Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen count = lost track.


  • This topic is locked This topic is locked
9 replies to this topic

#1 epyonzero

epyonzero

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 10 March 2011 - 09:12 PM

My computer has been crashing non stop, I can only get it opened to scan and make logs in safe mode. I will not work in safe mode + networking. Basically I opened a .exe file and a couple of hours later I got my first BSOD. Ever since then I has problems with crashing instantly, freezing on boot up, and more crashing. Here are the log files. A friend of mine recommended Combofix and I ran it successfully but it crashed right after the log report came up.I hope someone can help me with this matter as it is important and urgent that I get my laptop ready for my presentation at work.

Thanks,

D

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:35 AM

Posted 10 March 2011 - 09:37 PM

Hello epyonzero,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.
  • There should be a Combofix log located at C:\Combofix.txt. Please find that log and post it if it is there.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 epyonzero

epyonzero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 10 March 2011 - 09:46 PM

There is a .txt file but it is blank.

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:35 AM

Posted 10 March 2011 - 11:20 PM

Hello,

Ok, We wil run it again.


Please delete the copy of Combofix you have then proceed with the following instructions.


Run both of the following in Safemode.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.



Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

Edited by fireman4it, 10 March 2011 - 11:21 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 epyonzero

epyonzero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 11 March 2011 - 01:12 AM

Thank you fireman4,

It seems my computer no longer crashes, it returned to normal however, I cannot open or access any files or programs. A error message that reads "Illegal operation attempted on a registry key that has been marked for deletion." every time I try to open anything, including these log files so I moved them to a usb. What shall I do now? Is it okay for me to restart my computer?

Edit - I couldn't wait because I desperately need to use my laptop. I restarted it in safemode and used sfc /scannow in Run, rebooted after it was done in normal mode and everything is able to open.

TDSSKILLER Log
2011/03/11 00:43:03.0454 1708 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/11 00:43:03.0470 1708 ================================================================================
2011/03/11 00:43:03.0470 1708 SystemInfo:
2011/03/11 00:43:03.0470 1708
2011/03/11 00:43:03.0470 1708 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/11 00:43:03.0470 1708 Product type: Workstation
2011/03/11 00:43:03.0470 1708 ComputerName: UOSL10-R814HEH
2011/03/11 00:43:03.0470 1708 UserName: 100316845
2011/03/11 00:43:03.0470 1708 Windows directory: C:\Windows
2011/03/11 00:43:03.0470 1708 System windows directory: C:\Windows
2011/03/11 00:43:03.0470 1708 Processor architecture: Intel x86
2011/03/11 00:43:03.0470 1708 Number of processors: 4
2011/03/11 00:43:03.0470 1708 Page size: 0x1000
2011/03/11 00:43:03.0470 1708 Boot type: Safe boot
2011/03/11 00:43:03.0470 1708 ================================================================================
2011/03/11 00:43:03.0672 1708 Initialize success
2011/03/11 00:43:06.0465 1736 ================================================================================
2011/03/11 00:43:06.0465 1736 Scan started
2011/03/11 00:43:06.0465 1736 Mode: Manual;
2011/03/11 00:43:06.0465 1736 ================================================================================
2011/03/11 00:43:07.0245 1736 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/11 00:43:07.0292 1736 5U877 (5e67a474cbc887daf0ddd343f6f7fea0) C:\Windows\system32\DRIVERS\5U877.sys
2011/03/11 00:43:07.0370 1736 ACPI (c69d550c6b3f8f32913e7e5200de8dd9) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/11 00:43:07.0432 1736 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/11 00:43:07.0541 1736 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/11 00:43:07.0619 1736 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/11 00:43:07.0697 1736 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/11 00:43:07.0760 1736 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/03/11 00:43:07.0838 1736 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/11 00:43:07.0884 1736 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/03/11 00:43:07.0994 1736 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/11 00:43:08.0025 1736 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/03/11 00:43:08.0103 1736 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/11 00:43:08.0196 1736 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/11 00:43:08.0259 1736 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/11 00:43:08.0321 1736 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/11 00:43:08.0368 1736 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/11 00:43:08.0415 1736 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/11 00:43:08.0446 1736 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/03/11 00:43:08.0586 1736 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/03/11 00:43:08.0633 1736 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/11 00:43:08.0727 1736 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/11 00:43:08.0805 1736 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/11 00:43:08.0898 1736 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/03/11 00:43:08.0945 1736 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/11 00:43:09.0023 1736 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/03/11 00:43:09.0117 1736 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/11 00:43:09.0179 1736 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/11 00:43:09.0226 1736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/11 00:43:09.0273 1736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/11 00:43:09.0366 1736 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/03/11 00:43:09.0398 1736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/11 00:43:09.0460 1736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/11 00:43:09.0507 1736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/11 00:43:09.0554 1736 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/11 00:43:09.0725 1736 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/11 00:43:09.0834 1736 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/11 00:43:09.0881 1736 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/11 00:43:09.0944 1736 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/03/11 00:43:10.0022 1736 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/11 00:43:10.0068 1736 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/11 00:43:10.0084 1736 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/03/11 00:43:10.0146 1736 CnxtHdAudService (a0cdca3e0936081c796b3a2059cdc940) C:\Windows\system32\drivers\CHDRT32.sys
2011/03/11 00:43:10.0178 1736 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/11 00:43:10.0240 1736 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/11 00:43:10.0271 1736 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/11 00:43:10.0334 1736 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/03/11 00:43:10.0396 1736 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\Windows\system32\drivers\cvintdrv.sys
2011/03/11 00:43:10.0443 1736 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/03/11 00:43:10.0474 1736 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/03/11 00:43:10.0505 1736 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/03/11 00:43:10.0568 1736 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\Windows\system32\DRIVERS\DozeHDD.sys
2011/03/11 00:43:10.0599 1736 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/03/11 00:43:10.0646 1736 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/11 00:43:10.0677 1736 e1kexpress (a13f07a0422e4a04e7ff6f6f3b05e729) C:\Windows\system32\DRIVERS\e1k6232.sys
2011/03/11 00:43:10.0786 1736 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/03/11 00:43:10.0895 1736 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/11 00:43:10.0926 1736 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/11 00:43:11.0004 1736 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/03/11 00:43:11.0082 1736 F-Secure Filter (e4b53c5cbff8a983318e8efbe23c42df) C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
2011/03/11 00:43:11.0114 1736 F-Secure Gatekeeper (ba3a72b0d43954f8a92c6d896183017d) C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys
2011/03/11 00:43:11.0192 1736 F-Secure Recognizer (5848ff91b0af1219930b0259ec5bbc2b) C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
2011/03/11 00:43:11.0238 1736 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/03/11 00:43:11.0301 1736 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/11 00:43:11.0316 1736 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/03/11 00:43:11.0348 1736 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/03/11 00:43:11.0426 1736 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/11 00:43:11.0488 1736 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/03/11 00:43:11.0519 1736 fsbts (0e3e5d0486c4e2128b9f0e1c2fd410c4) C:\Windows\system32\Drivers\fsbts.sys
2011/03/11 00:43:11.0535 1736 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/03/11 00:43:11.0566 1736 FSES (fa3371a73f4077de5bf95e775dc37a13) C:\Windows\system32\drivers\fses.sys
2011/03/11 00:43:11.0613 1736 FSFW (968efc0addc616dc6b6edcf78e16fea9) C:\Windows\system32\drivers\fsdfw.sys
2011/03/11 00:43:11.0738 1736 fsvista (343f78d3a7856b70181a1b84abdb743f) C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys
2011/03/11 00:43:11.0753 1736 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/11 00:43:11.0816 1736 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/11 00:43:11.0847 1736 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/11 00:43:11.0894 1736 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/11 00:43:11.0925 1736 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/11 00:43:11.0956 1736 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/03/11 00:43:12.0003 1736 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/11 00:43:12.0034 1736 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
2011/03/11 00:43:12.0065 1736 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/11 00:43:12.0143 1736 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/11 00:43:12.0174 1736 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/11 00:43:12.0221 1736 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/11 00:43:12.0268 1736 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/11 00:43:12.0330 1736 HSF_DPV (c761b4a8391f5e47f7c51a691ce773f4) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/03/11 00:43:12.0362 1736 HSXHWAZL (50b42ef358a2e5363be6b77138a22391) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/03/11 00:43:12.0408 1736 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/03/11 00:43:12.0440 1736 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/11 00:43:12.0471 1736 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/11 00:43:12.0533 1736 iastor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/11 00:43:12.0564 1736 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/11 00:43:12.0611 1736 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2011/03/11 00:43:12.0658 1736 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/11 00:43:12.0736 1736 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\Windows\system32\DRIVERS\Impcd.sys
2011/03/11 00:43:12.0814 1736 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/11 00:43:12.0861 1736 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/11 00:43:12.0923 1736 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/11 00:43:12.0986 1736 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/11 00:43:13.0032 1736 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/03/11 00:43:13.0095 1736 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/03/11 00:43:13.0142 1736 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/11 00:43:13.0204 1736 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/11 00:43:13.0266 1736 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/11 00:43:13.0344 1736 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/11 00:43:13.0407 1736 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/11 00:43:13.0454 1736 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/11 00:43:13.0532 1736 ldblank (b42d0d37f8c76ed9a462404afe520edb) C:\Windows\system32\DRIVERS\ldblank.sys
2011/03/11 00:43:13.0578 1736 ldmirror (a3b89beb5fb3ad3bef5e58a5885aea63) C:\Windows\system32\DRIVERS\ldmirror.sys
2011/03/11 00:43:13.0656 1736 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
2011/03/11 00:43:13.0734 1736 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/11 00:43:13.0812 1736 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/11 00:43:13.0875 1736 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/11 00:43:13.0922 1736 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/11 00:43:13.0984 1736 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/11 00:43:14.0046 1736 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/03/11 00:43:14.0124 1736 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/03/11 00:43:14.0187 1736 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/11 00:43:14.0234 1736 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/11 00:43:14.0312 1736 mirrorflt (aadae4ec10f7075217e87c5cfc0580c9) C:\Windows\system32\DRIVERS\mirrorflt.sys
2011/03/11 00:43:14.0343 1736 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/03/11 00:43:14.0390 1736 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/11 00:43:14.0468 1736 MotioninJoyXFilter (d1a65145cda845048da97dd244a38d1d) C:\Windows\system32\DRIVERS\MijXfilt.sys
2011/03/11 00:43:14.0546 1736 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/11 00:43:14.0592 1736 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/11 00:43:14.0670 1736 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/03/11 00:43:14.0733 1736 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/11 00:43:14.0780 1736 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/11 00:43:14.0826 1736 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/03/11 00:43:14.0904 1736 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/11 00:43:14.0951 1736 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/11 00:43:15.0014 1736 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/11 00:43:15.0060 1736 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/11 00:43:15.0107 1736 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/11 00:43:15.0170 1736 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/03/11 00:43:15.0216 1736 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/11 00:43:15.0294 1736 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/11 00:43:15.0357 1736 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/11 00:43:15.0404 1736 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/11 00:43:15.0450 1736 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/03/11 00:43:15.0497 1736 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/03/11 00:43:15.0544 1736 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/11 00:43:15.0606 1736 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/03/11 00:43:15.0653 1736 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/11 00:43:15.0684 1736 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/03/11 00:43:15.0778 1736 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/11 00:43:15.0840 1736 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/03/11 00:43:15.0903 1736 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/11 00:43:15.0950 1736 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/11 00:43:15.0996 1736 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/11 00:43:16.0028 1736 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/11 00:43:16.0059 1736 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/03/11 00:43:16.0121 1736 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
2011/03/11 00:43:16.0168 1736 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/11 00:43:16.0215 1736 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/11 00:43:16.0527 1736 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
2011/03/11 00:43:16.0698 1736 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/11 00:43:16.0776 1736 nidimk (be4af05c8d9176a65b2854e7a1da752b) C:\Windows\system32\drivers\nidimk.dll
2011/03/11 00:43:16.0839 1736 niorbk (79b4624620cce9cc8decbf5ed7898f2c) C:\Windows\system32\drivers\niorbk.dll
2011/03/11 00:43:16.0932 1736 NIPALK (dda074ee53c37dc5b54e1ba2b414f10a) C:\Windows\system32\drivers\NIPALK.sys
2011/03/11 00:43:16.0995 1736 nipxirmk (e58b22c89cc8d3c7a511f03148a1eab9) C:\Windows\system32\drivers\nipxirmk.dll
2011/03/11 00:43:17.0073 1736 NiViPxiK (bf2e68c70db20888a3d58bfe6a7644e3) C:\Windows\system32\drivers\NiViPxiK.sys
2011/03/11 00:43:17.0151 1736 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/03/11 00:43:17.0198 1736 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/11 00:43:17.0276 1736 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/03/11 00:43:17.0338 1736 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/03/11 00:43:17.0400 1736 NVHDA (79e97cdae5449a59a4798fc5b006c58f) C:\Windows\system32\drivers\nvhda32v.sys
2011/03/11 00:43:17.0619 1736 nvlddmkm (5d84d687c81036db2f95d2b01367261c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/11 00:43:17.0837 1736 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/11 00:43:17.0884 1736 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/11 00:43:17.0946 1736 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/11 00:43:18.0009 1736 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/11 00:43:18.0118 1736 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/03/11 00:43:18.0149 1736 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/03/11 00:43:18.0180 1736 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/11 00:43:18.0243 1736 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/03/11 00:43:18.0305 1736 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/11 00:43:18.0352 1736 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/11 00:43:18.0399 1736 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/03/11 00:43:18.0461 1736 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/03/11 00:43:18.0570 1736 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/11 00:43:18.0617 1736 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/03/11 00:43:18.0726 1736 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows\system32\DRIVERS\psadd.sys
2011/03/11 00:43:18.0773 1736 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/11 00:43:18.0836 1736 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/11 00:43:18.0898 1736 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/11 00:43:18.0929 1736 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/11 00:43:18.0976 1736 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/11 00:43:19.0023 1736 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/11 00:43:19.0070 1736 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/11 00:43:19.0116 1736 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/11 00:43:19.0163 1736 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/11 00:43:19.0226 1736 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/11 00:43:19.0272 1736 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/11 00:43:19.0335 1736 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/11 00:43:19.0397 1736 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/03/11 00:43:19.0475 1736 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/11 00:43:19.0506 1736 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/11 00:43:19.0553 1736 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/03/11 00:43:19.0584 1736 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/03/11 00:43:19.0678 1736 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows\system32\DRIVERS\rimspe86.sys
2011/03/11 00:43:19.0756 1736 rixdpcie (6a60626412129c713cc30c81870a8095) C:\Windows\system32\DRIVERS\rixdpe86.sys
2011/03/11 00:43:19.0834 1736 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2011/03/11 00:43:19.0881 1736 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/11 00:43:19.0943 1736 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/03/11 00:43:20.0021 1736 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/11 00:43:20.0099 1736 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/11 00:43:20.0224 1736 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/11 00:43:20.0271 1736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/11 00:43:20.0349 1736 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/11 00:43:20.0396 1736 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/03/11 00:43:20.0442 1736 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/11 00:43:20.0505 1736 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/11 00:43:20.0567 1736 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/11 00:43:20.0614 1736 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/11 00:43:20.0661 1736 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/11 00:43:20.0723 1736 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\Windows\system32\DRIVERS\Apsx86.sys
2011/03/11 00:43:20.0801 1736 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/03/11 00:43:20.0864 1736 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/11 00:43:20.0926 1736 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/11 00:43:20.0988 1736 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/03/11 00:43:21.0066 1736 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/03/11 00:43:21.0160 1736 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/11 00:43:21.0207 1736 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/11 00:43:21.0269 1736 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/03/11 00:43:21.0332 1736 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/03/11 00:43:21.0425 1736 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/03/11 00:43:21.0503 1736 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/11 00:43:21.0581 1736 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/11 00:43:21.0659 1736 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/03/11 00:43:21.0706 1736 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/03/11 00:43:21.0737 1736 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/11 00:43:21.0800 1736 SynTP (0953d53a2d272de4c4be1e6c6a2c90d4) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/11 00:43:21.0878 1736 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2011/03/11 00:43:21.0971 1736 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/11 00:43:22.0034 1736 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/11 00:43:22.0080 1736 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/03/11 00:43:22.0127 1736 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/11 00:43:22.0158 1736 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/11 00:43:22.0205 1736 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/11 00:43:22.0283 1736 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\Windows\system32\DRIVERS\ApsHM86.sys
2011/03/11 00:43:22.0377 1736 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
2011/03/11 00:43:22.0439 1736 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys
2011/03/11 00:43:22.0502 1736 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/11 00:43:22.0548 1736 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/11 00:43:22.0595 1736 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/11 00:43:22.0642 1736 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/11 00:43:22.0704 1736 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/11 00:43:22.0767 1736 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/11 00:43:22.0814 1736 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/11 00:43:22.0892 1736 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/11 00:43:22.0954 1736 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/11 00:43:23.0001 1736 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/11 00:43:23.0063 1736 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/11 00:43:23.0110 1736 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/11 00:43:23.0157 1736 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/11 00:43:23.0204 1736 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/11 00:43:23.0266 1736 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/11 00:43:23.0297 1736 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/11 00:43:23.0391 1736 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/11 00:43:23.0453 1736 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/11 00:43:23.0547 1736 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/11 00:43:23.0594 1736 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/03/11 00:43:23.0640 1736 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/11 00:43:23.0703 1736 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/03/11 00:43:23.0765 1736 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/03/11 00:43:23.0828 1736 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/11 00:43:23.0906 1736 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/03/11 00:43:23.0952 1736 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/03/11 00:43:23.0999 1736 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/11 00:43:24.0046 1736 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/03/11 00:43:24.0108 1736 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/11 00:43:24.0171 1736 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/11 00:43:24.0280 1736 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
2011/03/11 00:43:24.0342 1736 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/11 00:43:24.0389 1736 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/11 00:43:24.0452 1736 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/11 00:43:24.0530 1736 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/11 00:43:24.0545 1736 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/11 00:43:24.0608 1736 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/03/11 00:43:24.0654 1736 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/11 00:43:24.0748 1736 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/11 00:43:24.0795 1736 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/03/11 00:43:24.0857 1736 winachsf (253a9c2df9a2a7b3b23146014959f2cd) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/03/11 00:43:24.0935 1736 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/03/11 00:43:25.0013 1736 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/11 00:43:25.0060 1736 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/11 00:43:25.0122 1736 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/03/11 00:43:25.0200 1736 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/11 00:43:25.0278 1736 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
2011/03/11 00:43:25.0372 1736 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
2011/03/11 00:43:25.0419 1736 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/11 00:43:25.0434 1736 ================================================================================
2011/03/11 00:43:25.0434 1736 Scan finished
2011/03/11 00:43:25.0434 1736 ================================================================================
2011/03/11 00:43:25.0450 1728 Detected object count: 1
2011/03/11 00:44:15.0292 1728 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/11 00:44:15.0292 1728 \HardDisk0 - ok
2011/03/11 00:44:15.0292 1728 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/11 00:44:17.0008 1704 Deinitialize success


ComboFix Log
ComboFix 11-03-05.01 - 100316845 03/11/2011 0:50.2.4 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3060.2128 [GMT -5:00]
Running from: G:\ComboFix.exe
AV: F-Secure Client Security 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Client Security 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-11 to 2011-03-11 )))))))))))))))))))))))))))))))
.
.
2011-03-11 05:58 . 2011-03-11 05:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-11 05:58 . 2011-03-11 05:58 -------- d-----w- c:\users\Mobile\AppData\Local\temp
2011-03-11 05:58 . 2011-03-11 05:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-11 05:46 . 2011-03-11 05:46 -------- d-----w- c:\users\100316845\AppData\Local\{FBD4740D-4649-409E-857C-1AFDDB486E95}
2011-03-11 00:30 . 2011-03-11 00:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-03-10 02:47 . 2011-03-10 02:48 -------- d-----w- c:\program files\CCleaner
2011-03-10 01:31 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-10 01:31 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-09 21:45 . 2011-03-09 22:09 -------- d-----w- c:\program files\Tansee iPhone Copy
2011-03-09 21:42 . 2011-03-10 05:46 -------- d-----w- c:\users\100316845\AppData\Roaming\uTorrent
2011-03-09 21:36 . 2011-03-09 22:06 -------- d-----w- c:\program files\Tansee iPhone Transfer SMS
2011-03-09 20:40 . 2011-03-09 22:06 -------- d-----w- c:\users\100316845\AppData\Roaming\DiskAid
2011-03-09 17:23 . 2011-03-09 17:23 -------- d-----w- c:\users\100316845\AppData\Local\{CC93E686-1D8B-4C09-8BA8-5AD190DFA68E}
2011-03-09 02:58 . 2011-03-09 02:58 -------- d-----w- c:\users\100316845\AppData\Local\{838268C8-28D9-451F-8264-A48EFFA06C9C}
2011-03-08 17:11 . 2011-03-08 17:11 -------- d-----w- c:\program files\iPod
2011-03-08 17:11 . 2011-03-08 17:11 -------- d-----w- c:\program files\iTunes
2011-03-08 14:57 . 2011-03-08 14:57 -------- d-----w- c:\users\100316845\AppData\Local\{03D7467A-E66A-4C57-A208-60E546A187AD}
2011-03-07 21:18 . 2011-03-07 21:19 -------- d-----w- c:\users\100316845\AppData\Local\{DE22D432-1172-4A7A-A422-E11B5D5EDCB8}
2011-03-07 08:23 . 2011-03-07 08:23 -------- d-----w- c:\users\100316845\AppData\Local\{32B2584C-E1D2-48EC-8FB1-D163C1AD9960}
2011-03-06 20:23 . 2011-03-06 20:23 -------- d-----w- c:\users\100316845\AppData\Local\{260A268A-4444-4CD2-893B-92CF298C6D99}
2011-03-05 23:50 . 2011-03-05 23:50 -------- d-----w- c:\users\100316845\AppData\Local\{65BD5F1D-C56D-43D1-8D51-72765EA5CDFA}
2011-03-04 20:10 . 2011-03-04 20:10 -------- d-----w- c:\users\100316845\AppData\Local\{D42F9E9D-59F2-4011-9C66-E219CB4F96E9}
2011-03-04 08:09 . 2011-03-04 08:10 -------- d-----w- c:\users\100316845\AppData\Local\{B64D1C00-87DA-4795-9EE6-BF4772512EDD}
2011-03-03 20:09 . 2011-03-03 20:09 -------- d-----w- c:\users\100316845\AppData\Local\{923234F6-EBFB-4A51-BB91-2725181281C7}
2011-03-02 18:50 . 2011-03-02 18:50 -------- d-----w- c:\users\100316845\AppData\Local\{3169A734-0BCF-4BA9-90A1-C2A828D951CC}
2011-03-02 06:49 . 2011-03-02 06:50 -------- d-----w- c:\users\100316845\AppData\Local\{20EE6A2B-AA30-4819-8DC2-498BA49B3405}
2011-03-01 18:49 . 2011-03-01 18:49 -------- d-----w- c:\users\100316845\AppData\Local\{1F223907-1A1E-416C-AC61-63DCCBFDBBA8}
2011-03-01 06:49 . 2011-03-01 06:49 -------- d-----w- c:\users\100316845\AppData\Local\{42650537-B883-4C1C-A060-E2726C9A5AFE}
2011-02-28 18:46 . 2011-02-28 18:49 -------- d-----w- c:\users\100316845\AppData\Local\{4981EB98-FEB1-46A7-89CE-D4267A91A8D5}
2011-02-28 05:31 . 2011-02-28 05:31 -------- d-----w- c:\users\100316845\AppData\Local\{3763C730-A837-4C51-BB35-F8B5A74B7D3F}
2011-02-27 17:30 . 2011-02-27 17:31 -------- d-----w- c:\users\100316845\AppData\Local\{8C0D89EF-9752-472B-A54A-95742644032E}
2011-02-27 00:48 . 2011-02-27 00:48 -------- d-----w- c:\users\100316845\AppData\Local\{53BF7D57-FE29-422D-933C-A001155D874B}
2011-02-26 12:48 . 2011-02-26 12:48 -------- d-----w- c:\users\100316845\AppData\Local\{825258D3-C0E5-440A-A27D-1D49E9254ED8}
2011-02-26 00:48 . 2011-02-26 00:48 -------- d-----w- c:\users\100316845\AppData\Local\{180C600A-B449-4CA7-B555-A70D868AC0FF}
2011-02-25 12:47 . 2011-02-25 12:48 -------- d-----w- c:\users\100316845\AppData\Local\{B654B71B-AC8B-4AD6-B47B-98B1CD025587}
2011-02-25 00:47 . 2011-02-25 00:47 -------- d-----w- c:\users\100316845\AppData\Local\{9EF4560E-5261-400A-B778-22F8A9F57B95}
2011-02-25 00:10 . 2011-02-25 00:10 -------- d-----w- c:\users\100316845\AppData\Local\{9788696D-1C41-4E68-8347-EBF2310FEF89}
2011-02-24 05:59 . 2011-02-24 05:59 -------- d-----w- c:\users\100316845\AppData\Local\{EB51A6AB-DE2B-485F-A8B3-7670D804967F}
2011-02-23 17:59 . 2011-02-23 17:59 -------- d-----w- c:\users\100316845\AppData\Local\{687DB214-4D70-447F-B1E4-8F528EA617EF}
2011-02-22 19:12 . 2011-02-22 19:12 -------- d-----w- c:\users\100316845\AppData\Local\{BCF7FD6E-A12C-45B0-82BB-EC8D8AB8FD36}
2011-02-22 07:00 . 2011-02-22 07:00 -------- d-----w- c:\users\100316845\AppData\Local\{393CC73C-FACE-4DBF-96E9-C22E68002BF3}
2011-02-21 18:59 . 2011-02-21 19:00 -------- d-----w- c:\users\100316845\AppData\Local\{CDE17EF0-087D-4F18-96A1-54EFF8C55F91}
2011-02-21 05:23 . 2011-02-21 05:23 -------- d-----w- c:\users\100316845\AppData\Local\{313D8EA7-0DDE-467E-B104-400F3B710EFE}
2011-02-20 17:23 . 2011-02-20 17:23 -------- d-----w- c:\users\100316845\AppData\Local\{9D0B7254-1285-4433-8F57-0A2D50783917}
2011-02-20 05:22 . 2011-02-20 05:23 -------- d-----w- c:\users\100316845\AppData\Local\{81D0BEFA-53EF-4101-B7EF-B64847D46A0D}
2011-02-19 17:22 . 2011-02-19 17:22 -------- d-----w- c:\users\100316845\AppData\Local\{6966A2F0-B280-43A4-BAC5-F9C20A2E9DE9}
2011-02-19 01:31 . 2011-02-19 01:31 -------- d-----w- c:\users\100316845\AppData\Local\{65342FEE-DAC9-4A89-866E-B4FB36FB3942}
2011-02-19 01:16 . 2011-02-19 01:16 -------- d-----w- c:\users\100316845\AppData\Local\{499475F5-6138-4997-8489-25AF93F90E68}
2011-02-18 21:36 . 2011-02-18 21:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 13:35 . 2011-02-18 13:35 -------- d-----w- c:\program files\Common Files\Skype
2011-02-18 07:14 . 2011-02-18 07:14 -------- d-----w- c:\users\100316845\AppData\Local\{4E58D1ED-A324-476E-9265-973FAB40E160}
2011-02-17 19:13 . 2011-02-17 19:14 -------- d-----w- c:\users\100316845\AppData\Local\{6B965ABE-1CDD-4A24-AF0D-FD3193EA4A39}
2011-02-17 19:05 . 2011-02-17 19:05 -------- d--h--w- c:\users\100316845\AppData\Local\DDMSettings
2011-02-17 07:13 . 2011-02-17 07:13 -------- d-----w- c:\users\100316845\AppData\Local\{0E73266D-4DB2-4A77-9258-8620ACFD2C0A}
2011-02-16 19:12 . 2011-02-16 19:13 -------- d-----w- c:\users\100316845\AppData\Local\{1642CA23-5870-42E5-8687-0B84F5E76B88}
2011-02-16 06:19 . 2011-02-16 06:19 -------- d-----w- c:\users\100316845\AppData\Local\{92A5ADCA-B188-4854-AFEF-1B9CDC556D3A}
2011-02-15 18:18 . 2011-02-15 18:18 -------- d-----w- c:\users\100316845\AppData\Local\{AE165867-3DD4-4D9D-BCF3-4190404B77B9}
2011-02-15 15:39 . 2011-02-15 15:39 -------- d-----w- c:\users\100316845\AppData\Local\{408C5EED-0EB6-4200-87DB-4E3A1A67D8AD}
2011-02-14 20:46 . 2011-02-14 20:46 -------- d-----w- c:\users\100316845\AppData\Local\{BD947693-38A3-4887-8ACE-A29D81D1D628}
2011-02-14 06:42 . 2011-02-14 06:42 -------- d-----w- c:\users\100316845\AppData\Local\{E2F17085-78D4-4511-BDC0-EEB3A992510E}
2011-02-13 18:41 . 2011-02-13 18:41 -------- d-----w- c:\users\100316845\AppData\Local\{4A80F24B-FB5F-4D13-9EF8-6F9A52369816}
2011-02-12 19:17 . 2011-02-12 19:18 -------- d-----w- c:\users\100316845\AppData\Local\{BCA04612-633B-45FC-AC47-B0251504F2C1}
2011-02-11 17:44 . 2011-02-11 17:44 -------- d-----w- c:\users\100316845\AppData\Local\{AD3EFDA5-8ED9-43FC-8D56-C6D00ED85467}
2011-02-11 05:05 . 2011-02-11 05:05 -------- d-----w- c:\users\100316845\AppData\Local\{5BE2E3F1-2683-422F-AC43-00CA9C65635F}
2011-02-10 17:04 . 2011-02-10 17:04 -------- d-----w- c:\users\100316845\AppData\Local\{48EEE772-B695-43EC-B625-915EED36E70E}
2011-02-10 05:04 . 2011-02-10 05:04 -------- d-----w- c:\users\100316845\AppData\Local\{8D2A7725-6451-42C4-9974-FAABDE1F84C1}
2011-02-09 14:38 . 2011-02-09 14:39 -------- d-----w- c:\users\100316845\AppData\Local\{B5E0C9D2-5E27-43D1-ADA7-229F181FC0DE}
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 23:26 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 14:52 . 2011-02-02 14:52 31744 ----a-w- c:\windows\system32\maplec.dll
2011-02-02 14:52 . 2011-02-02 14:52 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2011-02-02 14:52 . 2011-02-02 14:52 20480 ----a-w- c:\windows\system32\maplecompat.dll
2011-01-10 16:20 . 2010-06-08 20:05 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2007-02-08 14:48 . 2007-02-08 14:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2008-12-10 18:50 . 2008-12-10 18:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2010-01-09 02:09 . 2010-01-09 02:09 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\100316845\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-13 136176]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2010-10-02 92672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-03-03 886120]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-04 13838952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2010-03-26 301744]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2010-03-26 1653424]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat\Acrobat_sl.exe" [2010-04-04 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat\Acrotray.exe" [2010-04-03 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NI Background Service"="c:\program files\National Instruments\Shared\Update Service\BackgroundService.exe" [2009-08-25 77824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableStatusMessages"= 1 (0x1)
"LogonType"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 0 (0x0)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"NoSecurityTab"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-682003330-725345543-185429\Scripts\Logon\0\0]
"Script"=\\oncampus.local\NETLOGON\AcademicIntegrity\stu\icon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-682003330-725345543-185429\Scripts\Logon\1\0]
"Script"=\\oncampus.local\NETLOGON\IE6SiteAddition.bat
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HyperWorks Desktop Quick Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HyperWorks Desktop Quick Launch.lnk
backup=c:\windows\pss\HyperWorks Desktop Quick Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
-scheduler [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 15:17 952768 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS]
2009-10-01 23:08 111640 ----a-w- c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-02 02:45 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-02-04 03:06 1657448 ----a-w- c:\windows\System32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 18:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
2009-11-17 03:45 307768 ------w- c:\program files\CONEXANT\SAII\SAIICpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-01-10 130728]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\DRIVERS\ldblank.sys [2009-11-23 14336]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-21 81680]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
R3 NiViPxiK;NiViPxiK; [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-28 38912]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1343400]
R4 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentagent.exe [2010-10-15 147456]
R4 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-03-03 132456]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2010-03-26 39856]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2010-03-26 25264]
R4 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2011-01-10 63992]
R4 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [2010-10-15 205312]
R4 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\LANDesk\LDClient\tmcsvc.exe [2010-10-07 178688]
R4 LANDesk® Out-of-Band Monitor Service;LANDesk® Out-of-Band Monitor Service;c:\program files\LANDesk\LDClient\amtmon.exe [2010-09-10 1058304]
R4 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [2009-11-09 54632]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-11-17 44984]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-03-03 75112]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\softmon.exe [2010-10-21 385024]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-01-18 63928]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-03-03 24304]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-01-10 42664]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-03-26 35792]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-03-26 71120]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2010-03-26 12464]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [2003-04-24 107102]
S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [2003-04-18 36463]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-12-14 127232]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-12-10 214696]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 ldmirror;ldmirror;c:\windows\system32\DRIVERS\ldmirror.sys [2009-11-23 5120]
S3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\DRIVERS\mirrorflt.sys [2009-11-23 6144]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-682003330-725345543-185429Core.job
- c:\users\100316845\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-13 22:17]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-682003330-725345543-185429UA.job
- c:\users\100316845\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-13 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.uoit.ca/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\100316845\AppData\Roaming\Mozilla\Firefox\Profiles\kae8au9o.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1268)
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
Completion time: 2011-03-11 00:59:49
ComboFix-quarantined-files.txt 2011-03-11 05:59
ComboFix2.txt 2011-03-10 03:22
.
Pre-Run: 30,615,986,176 bytes free
Post-Run: 30,549,323,776 bytes free
.
- - End Of File - - 235E2BF37A64DEE489660199BDB29452

Edited by epyonzero, 11 March 2011 - 01:46 AM.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:35 AM

Posted 11 March 2011 - 05:02 PM

Hello,

It seems you had a MBR Infection. It has been cleared up now. We will do a couple other scans to make sure nothing else came with the infection.


1.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
Posted Image
You can refer to this short video by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

3.
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Things to include in your next reply::
MBAM log
Eset log
A new DDS log
How is your machine running now?

Edited by fireman4it, 11 March 2011 - 05:03 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 epyonzero

epyonzero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 11 March 2011 - 07:51 PM

The laptop runs perfect and fine although I don't know what services to enable now aside from all the Microsoft ones. Should I enable them all back? Feels like laptop is running 100%. Java will be updated after I reboot. I kindly thank you Fireman4it so much for the support and help you have given me.

Malwarebyte Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6015

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/11/2011 7:49:21 PM
mbam-log-2011-03-11 (19-49-21).txt

Scan type: Quick scan
Objects scanned: 194926
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


EsetScan Log

D:\Downloads\MsgPlusLive-490.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined

DDS Log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by 100316845 at 19:47:19.96 on Fri 03/11/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3060.917 [GMT -5:00]
.
AV: F-Secure Client Security 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Client Security 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\CBA\pds.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\Windows\system32\conhost.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\Program Files\LANDesk\LDClient\amtmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\nipalsm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Adobe\Acrobat\acrotray.exe
C:\PROGRA~1\LANDesk\LDClient\issclipexec.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Users\100316845\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\100316845\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\100316845\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\100316845\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\100316845\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\100316845\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\100316845\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\100316845\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\100316845\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\100316845\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\100316845\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\100316845\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\100316845\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.uoit.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Google Update] "c:\users\100316845\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DS3 Tool] c:\program files\motioninjoy\ds3\DS3_Tool.exe -mini
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NI Background Service] c:\program files\national instruments\shared\update service\BackgroundService.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoAutoUpdate = 0 (0x0)
uPolicies-explorer: NoStartMenuNetworkPlaces = 1 (0x1)
uPolicies-explorer: NoSecurityTab = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
mPolicies-system: DisableStatusMessages = 1 (0x1)
mPolicies-system: LogonType = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\100316~1\appdata\roaming\mozilla\firefox\profiles\kae8au9o.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv86win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv90win32.dll
FF - plugin: c:\users\100316845\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-3-3 24304]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-6-8 42664]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-6-8 35792]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-6-8 71120]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure\anti-virus\minifilter\fsvista.sys [2010-6-8 12464]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-3-3 13480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2010-10-15 147456]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2011-1-10 205312]
R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\landesk\ldclient\tmcsvc.exe [2011-1-10 178688]
R2 LANDesk® Out-of-Band Monitor Service;LANDesk® Out-of-Band Monitor Service;c:\program files\landesk\ldclient\amtmon.exe [2011-1-10 1058304]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [2003-4-23 107102]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [2003-4-18 36463]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-3-3 48640]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2011-1-10 385024]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-6-8 127232]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-3-3 214696]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-3-3 125696]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2011-1-10 5120]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2011-1-10 6144]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-6-8 68200]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-9 38224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2010-6-8 130728]
S3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2011-1-10 14336]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-2-5 81680]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 NiViPxiK;NiViPxiK;c:\windows\system32\drivers\NiViPxiK.sys [2003-6-24 17920]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-3-3 38912]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1343400]
S4 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-6-8 132456]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2010-6-8 39856]
S4 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2010-6-8 219824]
S4 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program files\f-secure\common\FNRB32.exe [2010-6-8 166576]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2010-6-8 25264]
S4 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2010-6-8 63992]
S4 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\hotkey\cammute.exe [2010-3-3 54632]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-3-3 44984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-3-3 75112]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
S4 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-3-3 63928]
S4 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-3-3 2320920]
.
=============== Created Last 30 ================
.
2011-03-12 00:12:53 -------- d-----w- c:\users\100316~1\appdata\local\{D24AC11B-B983-4929-96F2-4D8ACA1454E1}
2011-03-11 22:23:15 -------- d-----w- c:\program files\ESET
2011-03-11 21:51:31 -------- d-----w- c:\users\100316~1\appdata\local\{2077D935-DDFA-4087-AD1A-575E30DA5249}
2011-03-11 09:15:39 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-03-11 09:15:06 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-11 09:15:03 -------- d-----w- C:\_AcroTemp
2011-03-11 07:41:16 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-11 07:41:16 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-03-11 07:41:05 -------- d-----w- c:\program files\MSXML 4.0
2011-03-11 07:40:18 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-11 07:29:17 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8202c68b-0278-426a-b80f-45dcaa14e2ce}\mpengine.dll
2011-03-11 07:28:58 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-03-11 07:28:57 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-03-11 07:28:57 107520 ----a-w- c:\windows\system32\cdd.dll
2011-03-11 06:41:37 -------- d-----w- c:\users\100316~1\appdata\local\{0082C16F-644E-471C-98FC-E572E6AE003C}
2011-03-11 05:59:06 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-11 05:46:27 -------- d-----w- c:\users\100316~1\appdata\local\{FBD4740D-4649-409E-857C-1AFDDB486E95}
2011-03-10 06:07:39 -------- d-----w- c:\windows\pss
2011-03-10 03:08:20 98816 ----a-w- c:\windows\sed.exe
2011-03-10 03:08:20 89088 ----a-w- c:\windows\MBR.exe
2011-03-10 03:08:20 256512 ----a-w- c:\windows\PEV.exe
2011-03-10 03:08:20 161792 ----a-w- c:\windows\SWREG.exe
2011-03-10 02:47:59 -------- d-----w- c:\program files\CCleaner
2011-03-10 01:31:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-10 01:31:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-09 21:45:17 -------- d-----w- c:\program files\Tansee iPhone Copy
2011-03-09 21:42:00 -------- d-----w- c:\users\100316~1\appdata\roaming\uTorrent
2011-03-09 21:36:34 -------- d-----w- c:\program files\Tansee iPhone Transfer SMS
2011-03-09 20:40:00 -------- d-----w- c:\users\100316~1\appdata\roaming\DiskAid
2011-03-09 17:23:03 -------- d-----w- c:\users\100316~1\appdata\local\{CC93E686-1D8B-4C09-8BA8-5AD190DFA68E}
2011-03-09 02:58:09 -------- d-----w- c:\users\100316~1\appdata\local\{838268C8-28D9-451F-8264-A48EFFA06C9C}
2011-03-08 17:11:22 -------- d-----w- c:\program files\iPod
2011-03-08 17:11:21 -------- d-----w- c:\program files\iTunes
2011-03-08 14:57:20 -------- d-----w- c:\users\100316~1\appdata\local\{03D7467A-E66A-4C57-A208-60E546A187AD}
2011-03-07 21:18:58 -------- d-----w- c:\users\100316~1\appdata\local\{DE22D432-1172-4A7A-A422-E11B5D5EDCB8}
2011-03-07 08:23:48 -------- d-----w- c:\users\100316~1\appdata\local\{32B2584C-E1D2-48EC-8FB1-D163C1AD9960}
2011-03-06 20:23:00 -------- d-----w- c:\users\100316~1\appdata\local\{260A268A-4444-4CD2-893B-92CF298C6D99}
2011-03-05 23:50:22 -------- d-----w- c:\users\100316~1\appdata\local\{65BD5F1D-C56D-43D1-8D51-72765EA5CDFA}
2011-03-04 20:10:20 -------- d-----w- c:\users\100316~1\appdata\local\{D42F9E9D-59F2-4011-9C66-E219CB4F96E9}
2011-03-04 08:09:57 -------- d-----w- c:\users\100316~1\appdata\local\{B64D1C00-87DA-4795-9EE6-BF4772512EDD}
2011-03-03 20:09:46 -------- d-----w- c:\users\100316~1\appdata\local\{923234F6-EBFB-4A51-BB91-2725181281C7}
2011-03-02 18:50:07 -------- d-----w- c:\users\100316~1\appdata\local\{3169A734-0BCF-4BA9-90A1-C2A828D951CC}
2011-03-02 06:49:56 -------- d-----w- c:\users\100316~1\appdata\local\{20EE6A2B-AA30-4819-8DC2-498BA49B3405}
2011-03-01 18:49:46 -------- d-----w- c:\users\100316~1\appdata\local\{1F223907-1A1E-416C-AC61-63DCCBFDBBA8}
2011-03-01 06:49:35 -------- d-----w- c:\users\100316~1\appdata\local\{42650537-B883-4C1C-A060-E2726C9A5AFE}
2011-02-28 18:46:20 -------- d-----w- c:\users\100316~1\appdata\local\{4981EB98-FEB1-46A7-89CE-D4267A91A8D5}
2011-02-28 05:31:08 -------- d-----w- c:\users\100316~1\appdata\local\{3763C730-A837-4C51-BB35-F8B5A74B7D3F}
2011-02-27 17:30:58 -------- d-----w- c:\users\100316~1\appdata\local\{8C0D89EF-9752-472B-A54A-95742644032E}
2011-02-27 00:48:25 -------- d-----w- c:\users\100316~1\appdata\local\{53BF7D57-FE29-422D-933C-A001155D874B}
2011-02-26 12:48:14 -------- d-----w- c:\users\100316~1\appdata\local\{825258D3-C0E5-440A-A27D-1D49E9254ED8}
2011-02-26 00:48:03 -------- d-----w- c:\users\100316~1\appdata\local\{180C600A-B449-4CA7-B555-A70D868AC0FF}
2011-02-25 12:47:52 -------- d-----w- c:\users\100316~1\appdata\local\{B654B71B-AC8B-4AD6-B47B-98B1CD025587}
2011-02-25 00:47:42 -------- d-----w- c:\users\100316~1\appdata\local\{9EF4560E-5261-400A-B778-22F8A9F57B95}
2011-02-25 00:10:41 -------- d-----w- c:\users\100316~1\appdata\local\{9788696D-1C41-4E68-8347-EBF2310FEF89}
2011-02-24 05:59:18 -------- d-----w- c:\users\100316~1\appdata\local\{EB51A6AB-DE2B-485F-A8B3-7670D804967F}
2011-02-23 17:59:21 -------- d-----w- c:\users\100316~1\appdata\local\{687DB214-4D70-447F-B1E4-8F528EA617EF}
2011-02-22 19:12:54 -------- d-----w- c:\users\100316~1\appdata\local\{BCF7FD6E-A12C-45B0-82BB-EC8D8AB8FD36}
2011-02-22 07:00:12 -------- d-----w- c:\users\100316~1\appdata\local\{393CC73C-FACE-4DBF-96E9-C22E68002BF3}
2011-02-21 18:59:35 -------- d-----w- c:\users\100316~1\appdata\local\{CDE17EF0-087D-4F18-96A1-54EFF8C55F91}
2011-02-21 05:23:19 -------- d-----w- c:\users\100316~1\appdata\local\{313D8EA7-0DDE-467E-B104-400F3B710EFE}
2011-02-20 17:23:08 -------- d-----w- c:\users\100316~1\appdata\local\{9D0B7254-1285-4433-8F57-0A2D50783917}
2011-02-20 05:22:57 -------- d-----w- c:\users\100316~1\appdata\local\{81D0BEFA-53EF-4101-B7EF-B64847D46A0D}
2011-02-19 17:22:09 -------- d-----w- c:\users\100316~1\appdata\local\{6966A2F0-B280-43A4-BAC5-F9C20A2E9DE9}
2011-02-19 01:31:31 -------- d-----w- c:\users\100316~1\appdata\local\{65342FEE-DAC9-4A89-866E-B4FB36FB3942}
2011-02-19 01:16:06 -------- d-----w- c:\users\100316~1\appdata\local\{499475F5-6138-4997-8489-25AF93F90E68}
2011-02-18 21:36:58 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 07:14:04 -------- d-----w- c:\users\100316~1\appdata\local\{4E58D1ED-A324-476E-9265-973FAB40E160}
2011-02-17 19:13:54 -------- d-----w- c:\users\100316~1\appdata\local\{6B965ABE-1CDD-4A24-AF0D-FD3193EA4A39}
2011-02-17 19:05:02 -------- d--h--w- c:\users\100316~1\appdata\local\DDMSettings
2011-02-17 07:13:43 -------- d-----w- c:\users\100316~1\appdata\local\{0E73266D-4DB2-4A77-9258-8620ACFD2C0A}
2011-02-16 19:12:33 -------- d-----w- c:\users\100316~1\appdata\local\{1642CA23-5870-42E5-8687-0B84F5E76B88}
2011-02-16 06:19:06 -------- d-----w- c:\users\100316~1\appdata\local\{92A5ADCA-B188-4854-AFEF-1B9CDC556D3A}
2011-02-15 18:18:43 -------- d-----w- c:\users\100316~1\appdata\local\{AE165867-3DD4-4D9D-BCF3-4190404B77B9}
2011-02-15 15:39:21 -------- d-----w- c:\users\100316~1\appdata\local\{408C5EED-0EB6-4200-87DB-4E3A1A67D8AD}
2011-02-14 20:46:34 -------- d-----w- c:\users\100316~1\appdata\local\{BD947693-38A3-4887-8ACE-A29D81D1D628}
2011-02-14 06:42:00 -------- d-----w- c:\users\100316~1\appdata\local\{E2F17085-78D4-4511-BDC0-EEB3A992510E}
2011-02-13 18:41:22 -------- d-----w- c:\users\100316~1\appdata\local\{4A80F24B-FB5F-4D13-9EF8-6F9A52369816}
2011-02-12 19:17:28 -------- d-----w- c:\users\100316~1\appdata\local\{BCA04612-633B-45FC-AC47-B0251504F2C1}
2011-02-11 17:44:18 -------- d-----w- c:\users\100316~1\appdata\local\{AD3EFDA5-8ED9-43FC-8D56-C6D00ED85467}
2011-02-11 05:05:00 -------- d-----w- c:\users\100316~1\appdata\local\{5BE2E3F1-2683-422F-AC43-00CA9C65635F}
2011-02-10 17:04:49 -------- d-----w- c:\users\100316~1\appdata\local\{48EEE772-B695-43EC-B625-915EED36E70E}
2011-02-10 05:04:13 -------- d-----w- c:\users\100316~1\appdata\local\{8D2A7725-6451-42C4-9974-FAABDE1F84C1}
.
==================== Find3M ====================
.
2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 14:52:16 31744 ----a-w- c:\windows\system32\maplec.dll
2011-02-02 14:52:16 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2011-02-02 14:52:16 20480 ----a-w- c:\windows\system32\maplecompat.dll
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-23 05:28:29 850432 ----a-w- c:\windows\system32\sbe.dll
2010-12-23 05:28:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2010-12-23 05:28:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2010-12-23 05:24:02 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:30:20 2690560 ----a-w- c:\windows\system32\mstscax.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 05:26:55 1034240 ----a-w- c:\windows\system32\mstsc.exe
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 19:47:54.58 ===============


Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2011 10:17:34 AM
System Uptime: 3/11/2011 11:20:25 AM (8 hours ago)
.
Motherboard: LENOVO | | 4349CTO
Processor: Intel® Core™ i7 CPU M 620 @ 2.67GHz | None | 2667/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 27.169 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 190.606 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP119: 3/11/2011 5:31:09 PM - Removed J2SE Runtime Environment 5.0 Update 12
RP120: 3/11/2011 5:31:38 PM - Removed Java™ 6 Update 24
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Adobe Acrobat 9 Pro
Adobe Acrobat 9.3.2 - CPSID_53951
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Altair HyperWorks 10.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.12 (Unicode)
Bonjour
BricxCC
Burn.Now 4.5
Cheat Engine 6.0
Conexant 20585 SmartAudio HD
Corel Burn.Now Lenovo Edition
Crystal Reports for Visual Studio
D3DX10
Disable AMT Profile Synchronization Pop-up for Windows Vista/7
DivX Setup
Dotfuscator Software Services - Community Edition
EES - Engineering Equation Solver
ESET Online Scanner v3
F-Secure Client Security
F-Secure Client Security - E-Mail Scanning
F-Secure Client Security - Virus & Spy Protection
FFmpeg for Audacity on Windows
Google Chrome
Google Talk Plugin
HI-TECH C51-lite V9.60PL0
HI-TECH PICC lite V9.60PL0
HyperWorks
Integrated Camera Driver Installer Package Ver.1.1.0.19
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® PROSet/Wireless WiFi Software
Intel® Turbo Boost Technology Driver
iTunes
LANDesk Advance Agent
LANDesk® Common Base Agent 8
LDraw 2006 q3
Lenovo System Interface Driver
Malwarebytes' Anti-Malware
ManyCam 2.6.30 (remove only)
Maple 14
MATLAB R2010a
MD Adams 2010
MD Nastran 2010.1
Messenger Plus! Live
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU
Microsoft Visual Studio 2010 Premium - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio Macro Tools
Microsoft WSE 3.0 Runtime
MinGW
MLCAD
MotioninJoy ds3 driver version 0.6.0001
Mozilla Firefox (3.6.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
National Instruments Software
NI-DAQmx - LabVIEW shared documentation
NI-DIM 1.0.0
NI-ORB 1.0.1
NI-PAL 1.6.3f0 Engine
NI-RPC 4.1.1f0
NI-RPC 4.1.1f0 for Phar Lap ETS
NI-VISA Runtime 3.0.1f3
NI Assistant Framework
NI Assistant Framework LabVIEW 2009 Support
NI Assistant Framework LabVIEW Code Generator 2009
NI Circuit Design Suite 11.0 Core
NI Circuit Design Suite 11.0 Edu Licenses
NI Circuit Design Suite 11.0 Education
NI CodeSignAPI
NI DataSocket 4.7.2
NI Distributed System Manager 2009 SP1
NI DN 2.0 installer
NI EULA Depot
NI Example Finder 9.0
NI Help Assistant
NI Instrument IO Assistant for LabVIEW 9.0 32
NI LabVIEW 2009 (SP1) Compare Utility
NI LabVIEW 2009 Deployment Framework
NI LabVIEW 2009 Help File
NI LabVIEW 2009 MeasAppChm File
NI LabVIEW 2009 Service Pack 1 (SP1)
NI LabVIEW 2009 Simulation
NI LabVIEW 2009 SP1 Applibs
NI LabVIEW 2009 SP1 CINtools
NI LabVIEW 2009 SP1 Deployable License
NI LabVIEW 2009 SP1 Examples
NI LabVIEW 2009 SP1 gMath
NI LabVIEW 2009 SP1 Help
NI LabVIEW 2009 SP1 Instr.lib
NI LabVIEW 2009 SP1 License
NI LabVIEW 2009 SP1 Manuals
NI LabVIEW 2009 SP1 Menus
NI LabVIEW 2009 SP1 Project
NI LabVIEW 2009 SP1 Resource
NI LabVIEW 2009 SP1 Run-Time Engine Web Services
NI LabVIEW 2009 SP1 Templates
NI LabVIEW 2009 SP1 User.lib
NI LabVIEW 2009 SP1 VI.lib
NI LabVIEW 2009 SP1 WWW
NI LabVIEW 2009 Web Server
NI LabVIEW 9.0.0 Update 1
NI LabVIEW Broker
NI LabVIEW C Interface
NI LabVIEW MAX XML
NI LabVIEW Merge Utility 9.0.0
NI LabVIEW Real-Time Error Dialog
NI LabVIEW Real-Time FIFO for Runtime
NI LabVIEW Real-Time NBFifo
NI LabVIEW Run-Time Engine 2009 SP1
NI LabVIEW Run-Time Engine 8.2.1
NI LabVIEW Run-Time Engine 8.6.1
NI LabVIEW Run-Time Engine Interop 2009
NI LabVIEW SP1 Web Services Runtime
NI LabVIEW Web Server for Run-Time Engine
NI LabVIEW Web Services Runtime
NI LabWindows/CVI 9.0.1 Run-Time Engine
NI LabWindows/CVI Code Generator
NI LabWindows/CVI DLL Builder for LabVIEW
NI License Manager
NI Logos 5.1.2
NI Logos LabVIEW 2009 SP1 Support
NI Logos XT Support
NI LVBrokerAux 8.2.1
NI Math Kernel Libraries
NI MAX LabVIEW Support 4.6.0
NI MAX Remote Configuration Installer 4.6
NI MDF Support
NI Measurement & Automation Explorer 4.6.0
NI Measurement Studio Recipe Processor
NI MetaSuite Installer
NI MXS 4.6.0
NI MXS 4.6.0f0 for LabVIEW Real-Time
NI OPC Support
NI Portable Configuration 4.6.0
NI PXI Resource Manager 1.0.0
NI Registration Wizard
NI Remote Provider for MAX 4.6.0
NI Remote PXI Provider for MAX 4.6.0
NI Service Locator
NI Software Provider for MAX 4.6.0
NI SSL LabVIEW 2009 SP1 Support
NI SSL Support
NI System API RT
NI System API Windows 32-bit
NI System State Publisher
NI TDM Excel Add-In 2.1
NI TDMS
NI Trace Engine
NI Uninstaller
NI Update Service 1.0
NI Update Service Extras 1.0
NI USI 1.7.1
NI Variable Engine 2.3.1
NI Variable Engine LabVIEW 2009 SP1 Support
NI VC2005MSMs x86
NI VC2008MSMs x86
NI Web Pipeline 2.0.1
NI Xalan Delay Load 1.10.1
NI Xerces Delay Load 2.7.1
NVIDIA Drivers
NVIDIA nView Desktop Manager
NX Nastran 7.0
NX Nastran 7.0 Documentation
NXT Driver
On Screen Display
Patran 2010.1.2
PVSonyDll
QuickTime
RICOH R5U230 Media Driver ver.2.06.02.02
Robolab 2.9
ROBOLAB292Patch
RocketDock 1.3.5
SAS 9.2
SAS Deployment Tester - Client 1.3
SAS Enterprise Guide 4.2
SAS Versioned Jar Repository 9.2
SAS/SECURE Java 9.2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Service Pack 1 for SQL Server 2008 (KB968369)
Siemens PLM Software NX 7.5 CAST
Skype Toolbars
Skype™ 5.1
Sql Server Customer Experience Improvement Program
STREET FIGHTER IV
Synaptics Pointing Device Driver
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Utility
ThinkVantage Active Protection System
UGS NX 7.5
UGS NX 7.5 Documentation
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (KB982305)
Update for Outlook 2007 Junk Email Filter (KB2508979)
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.0.5
Web Deployment Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows SideShow Managed Runtime 1.0
WinRAR 4.00 beta 5 (32-bit)
WinVDIG
.
==== Event Viewer Messages From Past Week ========
.
3/11/2011 7:10:33 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/11/2011 5:55:50 AM, Error: Service Control Manager [7023] -
3/11/2011 2:45:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/11/2011 2:45:07 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/11/2011 12:58:13 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/11/2011 12:45:07 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
3/11/2011 12:43:16 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/11/2011 12:43:16 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/11/2011 12:42:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f7 (0x8c3fdc3d, 0x8b0210da, 0x74fdef25, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031111-24367-01.
3/11/2011 12:06:55 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
3/11/2011 12:06:55 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
3/11/2011 12:00:40 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/11/2011 12:00:40 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/11/2011 12:00:39 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/11/2011 11:13:56 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
3/11/2011 11:13:23 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain ONCAMPUS due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
3/11/2011 1:31:47 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2011 1:31:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
3/11/2011 1:31:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/11/2011 1:31:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/11/2011 1:31:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/11/2011 1:31:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/11/2011 1:31:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/11/2011 1:31:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/11/2011 1:31:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache FSES FSFW lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF vwififlt Wanarpv6 WfpLwf
3/11/2011 1:31:30 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2011 1:31:30 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2011 1:31:30 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2011 1:31:30 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2011 1:31:30 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2011 1:31:30 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2011 1:31:30 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2011 1:31:30 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2011 1:31:30 AM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2011 1:31:30 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2011 1:31:30 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2011 1:31:30 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2011 9:59:44 PM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
3/10/2011 9:59:44 PM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
3/10/2011 9:59:44 PM, Error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 3 time(s).
3/10/2011 9:59:44 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
3/10/2011 9:59:44 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).
3/10/2011 9:59:44 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 3 time(s).
3/10/2011 9:59:44 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2011 9:59:44 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/10/2011 9:59:44 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/10/2011 9:59:44 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/10/2011 9:59:44 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/10/2011 9:59:44 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/10/2011 9:59:44 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/10/2011 9:59:44 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2011 9:59:44 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2011 9:58:22 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2011 9:58:22 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2011 9:58:22 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2011 9:58:22 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2011 9:58:22 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/10/2011 9:58:22 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/10/2011 9:58:20 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
3/10/2011 9:56:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8664934d, 0x8d52daa0, 0x8d52d680). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031011-26613-01.
3/10/2011 9:44:49 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
3/10/2011 8:36:15 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s).
3/10/2011 8:28:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/10/2011 8:26:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8867434d, 0x8f7ffaa0, 0x8f7ff680). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031011-27128-01.
3/10/2011 8:19:31 PM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
3/10/2011 8:18:29 PM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).
3/10/2011 8:18:29 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
3/10/2011 8:16:31 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2011 8:15:29 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2011 8:12:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f7 (0x8b7afc36, 0x8bb320da, 0x744cdf25, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031011-27986-01.
3/10/2011 7:30:47 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.
3/10/2011 7:29:47 PM, Error: Service Control Manager [7034] - The nipxirmu service terminated unexpectedly. It has done this 1 time(s).
3/10/2011 11:40:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8867434d, 0x8f5ffaa0, 0x8f5ff680). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031011-26488-01.
3/10/2011 10:05:01 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2011 10:05:01 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2011 10:05:01 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2011 10:05:01 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2011 10:05:01 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2011 10:05:01 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2011 10:05:01 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2011 10:05:01 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2011 10:05:01 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2011 10:05:01 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2011 10:05:01 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2011 10:05:01 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2011 10:05:01 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2011 10:04:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8867334d, 0x8f7ffaa0, 0x8f7ff680). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031011-26426-01.
3/10/2011 10:00:46 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
3/10/2011 10:00:46 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 4 time(s).
3/10/2011 10:00:46 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 4 time(s).
3/10/2011 10:00:46 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 4 time(s).
3/10/2011 10:00:46 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2011 10:00:22 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
.
==== End Of File ===========================

Edited by epyonzero, 11 March 2011 - 07:52 PM.


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:35 AM

Posted 11 March 2011 - 11:59 PM

Hello, epyonzero.
Congratulations! You now appear clean! :cool:

I enable all the services and see what happens.

Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 epyonzero

epyonzero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 13 March 2011 - 10:45 PM

Everything is all good now, thank you fireman4it!!

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:35 AM

Posted 14 March 2011 - 06:43 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users