 AM

Hi,

well this is looking promising.

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#11 Goose84

Member

Group: Members
Posts: 26
Joined: 31-January 12
Gender:Male

Posted 06 February 2012 - 11:58 AM

Farbar Service Scanner Version: 05-02-2012
Ran by Kevin (administrator) on 06-02-2012 at 10:57:44
Running from "C:\Users\Kevin\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#12 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 27,527
Joined: 25-January 08
Gender:Female
Location:At home

Posted 06 February 2012 - 04:03 PM

Hi,

you did that scan while you were able to go online, right?

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#13 Goose84

Member

Group: Members
Posts: 26
Joined: 31-January 12
Gender:Male

Posted 07 February 2012 - 09:00 AM

Yes, I had internet access.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Kevin (administrator) on 07-02-2012 at 07:54:37
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82579LM Gigabit Network Connection = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : OS2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : 18-03-73-AE-A7-FD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::40b8:4c04:8c62:d3dd%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.72(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, February 07, 2012 7:49:53 AM
Lease Expires . . . . . . . . . . : Tuesday, February 07, 2012 8:49:52 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 236454771
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D3-B7-FA-18-03-73-AE-A7-FD
DNS Servers . . . . . . . . . . . : 97.64.168.12
97.64.183.165
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{24E13C7D-6989-4894-BFE4-1DD923A34E5C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:14b9:2e21:3f57:ffb7(Preferred)
Link-local IPv6 Address . . . . . : fe80::14b9:2e21:3f57:ffb7%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 97.64.168.12

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Pinging google.com [74.125.227.146] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 74.125.227.146:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 97.64.168.12

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 97.64.168.12

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 2ms, Average = 1ms
===========================================================================
Interface List
11...18 03 73 ae a7 fd ......Intel® 82579LM Gigabit Network Connection
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.72 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.72 276
192.168.0.72 255.255.255.255 On-link 192.168.0.72 276
192.168.0.255 255.255.255.255 On-link 192.168.0.72 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.72 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.72 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:4137:9e76:14b9:2e21:3f57:ffb7/128
On-link
11 276 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::14b9:2e21:3f57:ffb7/128
On-link
11 276 fe80::40b8:4c04:8c62:d3dd/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/07/2012 07:55:39 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Error: (02/07/2012 07:55:37 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Error: (02/07/2012 07:55:36 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Error: (02/07/2012 07:55:34 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Error: (02/07/2012 07:55:33 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Error: (02/07/2012 07:55:31 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Error: (02/07/2012 07:55:30 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Error: (02/07/2012 07:55:28 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Error: (02/07/2012 07:55:27 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Error: (02/07/2012 07:55:25 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

System errors:
=============
Error: (02/07/2012 07:50:31 AM) (Source: Service Control Manager) (User: )
Description: The CMS License Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/07/2012 07:49:53 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (02/06/2012 07:45:53 AM) (Source: Service Control Manager) (User: )
Description: The CMS License Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/06/2012 07:44:56 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (02/02/2012 07:15:16 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/02/2012 07:15:16 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (02/02/2012 07:15:16 AM) (Source: Service Control Manager) (User: )
Description: The CMS License Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/02/2012 07:14:33 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (02/01/2012 06:00:59 AM) (Source: Service Control Manager) (User: )
Description: The CMS License Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/01/2012 06:00:59 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (02/07/2012 07:55:42 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/07/2012 07:55:40 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/07/2012 07:55:39 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/07/2012 07:55:37 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/07/2012 07:55:36 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/07/2012 07:55:34 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/07/2012 07:55:33 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/07/2012 07:55:31 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/07/2012 07:55:30 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/07/2012 07:55:28 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)(NULL)

=========================== Installed Programs ============================

Able2Extract v4.0
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
APC PowerChute Personal Edition (Version: 2.1.1)
AVG 2012 (Version: 12.0.1901)
AVG 2012 (Version: 12.0.2109)
AVG 2012 (Version: 2012.0.1901)
BioAPI Framework (Version: 1.0.2)
CCleaner (Version: 3.10)
Corel Painter Essentials 4 (Version: 4.2)
Corel PaintShop Photo Pro X3 (Version: 1.00.0000)
Corel PaintShop Photo Pro X3 (Version: 1.6.1.263)
Crystal Reports 2008 SP3 (Version: 12.3.0.601)
Crystal Reports XI Release 2 .NET 2005 Server (Version: 11.5.0.0)
Custom (Version: 01.00.00.000)
CyberLink PowerDVD 9.5 (Version: 9.5.1.3225)
D3DX10 (Version: 15.4.2368.0902)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Client System Update (Version: 1.2.2)
Dell Data Protection | Access (Version: 02.01.01.001)
Dell Data Protection | Access (Version: 2.1.00001.001)
Dell Data Protection | Access | Drivers (Version: 1.00.011)
Dell Data Protection | Access | Middleware (Version: 1.00.005)
Dell Edoc Viewer (Version: 1.0.0)
DellAccess (Version: 01.00.00.108)
Denali (Version: 3.2.1.805)
DirectX 9 Runtime (Version: 1.00.0000)
EMBASSY Security Center (Version: 04.02.00.173)
Financial Dashboard (Version: 1.1.0.125)
Gemalto (Version: 01.01.01.0000)
ICA (Version: 1.6.1.263)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Identity Protection Technology 1.1.2.0 (Version: 1.1.2.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Network Connections 15.7.176.1 (Version: 15.7.176.1)
Intel® Processor Graphics (Version: 8.15.10.2418)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
IPM_PSP_CL (Version: 1.00.0000)
IPM_PSP_COM (Version: 1.00.0000)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 15.4.3502.0922)
LaserJet 1020 series
Magic Bullet PhotoLooks for PaintShop Photo Pro (Version: 1.1)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (CMSDENALI) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Management Studio Express (Version: 9.00.3042.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTRU TCG Software Stack (Version: 2.1.34)
PC-CCID (Version: 2.0.0)
PDFCreator (Version: 1.2.3)
PhotoShowExpress (Version: 2.0.063)
Preboot Manager (Version: 03.02.00.096)
Private Information Manager (Version: 07.00.00.047)
PSPPContent (Version: 1.00.0000)
PSPPRO_DCRAW (Version: 13.0.0)
QuickTime (Version: 7.55.90.70)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
Realtek High Definition Audio Driver (Version: 6.0.1.5883)
RealUpgrade 1.1 (Version: 1.1.0)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.30.0)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Setup (Version: 1.6.1.263)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
SPBA 5.9 (Version: 5.9.4.6686)
System Requirements Lab for Intel (Version: 4.5.3.0)
Trusted Drive Manager (Version: 4.1.1.312)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Upek Touchchip Fingerprint Reader (Version: 1.2.004)
VirtualCloneDrive
Wave Infrastructure Installer (Version: 07.03.17.0010)
Wave Support Software Installer (Version: 05.12.00.036)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinZip 14.5 (Version: 14.5.9095)
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3240.93 MB
Available physical RAM: 2047.21 MB
Total Pagefile: 6480.15 MB
Available Pagefile: 5034.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.8 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:232.11 GB) (Free:180.49 GB) NTFS
4 Drive m: () (Network) (Total:297.32 GB) (Free:243.04 GB) NTFS

========================= Users: ========================================

User accounts for \\OS2

Administrator Guest Kevin

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#14 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 27,527
Joined: 25-January 08
Gender:Female
Location:At home

Posted 07 February 2012 - 09:03 AM

Hi,

these are looking good. Your USB still isn't working?

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#15 Goose84

Member

Group: Members
Posts: 26
Joined: 31-January 12
Gender:Male

Posted 07 February 2012 - 10:23 AM

Nope, still have no USB. Items connected through USB are Battery Backup, Hp Laserjet, wireless keyboard and mouse. Device manager shows warning on USB drivers.