Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Infected with MBR Malware/Rootkit, which may be zeroaccess


  • This topic is locked This topic is locked
35 replies to this topic

#1 JimC3

JimC3

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 03 October 2012 - 04:13 PM

My name is Jim. I have a Dell Vostro 3300-3500, which is badly infected with malware/rootkit, which may be zeroaccess and/or has led to a MBR and/or kernel-mode infection. I have performed 2-3 clean installations from a Windows 7 dvd provided by Dell at the time of purchasing the laptop. I also paid a computer repair guy $60 to clean the infection, but it reappeared soon after the laptop was returned. I thereafter unwisely attempted to detect and remove the infection myself using a plethora of programs founds on-line. I have been struggling with this problem for months and need your help/assistance in removing the infection and restoring the laptop to a secure state if that is possible as I fear that the laptop is now damaged permanently. I hope not because I cannot afford to purchase a new one right now. Lastly, please note that I am not concerned with salvaging any data and only want to remove the infection and restore the laptop to a secure state. PLEASE take the time to help me salvage this laptop, if its possible. I will be very patient and follow all of your instructions from this point forward.

I have pasted the text from the DDS scan below. I also have attached the Attach.txt and Ark.txt files. Thank you in advance for your prompt assistance.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by JMCAWOOD3 at 16:39:50 on 2012-10-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3063.1748 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ComfortClipboard\CClipboard.exe
C:\Program Files\Iomega StorCenter\sohoclient.exe
C:\Program Files\ComfortClipboard\CClipboardCm.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\XWidget\xwidget.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\taskmgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: AutorunsDisabled - No File
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - c:\program files\classic shell\ClassicExplorer32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: QTTabBar AutoLoader: {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Logitech Flow Scroll: {e11db59d-5008-42ff-9069-535843bc0be1} - c:\program files\logitech\flowscroll\LogiSmooth.dll
BHO: ClassicIE9BHO Class: {ea801577-e6ad-4bd5-8f71-4be0154331a4} - c:\program files\classic shell\ClassicIE9DLL_32.dll
TB: QTTabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
TB: QTTab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - c:\program files\classic shell\ClassicExplorer32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [XWidget] c:\program files\xwidget\xwidget.exe
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [CClipboard] c:\program files\comfortclipboard\CClipboard.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [Classic Start Menu] c:\program files\classic shell\ClassicStartMenu.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [LogiScrollApp] c:\program files\logitech\flowscroll\KhalScroll.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\iomega~1.lnk - c:\program files\iomega storcenter\sohoclient.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x5\programs\WPLauncher.hta
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\classic shell\ClassicIE9_32.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: eset.com\www
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
TCP: DhcpNameServer = 74.128.17.114 74.128.19.102
TCP: Interfaces\{373A00D8-BD7B-4612-98E7-D93963692D2A} : DhcpNameServer = 74.128.17.114 74.128.19.102
TCP: Interfaces\{DC7987E4-297D-4978-9815-221D5C0F7BAD}\353514D2754435D213 : DhcpNameServer = 10.0.0.6 10.0.0.10
TCP: Interfaces\{DC7987E4-297D-4978-9815-221D5C0F7BAD}\B416F6D284379657E676021405 : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-17 51936]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 178656]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-8-10 35168]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2012-8-8 44184]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-8-1 17648]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-8-13 176096]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-8-10 19808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-9-12 151648]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-9-14 89440]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-12 164704]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-8-20 184304]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-9-4 1258856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-8-30 382312]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2012-8-1 43888]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2012-8-1 143968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-9-27 149352]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-8-1 171520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-8-20 5751928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-8-1 29472]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2012-8-1 134144]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\drivers\Rt630x86.sys [2012-9-30 572048]
S3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\drivers\Smb_driver_Intel.sys [2012-9-30 23440]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-31 52224]
S3 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-6-3 1664304]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-7 1343400]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
.
=============== Created Last 30 ================
.
2012-10-03 19:20:08 -------- d-----w- c:\windows\system32\ShellExt
2012-10-02 21:12:42 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-10-01 02:32:51 -------- d-s---w- c:\windows\system32\BestPractices
2012-10-01 02:32:51 -------- d-----w- C:\inetpub
2012-09-30 20:23:51 572048 ----a-w- c:\windows\system32\drivers\Rt630x86.sys
2012-09-30 20:22:49 23440 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2012-09-30 20:22:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-09-30 19:52:26 -------- d-----w- c:\users\jmcawood3\appdata\local\Innovative Solutions
2012-09-30 19:52:24 -------- d-----w- c:\program files\Innovative Solutions
2012-09-28 23:42:21 -------- d-----w- c:\users\jmcawood3\appdata\roaming\7stacks
2012-09-28 23:04:13 -------- d-----w- c:\users\jmcawood3\appdata\local\CrashDumps
2012-09-28 22:26:32 -------- d-----w- c:\users\jmcawood3\appdata\roaming\LibrariIcon
2012-09-28 07:32:50 181808 ----a-w- c:\windows\RegBootClean.exe
2012-09-28 07:25:34 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-09-28 04:53:51 -------- d-----w- c:\users\jmcawood3\appdata\roaming\AVG2013
2012-09-28 04:52:54 -------- d-----w- c:\programdata\AVG2013
2012-09-28 04:52:33 -------- d-----w- c:\program files\AVG
2012-09-28 04:50:28 -------- d--h--w- c:\programdata\Common Files
2012-09-28 04:50:28 -------- d-----w- c:\users\jmcawood3\appdata\local\MFAData
2012-09-28 04:50:28 -------- d-----w- c:\users\jmcawood3\appdata\local\Avg2013
2012-09-28 04:50:28 -------- d-----w- c:\programdata\MFAData
2012-09-28 04:08:40 -------- d-----w- C:\RegBackup
2012-09-28 03:08:48 -------- d-----w- C:\temp
2012-09-28 03:07:36 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-28 03:07:36 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-28 03:07:36 6109032 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-28 03:07:36 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2012-09-28 03:07:36 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-28 03:07:36 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-09-28 03:07:36 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-28 03:07:36 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-28 03:07:36 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-09-28 03:07:36 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-09-28 01:10:59 -------- d-----w- c:\users\jmcawood3\appdata\local\Microsoft Corporation
2012-09-27 21:09:28 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-27 21:09:27 -------- d-----w- c:\users\jmcawood3\appdata\local\temp
2012-09-27 21:04:38 98816 ----a-w- c:\windows\sed.exe
2012-09-27 21:04:38 518144 ----a-w- c:\windows\SWREG.exe
2012-09-27 21:04:38 256000 ----a-w- c:\windows\PEV.exe
2012-09-27 21:04:38 208896 ----a-w- c:\windows\MBR.exe
2012-09-27 21:04:36 -------- d-----w- C:\ComboFix
2012-09-27 20:32:12 900 --sha-w- c:\programdata\KGyGaAvL.sys
2012-09-27 20:26:49 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9061750a-5e28-4cfe-9e3b-61d36694c211}\mpengine.dll
2012-09-27 20:26:31 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-18 02:57:54 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-18 02:57:54 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-18 02:57:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-18 02:57:53 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-18 02:57:53 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-18 02:57:53 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-17 22:58:56 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-12 15:47:22 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 15:47:04 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-06 07:25:21 -------- d-----w- c:\users\jmcawood3\appdata\local\NPE
2012-09-06 00:25:10 -------- d-----w- c:\users\jmcawood3\appdata\local\Google
2012-09-05 01:12:44 -------- d-----w- c:\users\jmcawood3\appdata\local\LogiShrd
2012-09-04 17:27:28 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-09-04 17:27:28 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-09-04 17:27:28 3963240 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-04 17:27:28 2836840 ----a-w- c:\windows\system32\nvsvc.dll
2012-09-04 17:27:28 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-09-04 17:27:28 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-09-04 17:26:25 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-09-04 17:26:18 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-09-04 17:24:34 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-09-04 17:24:34 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-09-04 17:24:33 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-09-04 17:24:33 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-09-04 17:24:33 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-04 17:24:14 2422120 ----a-w- c:\windows\system32\nvapi.dll
2012-09-04 05:36:21 -------- d-----w- c:\program files\NVIDIA Corporation
2012-09-04 05:35:32 -------- d-s---w- C:\NVIDIA
2012-09-04 03:36:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-03 23:00:01 -------- d-----w- c:\programdata\RegRun
2012-09-03 22:55:53 2 --shatr- c:\windows\winstart.bat
2012-09-03 21:47:32 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-10-02 20:00:46 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 20:00:46 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 21:27:47 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-03 21:47:26 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-03 21:47:26 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 14:40:14 429416 ----a-w- c:\windows\system32\nvStreaming.exe
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-13 20:40:54 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 08:52:28 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 08:52:18 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 17:56:44 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-08-08 06:03:38 44184 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-08-07 11:47:21 307200 ----a-w- c:\windows\SetACL.exe
2012-08-01 09:37:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-08-01 04:08:24 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-08-01 01:55:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-01 01:55:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 19:23:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
.
============= FINISH: 16:47:58.67 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:42 PM

Posted 03 October 2012 - 08:43 PM

Hello JimC3, and welcome to Bleeping Computer!! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.

Please give me a few minutes to construct your next steps while you read over my "things to keep in mind"...I will be back ASAP! :thumbup2:

bloopie

#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:42 PM

Posted 03 October 2012 - 09:04 PM

Hello again! :)

Here is your next steps:

Step :step1:

I see that you have run ComboFix on September 27th. I would like to see that log as it can help...it can be found at c:\combofix.txt

Please copy and paste that log into your next reply!

==========

Step :step2:


  • Double click ListParts.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post me the contents of the log.

==========

Step :step3:

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

==========

In your next reply, please include the following:

  • The Combofix log
  • The Result.txt from ListParts
  • The aswMBR log
bloopie

#4 JimC3

JimC3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 04 October 2012 - 06:36 PM

Hi Bloopie, thank you so very much for your prompt response. Yes, I do have my Windows 7 CD/DVD available - it is the same one that was provided to me by Dell upon purchasing the laptop, and also the one I used to perform previous clean installs.

Provided below is the log produced by ComboFix when ran on 9/27/12:

ComboFix 12-09-27.03 - JMCAWOOD3 09/27/2012 17:05:14.4.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3063.1818 [GMT -4:00]
Running from: c:\users\JMCAWOOD3\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JMCAWOOD3\1111.log
.
.
((((((((((((((((((((((((( Files Created from 2012-08-27 to 2012-09-27 )))))))))))))))))))))))))))))))
.
.
2012-09-27 20:32 . 2012-09-27 20:32 848 --sha-w- c:\programdata\KGyGaAvL.sys
2012-09-27 20:26 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9061750A-5E28-4CFE-9E3B-61D36694C211}\mpengine.dll
2012-09-18 02:57 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-18 02:57 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-18 02:57 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-18 02:57 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-18 02:57 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-18 02:57 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-06 07:25 . 2012-09-06 08:14 -------- d-----w- c:\users\JMCAWOOD3\AppData\Local\NPE
2012-09-06 07:25 . 2012-09-06 07:57 -------- d-----w- c:\programdata\Norton
2012-09-06 03:01 . 2012-09-06 03:01 -------- d-----w- c:\programdata\HitmanPro
2012-09-06 02:10 . 2012-09-06 02:19 -------- d-----r- C:\c6612816793af8d76ee65a97828efb
2012-09-06 00:25 . 2012-09-06 00:25 -------- d-----w- c:\users\JMCAWOOD3\AppData\Local\Google
2012-09-05 01:12 . 2012-09-05 01:12 -------- d-----w- c:\users\JMCAWOOD3\AppData\Local\LogiShrd
2012-09-04 17:27 . 2012-09-04 17:27 -------- d-----w- c:\users\UpdatusUser
2012-09-04 17:27 . 2012-05-15 09:28 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-09-04 17:27 . 2012-05-15 09:28 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-09-04 17:27 . 2012-05-15 09:28 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-09-04 17:27 . 2012-05-15 09:28 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-09-04 17:27 . 2012-05-15 09:28 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-04 17:27 . 2012-05-15 09:27 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-09-04 17:26 . 2012-05-15 10:26 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-09-04 17:26 . 2012-09-04 17:26 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-09-04 05:36 . 2012-09-04 17:28 -------- d-----w- c:\program files\NVIDIA Corporation
2012-09-04 05:35 . 2012-09-04 05:35 -------- d-----w- C:\NVIDIA
2012-09-04 03:36 . 2012-09-04 03:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-03 23:00 . 2012-09-04 02:54 -------- d-----w- c:\programdata\RegRun
2012-09-03 22:55 . 2012-09-03 22:55 2 --shatr- c:\windows\winstart.bat
2012-09-03 22:55 . 2012-09-03 22:55 -------- d-----w- c:\program files\Greatis
2012-09-03 21:48 . 2012-09-03 21:48 -------- d-----w- c:\program files\Common Files\Java
2012-09-03 21:47 . 2012-09-03 21:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-03 21:47 . 2012-09-03 21:47 -------- d-----w- c:\program files\Java
2012-09-03 00:06 . 2012-09-03 00:06 -------- d-----w- c:\users\JMCAWOOD3\AppData\Roaming\ComfortSoftware
2012-09-03 00:06 . 2012-09-03 00:06 -------- d-----w- c:\program files\ComfortClipboard
2012-09-01 19:11 . 2010-01-10 22:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-09-01 19:11 . 2012-09-04 18:58 -------- d-----w- c:\program files\SpywareBlaster
2012-08-31 13:01 . 2012-09-04 19:01 -------- d-----w- c:\programdata\AVAST Software
2012-08-31 07:15 . 2012-08-31 07:15 -------- d-----w- c:\program files\Classic Shell
2012-08-31 06:26 . 2012-08-31 08:23 -------- d-----w- c:\program files\Trojan Remover
2012-08-31 03:27 . 2012-08-31 04:36 -------- d-----w- c:\program files\Unlocker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 20:25 . 2012-08-07 01:15 5514 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-09-03 21:47 . 2012-08-01 01:41 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-03 21:47 . 2012-08-01 01:41 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 19:36 . 2012-08-01 01:39 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 19:36 . 2012-08-01 01:39 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-09 12:02 . 2012-08-09 12:02 40960 ----a-r- c:\users\JMCAWOOD3\AppData\Roaming\Microsoft\Installer\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}\ARPPRODUCTICON.exe
2012-08-08 06:03 . 2012-08-08 06:03 44184 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-08-07 12:01 . 2012-08-04 17:44 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-08-07 11:47 . 2012-08-07 11:47 307200 ----a-w- c:\windows\SetACL.exe
2012-08-04 17:44 . 2012-08-04 17:44 53248 ----a-r- c:\users\JMCAWOOD3\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-08-01 11:09 . 2012-08-01 11:10 51712 ----a-w- c:\windows\system32\wltrynt.dll
2012-08-01 11:09 . 2012-08-01 11:10 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2012-08-01 11:09 . 2012-08-01 11:10 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-08-01 11:09 . 2012-08-01 11:10 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2012-08-01 11:09 . 2012-08-01 11:10 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-08-01 11:09 . 2012-08-01 11:10 3878912 ----a-w- c:\windows\system32\bcmihvui.dll
2012-08-01 11:09 . 2012-08-01 11:10 4186112 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-08-01 11:09 . 2012-08-01 11:10 2661368 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-08-01 11:09 . 2012-08-01 11:10 7348224 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-08-01 11:09 . 2012-08-01 11:10 57344 ----a-w- c:\windows\system32\bcmwlrmt.dll
2012-08-01 11:09 . 2012-08-01 11:10 4513792 ----a-w- c:\windows\system32\bcmttls.dll
2012-08-01 11:09 . 2012-08-01 11:11 1022976 ----a-w- c:\windows\system32\BCMLogon.dll
2012-08-01 11:09 . 2012-08-01 11:10 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2012-08-01 09:37 . 2012-08-01 09:37 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-08-01 09:37 . 2012-08-01 09:37 161792 ----a-w- c:\windows\system32\msls31.dll
2012-08-01 09:37 . 2012-08-01 09:37 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-01 09:37 . 2012-08-01 09:37 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-08-01 09:37 . 2012-08-01 09:37 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-08-01 09:37 . 2012-08-01 09:37 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-08-01 09:37 . 2012-08-01 09:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-08-01 09:37 . 2012-08-01 09:37 367104 ----a-w- c:\windows\system32\html.iec
2012-08-01 09:37 . 2012-08-01 09:37 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-01 09:37 . 2012-08-01 09:37 152064 ----a-w- c:\windows\system32\wextract.exe
2012-08-01 09:37 . 2012-08-01 09:37 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-08-01 09:37 . 2012-08-01 09:37 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-08-01 09:37 . 2012-08-01 09:37 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-01 09:37 . 2012-08-01 09:37 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-08-01 09:37 . 2012-08-01 09:37 11776 ----a-w- c:\windows\system32\mshta.exe
2012-08-01 09:37 . 2012-08-01 09:37 101888 ----a-w- c:\windows\system32\admparse.dll
2012-08-01 04:08 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-08-01 01:55 . 2012-08-01 01:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-01 01:55 . 2012-08-01 01:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-18 17:47 . 2012-08-20 18:44 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 19:23 . 2012-08-28 01:10 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 21:14 . 2012-08-20 18:44 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-20 18:44 102912 ----a-w- c:\windows\system32\browser.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-08-21 16:47 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2012-08-19 23:37 610816 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-08-21 16:47 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XWidget"="c:\program files\XWidget\xwidget.exe" [2012-07-11 1730048]
"XLaunchPad"="c:\program files\XLaunchPad\XLaunchPad.exe" [2012-05-24 2396160]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2012-07-24 2498048]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2012-08-16 4912584]
"CClipboard"="c:\program files\ComfortClipboard\CClipboard.exe" [2012-02-27 3459376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-10 1594664]
"LogiScrollApp"="c:\program files\Logitech\FlowScroll\KhalScroll.exe" [2012-02-08 124184]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2012-08-19 147456]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Iomega StorCenter.lnk - c:\program files\Iomega StorCenter\sohoclient.exe [2012-8-9 1877328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PRINTKEY.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PRINTKEY.lnk
backup=c:\windows\pss\PRINTKEY.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-06 00:25 116648 ----atw- c:\users\JMCAWOOD3\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2011-11-01 20:46 136600 ----a-w- c:\program files\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-07-09 23:38 4777856 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
R4 MFE_RR;MFE_RR;c:\users\JMCAWO~1\AppData\Local\Temp\mfe_rr.sys [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4100312129-1962855927-2915203428-1000Core.job
- c:\users\JMCAWOOD3\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06 00:25]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4100312129-1962855927-2915203428-1000UA.job
- c:\users\JMCAWOOD3\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06 00:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: {{56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\Classic Shell\ClassicIE9_32.exe
Trusted Zone: eset.com\www
TCP: DhcpNameServer = 74.128.17.114 74.128.19.102
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-12733756.sys
SafeBoot-87344999.sys
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(536)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\System32\WCR10.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-09-27 17:09:26
ComboFix-quarantined-files.txt 2012-09-27 21:09
.
Pre-Run: 284,700,037,120 bytes free
Post-Run: 284,777,844,736 bytes free
.
- - End Of File - - 2F2CFB5E718F8F8DAACACF7BB2CABAFC


I ALSO RAN LISTPARTS AS INSTRUCTED. PROVIDED BELOW IS THE TEXT COPIED FROM THE RESULT.TXT FILE IT PRODUCED. PLEASE NOTE THAT I DID NOT SELECT THE LIST BCD OPTION PRIOR TO SCANNING SINCE YOU DID NOT INSTRUCT ME TO DO SO.

ListParts by Farbar Version: 02-10-2012
Ran by JMCAWOOD3 (administrator) on 04-10-2012 at 19:15:16
Windows 7 (X86)
Running From: C:\Users\JMCAWOOD3\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 70%
Total physical RAM: 3062.61 MB
Available physical RAM: 916.47 MB
Total Pagefile: 7653.89 MB
Available Pagefile: 4763.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.55 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:261.62 GB) NTFS
2 Drive e: (READYBOOST ON USB) (Removable) (Total:3.73 GB) (Free:0.01 GB) NTFS
3 Drive f: (CANON_DC) (Removable) (Total:1.89 GB) (Free:1.69 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3819 MB 0 B
Disk 2 Online 1938 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 297 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E READYBOOST NTFS Removable 3818 MB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1938 MB 124 KB

======================================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F CANON_DC FAT Removable 1938 MB Healthy

======================================================================================================

****** End Of Log ******


LASTLY, I RAN aswMBR as instructed. The result of that scan was as follows:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-04 19:19:18
-----------------------------
19:19:18.190 OS Version: Windows 6.1.7601 Service Pack 1
19:19:18.190 Number of processors: 4 586 0x2505
19:19:18.190 ComputerName: CAWOODLAWLAP UserName: JMCAWOOD3
19:19:32.417 Initialize success
19:20:49.398 AVAST engine defs: 12100400
19:21:53.967 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:21:53.967 Disk 0 Vendor: ST9320423AS D005SDM1 Size: 305245MB BusType: 11
19:21:53.982 Disk 0 MBR read successfully
19:21:53.982 Disk 0 MBR scan
19:21:53.998 Disk 0 Windows 7 default MBR code
19:21:53.998 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:21:54.029 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
19:21:54.029 Disk 0 scanning sectors +625139712
19:21:54.123 Disk 0 scanning C:\Windows\system32\drivers
19:22:05.043 Service scanning
19:22:23.061 Modules scanning
19:22:27.756 Disk 0 trace - called modules:
19:22:27.788 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
19:22:28.318 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8668a860]
19:22:28.318 3 CLASSPNP.SYS[8b40459e] -> nt!IofCallDriver -> [0x8668ae00]
19:22:28.334 5 stdcfltn.sys[8b9fb896] -> nt!IofCallDriver -> [0x8650bc10]
19:22:28.334 7 ACPI.sys[8b28f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x864be030]
19:22:30.752 AVAST engine scan C:\Windows
19:22:35.619 AVAST engine scan C:\Windows\system32
19:26:11.010 AVAST engine scan C:\Windows\system32\drivers
19:26:28.064 AVAST engine scan C:\Users\JMCAWOOD3
19:32:44.196 AVAST engine scan C:\ProgramData
19:33:25.471 Scan finished successfully
19:34:11.027 Disk 0 MBR has been saved successfully to "C:\Users\JMCAWOOD3\Desktop\MBR.dat"
19:34:11.042 The log file has been saved successfully to "C:\Users\JMCAWOOD3\Desktop\aswMBR.txt"


I WILL AWAIT FURTHER INSTRUCTIONS. THANK YOU FOR YOUR ASSISTANCE.








#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:42 PM

Posted 04 October 2012 - 08:50 PM

Hi again,

Thank you for following my instructions correctly! :thumbup2: I appreciate that!

I see from your last log that you have run ComboFix 4 times in total! You must be careful with this program... running it by yourself could leave your system unbootable! It is not a toy!

==========

Now, I'd like you to delete ComboFix you have from your desktop, and download a fresh copy from one of these links:

Link 1
Link 2
  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

Please post me the latest ComboFix log in your next reply!

bloopie

#6 JimC3

JimC3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 04 October 2012 - 09:09 PM

Thank you - provided below is the content of the log.txt file generated after running Combofix:
ComboFix 12-10-04.02 - JMCAWOOD3 10/04/2012 21:57:10.5.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3063.1840 [GMT -4:00]
Running from: c:\users\JMCAWOOD3\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-05 02:01 . 2012-10-05 02:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-05 02:01 . 2012-10-05 02:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-05 02:01 . 2012-10-05 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 00:19 . 2012-10-05 00:20 -------- d-----w- c:\program files\Cloanto
2012-10-01 02:32 . 2012-10-04 22:18 -------- d-----w- c:\windows\system32\BestPractices
2012-10-01 02:32 . 2012-10-01 02:32 -------- d-----w- C:\inetpub
2012-09-30 20:23 . 2012-07-31 06:04 572048 ----a-w- c:\windows\system32\drivers\Rt630x86.sys
2012-09-30 20:22 . 2012-04-09 19:04 23440 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2012-09-30 20:22 . 2012-04-09 18:58 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-09-30 19:52 . 2012-09-30 19:52 -------- d-----w- c:\users\JMCAWOOD3\AppData\Local\Innovative Solutions
2012-09-30 19:52 . 2012-09-30 19:52 -------- d-----w- c:\program files\Innovative Solutions
2012-09-29 01:19 . 2012-10-04 22:18 -------- d-s---w- c:\windows\Sun
2012-09-28 23:42 . 2012-09-28 23:42 -------- d-----w- c:\users\JMCAWOOD3\AppData\Roaming\7stacks
2012-09-28 23:04 . 2012-10-03 00:28 -------- d-----w- c:\users\JMCAWOOD3\AppData\Local\CrashDumps
2012-09-28 22:26 . 2012-10-04 22:21 -------- d-----w- c:\users\JMCAWOOD3\AppData\Roaming\LibrariIcon
2012-09-28 07:32 . 2012-09-28 07:32 181808 ----a-w- c:\windows\RegBootClean.exe
2012-09-28 07:25 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-09-28 04:53 . 2012-09-28 04:53 -------- d-----w- c:\users\JMCAWOOD3\AppData\Roaming\AVG2013
2012-09-28 04:52 . 2012-09-28 04:53 -------- d-----w- c:\programdata\AVG2013
2012-09-28 04:52 . 2012-09-28 04:52 -------- d-----w- c:\program files\AVG
2012-09-28 04:50 . 2012-10-04 22:29 -------- d-----w- c:\programdata\MFAData
2012-09-28 04:50 . 2012-09-28 04:55 -------- d-----w- c:\users\JMCAWOOD3\AppData\Local\Avg2013
2012-09-28 04:50 . 2012-09-28 04:50 -------- d--h--w- c:\programdata\Common Files
2012-09-28 04:50 . 2012-09-28 04:50 -------- d-----w- c:\users\JMCAWOOD3\AppData\Local\MFAData
2012-09-28 04:10 . 2012-09-28 04:23 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-28 04:08 . 2012-09-28 04:08 -------- d-----w- C:\RegBackup
2012-09-28 03:08 . 2012-09-28 03:08 -------- d-----w- C:\temp
2012-09-28 03:07 . 2012-08-30 19:13 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-28 03:07 . 2012-08-30 19:13 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-28 03:07 . 2012-08-30 19:13 6109032 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-28 03:07 . 2012-08-30 19:13 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-28 03:07 . 2012-08-30 19:13 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-09-28 03:07 . 2012-08-30 19:13 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-28 03:07 . 2012-08-30 19:13 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-28 03:07 . 2012-08-30 19:13 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-09-28 03:07 . 2012-07-03 15:25 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2012-09-28 03:07 . 2012-07-03 15:25 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-09-28 01:10 . 2012-09-28 01:10 -------- d-----w- c:\users\JMCAWOOD3\AppData\Local\Microsoft Corporation
2012-09-27 21:09 . 2012-10-05 02:01 -------- d-----w- c:\users\JMCAWOOD3\AppData\Local\temp
2012-09-27 20:32 . 2012-09-30 19:27 900 --sha-w- c:\programdata\KGyGaAvL.sys
2012-09-27 20:26 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9061750A-5E28-4CFE-9E3B-61D36694C211}\mpengine.dll
2012-09-27 20:26 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-18 02:57 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-18 02:57 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-18 02:57 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-18 02:57 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-18 02:57 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-18 02:57 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-17 22:58 . 2012-09-17 22:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 09:34 . 2012-09-14 09:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-09-12 15:47 . 2012-09-12 15:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 15:47 . 2012-09-12 15:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-06 07:25 . 2012-10-04 22:21 -------- d-----w- c:\programdata\Norton
2012-09-06 07:25 . 2012-09-06 08:14 -------- d-----w- c:\users\JMCAWOOD3\AppData\Local\NPE
2012-09-06 00:25 . 2012-09-06 00:25 -------- d-----w- c:\users\JMCAWOOD3\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 21:27 . 2012-08-04 17:44 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-03 22:55 . 2012-09-03 22:55 2 --shatr- c:\windows\winstart.bat
2012-09-03 21:47 . 2012-09-03 21:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-03 21:47 . 2012-08-01 01:41 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-03 21:47 . 2012-08-01 01:41 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 19:36 . 2012-08-01 01:39 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 19:36 . 2012-08-01 01:39 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-30 19:13 . 2012-09-04 17:24 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-08-30 19:13 . 2012-09-04 17:24 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-30 19:13 . 2012-09-04 17:24 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-30 19:13 . 2012-09-04 17:24 2422120 ----a-w- c:\windows\system32\nvapi.dll
2012-08-30 15:57 . 2012-09-04 17:27 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 15:57 . 2012-09-04 17:27 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 15:57 . 2012-09-04 17:27 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 15:57 . 2012-09-04 17:27 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 15:57 . 2012-09-04 17:27 3963240 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 15:57 . 2012-09-04 17:27 2836840 ----a-w- c:\windows\system32\nvsvc.dll
2012-08-30 14:40 . 2012-08-30 14:40 429416 ----a-w- c:\windows\system32\nvStreaming.exe
2012-08-13 20:40 . 2012-08-13 20:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 08:52 . 2012-08-10 08:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 08:52 . 2012-08-10 08:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 17:56 . 2012-08-09 17:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-08-09 12:02 . 2012-08-09 12:02 40960 ----a-r- c:\users\JMCAWOOD3\AppData\Roaming\Microsoft\Installer\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}\ARPPRODUCTICON.exe
2012-08-08 06:03 . 2012-08-08 06:03 44184 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-08-07 11:47 . 2012-08-07 11:47 307200 ----a-w- c:\windows\SetACL.exe
2012-08-04 17:44 . 2012-08-04 17:44 53248 ----a-r- c:\users\JMCAWOOD3\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-08-01 11:09 . 2012-08-01 11:10 51712 ----a-w- c:\windows\system32\wltrynt.dll
2012-08-01 11:09 . 2012-08-01 11:10 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2012-08-01 11:09 . 2012-08-01 11:10 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-08-01 11:09 . 2012-08-01 11:10 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2012-08-01 11:09 . 2012-08-01 11:10 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-08-01 11:09 . 2012-08-01 11:10 3878912 ----a-w- c:\windows\system32\bcmihvui.dll
2012-08-01 11:09 . 2012-08-01 11:10 4186112 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-08-01 11:09 . 2012-08-01 11:10 2661368 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-08-01 11:09 . 2012-08-01 11:10 7348224 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-08-01 11:09 . 2012-08-01 11:10 57344 ----a-w- c:\windows\system32\bcmwlrmt.dll
2012-08-01 11:09 . 2012-08-01 11:10 4513792 ----a-w- c:\windows\system32\bcmttls.dll
2012-08-01 11:09 . 2012-08-01 11:11 1022976 ----a-w- c:\windows\system32\BCMLogon.dll
2012-08-01 11:09 . 2012-08-01 11:10 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2012-08-01 09:37 . 2012-08-01 09:37 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-08-01 09:37 . 2012-08-01 09:37 161792 ----a-w- c:\windows\system32\msls31.dll
2012-08-01 09:37 . 2012-08-01 09:37 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-01 09:37 . 2012-08-01 09:37 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-08-01 09:37 . 2012-08-01 09:37 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-08-01 09:37 . 2012-08-01 09:37 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-08-01 09:37 . 2012-08-01 09:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-08-01 09:37 . 2012-08-01 09:37 367104 ----a-w- c:\windows\system32\html.iec
2012-08-01 09:37 . 2012-08-01 09:37 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-01 09:37 . 2012-08-01 09:37 152064 ----a-w- c:\windows\system32\wextract.exe
2012-08-01 09:37 . 2012-08-01 09:37 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-08-01 09:37 . 2012-08-01 09:37 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-08-01 09:37 . 2012-08-01 09:37 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-08-01 09:37 . 2012-08-01 09:37 11776 ----a-w- c:\windows\system32\mshta.exe
2012-08-01 09:37 . 2012-08-01 09:37 101888 ----a-w- c:\windows\system32\admparse.dll
2012-08-01 04:08 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-08-01 01:55 . 2012-08-01 01:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-01 01:55 . 2012-08-01 01:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-18 17:47 . 2012-08-20 18:44 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-08-21 16:47 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2012-08-19 23:37 610816 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-08-21 16:47 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XWidget"="c:\program files\XWidget\xwidget.exe" [2012-07-11 1730048]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2012-07-24 2498048]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2012-08-16 4912584]
"CClipboard"="c:\program files\ComfortClipboard\CClipboard.exe" [2012-02-27 3459376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2012-08-19 147456]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664]
"LogiScrollApp"="c:\program files\Logitech\FlowScroll\KhalScroll.exe" [2012-02-08 124184]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Iomega StorCenter.lnk - c:\program files\Iomega StorCenter\sohoclient.exe [2012-8-9 1877328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PRINTKEY.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PRINTKEY.lnk
backup=c:\windows\pss\PRINTKEY.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2012-09-03 14:11 11325376 ----a-w- c:\program files\Innovative Solutions\DriverMax\drivermax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2011-11-01 20:46 136600 ----a-w- c:\program files\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-10-01 03:15 4780928 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x86.sys [x]
R3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: {{56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\Classic Shell\ClassicIE9_32.exe
Trusted Zone: eset.com\www
TCP: DhcpNameServer = 74.128.17.114 74.128.19.102
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(884)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\System32\WCR10.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'Explorer.exe'(3400)
c:\program files\DisplayFusion\Hooks\AppHookx86_F6DB9DA8-AF44-4440-84E9-4B771CBA5DB4.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\ComfortClipboard\CClipboardH.dll
c:\program files\ComfortClipboard\CClipboardDeskBand.dll
c:\windows\system32\BCMWLCPL.CPL
.
Completion time: 2012-10-04 22:02:17
ComboFix-quarantined-files.txt 2012-10-05 02:02
ComboFix2.txt 2012-09-27 21:09
.
Pre-Run: 280,301,883,392 bytes free
Post-Run: 280,100,372,480 bytes free
.
- - End Of File - - 4285146EC68E759590AE85D673A281A3

#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:42 PM

Posted 04 October 2012 - 09:27 PM

Hi again,

Very well done! :thumbup2:

I will need some time to go over these latest logs. I will be going to sleep pretty soon for tonight.

Give me some time to check this latest log, I should be back to you tomorrow before 8pm Eastern Standard Time.

Thank you for your patience!

bloopie

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:42 PM

Posted 05 October 2012 - 05:26 PM

Hello again,

A couple of questions:

  • Your logs aren't showing much going on there, what exactly are your current issues?
  • What made you think that you have ZeroAccess or an MBR rootkit?
  • When you've previously done clean installs, have you reformatted the machine before reinstalling the Operating System?
I don't see any evidence of either of those infections in the logs you've provided here so far, but that doesn't mean your clean.

==========

Let's have a look at some more logs to be sure:

Step :step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

==========

Step :step2:

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

In your next reply, please include the following:

  • The TDSSKiller log
  • The OTL log
  • An answer to my questions

bloopie

#9 JimC3

JimC3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 05 October 2012 - 07:07 PM

Hi, I ran both scans and posted the results of all three reports below. The reason that I think something is going on is that after doing the clean installs, I was able to see numerous old files that had remained after I selected "show hidden files" and "show protected os files" and the exact same files are now on my two desktops that run windows xp. I have Windows 7 Professional on this laptop, which is normally connected to the two desktops and a storcenter network drive via a home network. I disconnected from the network to clean and repair the laptop. I did try to delete and/or reformat the hard drive when doing the last clean install because I believed that the boot record was infected. But, I do not know if I was successful in reformatting.

I also have numerous svchost.exe files running in task manager ... have a multitude of strange files that are normallly associated with malware .... and, strange activities popping up all the time. I thought that the laptop contained a fake, ghost, or hidden file system. I cannot update properly, programs are not uninstalled properly - just indicates program has been removed alsmost immediately after I agree to uninstall, and cannot run MS Security Essentials. Most recently, I ran RogueKiller and the resulting report indicated that I was infected with ZeroAccess. I have ATTACHED that report for your review.

PROVIDED BELOW IS THE CONTENT OF THE TDSSKILLER, OTL.TXT AND EXTRAS.TXT REPORTS:

19:28:32.0007 2788 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:28:32.0334 2788 ============================================================
19:28:32.0334 2788 Current date / time: 2012/10/05 19:28:32.0334
19:28:32.0334 2788 SystemInfo:
19:28:32.0334 2788
19:28:32.0334 2788 OS Version: 6.1.7601 ServicePack: 1.0
19:28:32.0334 2788 Product type: Workstation
19:28:32.0334 2788 ComputerName: CAWOODLAWLAP
19:28:32.0334 2788 UserName: JMCAWOOD3
19:28:32.0334 2788 Windows directory: C:\Windows
19:28:32.0334 2788 System windows directory: C:\Windows
19:28:32.0334 2788 Processor architecture: Intel x86
19:28:32.0334 2788 Number of processors: 4
19:28:32.0334 2788 Page size: 0x1000
19:28:32.0334 2788 Boot type: Normal boot
19:28:32.0334 2788 ============================================================
19:28:36.0172 2788 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:28:36.0172 2788 Drive \Device\Harddisk1\DR1 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:28:36.0172 2788 Drive \Device\Harddisk2\DR2 - Size: 0x79280000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:28:36.0203 2788 ============================================================
19:28:36.0203 2788 \Device\Harddisk0\DR0:
19:28:36.0203 2788 MBR partitions:
19:28:36.0203 2788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:28:36.0203 2788 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
19:28:36.0203 2788 \Device\Harddisk1\DR1:
19:28:36.0203 2788 MBR partitions:
19:28:36.0203 2788 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0x7757E0
19:28:36.0203 2788 \Device\Harddisk2\DR2:
19:28:36.0203 2788 MBR partitions:
19:28:36.0203 2788 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x3C9307
19:28:36.0203 2788 ============================================================
19:28:36.0250 2788 C: <-> \Device\Harddisk0\DR0\Partition2
19:28:36.0250 2788 ============================================================
19:28:36.0250 2788 Initialize success
19:28:36.0250 2788 ============================================================
19:28:39.0620 4156 ============================================================
19:28:39.0620 4156 Scan started
19:28:39.0620 4156 Mode: Manual;
19:28:39.0620 4156 ============================================================
19:28:40.0758 4156 ================ Scan system memory ========================
19:28:40.0758 4156 System memory - ok
19:28:40.0758 4156 ================ Scan services =============================
19:28:40.0836 4156 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:28:40.0836 4156 !SASCORE - ok
19:28:41.0070 4156 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:28:41.0086 4156 1394ohci - ok
19:28:41.0117 4156 [ C351EB0DEB102D7EC67CDDEE6513DDF5 ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
19:28:41.0117 4156 Acceler - ok
19:28:41.0148 4156 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:28:41.0148 4156 ACPI - ok
19:28:41.0180 4156 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:28:41.0180 4156 AcpiPmi - ok
19:28:41.0211 4156 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:28:41.0211 4156 adp94xx - ok
19:28:41.0226 4156 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:28:41.0242 4156 adpahci - ok
19:28:41.0258 4156 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:28:41.0258 4156 adpu320 - ok
19:28:41.0304 4156 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:28:41.0304 4156 AeLookupSvc - ok
19:28:41.0351 4156 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:28:41.0351 4156 AFD - ok
19:28:41.0367 4156 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:28:41.0367 4156 agp440 - ok
19:28:41.0382 4156 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:28:41.0382 4156 aic78xx - ok
19:28:41.0414 4156 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:28:41.0429 4156 ALG - ok
19:28:41.0445 4156 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:28:41.0445 4156 aliide - ok
19:28:41.0445 4156 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:28:41.0460 4156 amdagp - ok
19:28:41.0460 4156 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:28:41.0460 4156 amdide - ok
19:28:41.0476 4156 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:28:41.0476 4156 AmdK8 - ok
19:28:41.0492 4156 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:28:41.0492 4156 AmdPPM - ok
19:28:41.0523 4156 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:28:41.0523 4156 amdsata - ok
19:28:41.0538 4156 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:28:41.0538 4156 amdsbs - ok
19:28:41.0554 4156 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:28:41.0554 4156 amdxata - ok
19:28:41.0632 4156 [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
19:28:41.0632 4156 AppHostSvc - ok
19:28:41.0663 4156 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:28:41.0663 4156 AppID - ok
19:28:41.0679 4156 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:28:41.0679 4156 AppIDSvc - ok
19:28:41.0710 4156 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:28:41.0726 4156 Appinfo - ok
19:28:41.0772 4156 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:28:41.0772 4156 AppMgmt - ok
19:28:41.0788 4156 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:28:41.0788 4156 arc - ok
19:28:41.0804 4156 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:28:41.0804 4156 arcsas - ok
19:28:41.0850 4156 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:28:41.0850 4156 AsyncMac - ok
19:28:41.0866 4156 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:28:41.0866 4156 atapi - ok
19:28:41.0897 4156 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:28:41.0913 4156 AudioEndpointBuilder - ok
19:28:41.0913 4156 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:28:41.0928 4156 Audiosrv - ok
19:28:41.0944 4156 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:28:41.0944 4156 AxInstSV - ok
19:28:41.0991 4156 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:28:41.0991 4156 b06bdrv - ok
19:28:42.0022 4156 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:28:42.0022 4156 b57nd60x - ok
19:28:42.0053 4156 [ 57A52EE74FD55C590F209925088CB68B ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
19:28:42.0053 4156 BCM42RLY - ok
19:28:42.0116 4156 [ EDF86011D8A8366C476A9356CB9523B6 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
19:28:42.0147 4156 BCM43XX - ok
19:28:42.0178 4156 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:28:42.0178 4156 BDESVC - ok
19:28:42.0194 4156 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:28:42.0194 4156 Beep - ok
19:28:42.0240 4156 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:28:42.0240 4156 BFE - ok
19:28:42.0287 4156 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
19:28:42.0303 4156 BITS - ok
19:28:42.0303 4156 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:28:42.0303 4156 blbdrive - ok
19:28:42.0334 4156 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:28:42.0334 4156 bowser - ok
19:28:42.0350 4156 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:28:42.0350 4156 BrFiltLo - ok
19:28:42.0365 4156 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:28:42.0365 4156 BrFiltUp - ok
19:28:42.0412 4156 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:28:42.0412 4156 BridgeMP - ok
19:28:42.0428 4156 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:28:42.0428 4156 Browser - ok
19:28:42.0459 4156 [ 08C7E41FF10F56E83B4F10B5E8B1E8B6 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
19:28:42.0474 4156 BrSerIb - ok
19:28:42.0490 4156 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:28:42.0506 4156 Brserid - ok
19:28:42.0521 4156 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:28:42.0521 4156 BrSerWdm - ok
19:28:42.0537 4156 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:28:42.0537 4156 BrUsbMdm - ok
19:28:42.0552 4156 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:28:42.0552 4156 BrUsbSer - ok
19:28:42.0568 4156 [ 2132A117160F2A96A13C044AE9BCED91 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
19:28:42.0568 4156 BrUsbSIb - ok
19:28:42.0599 4156 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:28:42.0599 4156 BthEnum - ok
19:28:42.0615 4156 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:28:42.0615 4156 BTHMODEM - ok
19:28:42.0630 4156 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:28:42.0646 4156 BthPan - ok
19:28:42.0677 4156 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:28:42.0677 4156 BTHPORT - ok
19:28:42.0724 4156 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:28:42.0724 4156 bthserv - ok
19:28:42.0724 4156 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:28:42.0740 4156 BTHUSB - ok
19:28:42.0755 4156 [ 7E826BE3B3558208D5C9B00034E51BE5 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
19:28:42.0755 4156 btwaudio - ok
19:28:42.0771 4156 [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
19:28:42.0771 4156 btwavdt - ok
19:28:42.0833 4156 [ 45F36763576B8AE91E809337DC7CE4E6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:28:42.0849 4156 btwdins - ok
19:28:42.0864 4156 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
19:28:42.0880 4156 btwl2cap - ok
19:28:42.0896 4156 [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
19:28:42.0896 4156 btwrchid - ok
19:28:42.0974 4156 catchme - ok
19:28:43.0005 4156 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:28:43.0005 4156 cdfs - ok
19:28:43.0036 4156 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:28:43.0036 4156 cdrom - ok
19:28:43.0067 4156 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:28:43.0067 4156 CertPropSvc - ok
19:28:43.0098 4156 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:28:43.0098 4156 circlass - ok
19:28:43.0130 4156 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:28:43.0130 4156 CLFS - ok
19:28:43.0192 4156 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:28:43.0192 4156 clr_optimization_v2.0.50727_32 - ok
19:28:43.0239 4156 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:28:43.0239 4156 clr_optimization_v4.0.30319_32 - ok
19:28:43.0254 4156 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:28:43.0254 4156 CmBatt - ok
19:28:43.0286 4156 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:28:43.0286 4156 cmdide - ok
19:28:43.0317 4156 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:28:43.0317 4156 CNG - ok
19:28:43.0332 4156 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:28:43.0332 4156 Compbatt - ok
19:28:43.0348 4156 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:28:43.0348 4156 CompositeBus - ok
19:28:43.0364 4156 COMSysApp - ok
19:28:43.0395 4156 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:28:43.0395 4156 crcdisk - ok
19:28:43.0426 4156 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:28:43.0426 4156 CryptSvc - ok
19:28:43.0457 4156 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:28:43.0457 4156 CSC - ok
19:28:43.0488 4156 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:28:43.0504 4156 CscService - ok
19:28:43.0535 4156 [ 0F538DF1673E5216F3BAACB6911D9D0F ] CtAudDrv C:\Windows\system32\Drivers\CtAudDrv.sys
19:28:43.0551 4156 CtAudDrv - ok
19:28:43.0566 4156 [ 9A6CA307151505730DBFC91D97F01C7E ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:28:43.0566 4156 CtClsFlt - ok
19:28:43.0582 4156 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:28:43.0598 4156 DcomLaunch - ok
19:28:43.0629 4156 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:28:43.0629 4156 defragsvc - ok
19:28:43.0676 4156 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:28:43.0676 4156 DfsC - ok
19:28:43.0707 4156 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:28:43.0707 4156 Dhcp - ok
19:28:43.0722 4156 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:28:43.0722 4156 discache - ok
19:28:43.0754 4156 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:28:43.0754 4156 Disk - ok
19:28:43.0785 4156 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:28:43.0785 4156 Dnscache - ok
19:28:43.0800 4156 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:28:43.0816 4156 dot3svc - ok
19:28:43.0832 4156 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:28:43.0832 4156 DPS - ok
19:28:43.0863 4156 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:28:43.0863 4156 drmkaud - ok
19:28:43.0910 4156 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:28:43.0910 4156 DXGKrnl - ok
19:28:43.0941 4156 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:28:43.0941 4156 EapHost - ok
19:28:44.0019 4156 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:28:44.0097 4156 ebdrv - ok
19:28:44.0144 4156 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:28:44.0144 4156 EFS - ok
19:28:44.0190 4156 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:28:44.0206 4156 ehRecvr - ok
19:28:44.0237 4156 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:28:44.0237 4156 ehSched - ok
19:28:44.0253 4156 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:28:44.0268 4156 elxstor - ok
19:28:44.0284 4156 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:28:44.0284 4156 ErrDev - ok
19:28:44.0315 4156 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:28:44.0315 4156 EventSystem - ok
19:28:44.0331 4156 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:28:44.0346 4156 exfat - ok
19:28:44.0362 4156 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:28:44.0362 4156 fastfat - ok
19:28:44.0378 4156 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:28:44.0393 4156 Fax - ok
19:28:44.0409 4156 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:28:44.0424 4156 fdc - ok
19:28:44.0424 4156 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:28:44.0424 4156 fdPHost - ok
19:28:44.0440 4156 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:28:44.0440 4156 FDResPub - ok
19:28:44.0471 4156 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:28:44.0471 4156 FileInfo - ok
19:28:44.0487 4156 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:28:44.0487 4156 Filetrace - ok
19:28:44.0502 4156 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:28:44.0502 4156 flpydisk - ok
19:28:44.0518 4156 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:28:44.0518 4156 FltMgr - ok
19:28:44.0612 4156 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:28:44.0643 4156 FontCache - ok
19:28:44.0690 4156 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:28:44.0690 4156 FontCache3.0.0.0 - ok
19:28:44.0736 4156 [ 1D2DE58A837E6909F98CA35103D10739 ] fsbts C:\Windows\system32\Drivers\fsbts.sys
19:28:44.0736 4156 fsbts - ok
19:28:44.0736 4156 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:28:44.0736 4156 FsDepends - ok
19:28:44.0768 4156 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:28:44.0768 4156 Fs_Rec - ok
19:28:44.0783 4156 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:28:44.0799 4156 fvevol - ok
19:28:44.0814 4156 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:28:44.0814 4156 gagp30kx - ok
19:28:44.0846 4156 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:28:44.0877 4156 gpsvc - ok
19:28:44.0892 4156 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:28:44.0892 4156 hcw85cir - ok
19:28:44.0924 4156 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:28:44.0924 4156 HdAudAddService - ok
19:28:44.0955 4156 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:28:44.0955 4156 HDAudBus - ok
19:28:44.0986 4156 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
19:28:44.0986 4156 HECI - ok
19:28:44.0986 4156 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:28:44.0986 4156 HidBatt - ok
19:28:45.0002 4156 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:28:45.0017 4156 HidBth - ok
19:28:45.0033 4156 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:28:45.0033 4156 HidIr - ok
19:28:45.0048 4156 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
19:28:45.0048 4156 hidserv - ok
19:28:45.0080 4156 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:28:45.0080 4156 HidUsb - ok
19:28:45.0095 4156 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:28:45.0095 4156 hkmsvc - ok
19:28:45.0126 4156 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:28:45.0126 4156 HomeGroupListener - ok
19:28:45.0158 4156 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:28:45.0158 4156 HomeGroupProvider - ok
19:28:45.0189 4156 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:28:45.0189 4156 HpSAMD - ok
19:28:45.0236 4156 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:28:45.0236 4156 HTTP - ok
19:28:45.0251 4156 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:28:45.0251 4156 hwpolicy - ok
19:28:45.0282 4156 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:28:45.0282 4156 i8042prt - ok
19:28:45.0314 4156 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:28:45.0314 4156 iaStorV - ok
19:28:45.0345 4156 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:28:45.0376 4156 idsvc - ok
19:28:45.0376 4156 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:28:45.0392 4156 iirsp - ok
19:28:45.0407 4156 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:28:45.0423 4156 IKEEXT - ok
19:28:45.0438 4156 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:28:45.0454 4156 intelide - ok
19:28:45.0454 4156 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:28:45.0454 4156 intelppm - ok
19:28:45.0485 4156 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:28:45.0485 4156 IPBusEnum - ok
19:28:45.0501 4156 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:28:45.0501 4156 IpFilterDriver - ok
19:28:45.0516 4156 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:28:45.0532 4156 iphlpsvc - ok
19:28:45.0548 4156 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:28:45.0548 4156 IPMIDRV - ok
19:28:45.0563 4156 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:28:45.0563 4156 IPNAT - ok
19:28:45.0579 4156 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:28:45.0579 4156 IRENUM - ok
19:28:45.0594 4156 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:28:45.0594 4156 isapnp - ok
19:28:45.0610 4156 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:28:45.0626 4156 iScsiPrt - ok
19:28:45.0641 4156 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:28:45.0641 4156 kbdclass - ok
19:28:45.0657 4156 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:28:45.0657 4156 kbdhid - ok
19:28:45.0672 4156 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:28:45.0672 4156 KeyIso - ok
19:28:45.0688 4156 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:28:45.0688 4156 KSecDD - ok
19:28:45.0704 4156 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:28:45.0704 4156 KSecPkg - ok
19:28:45.0735 4156 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:28:45.0735 4156 KtmRm - ok
19:28:45.0782 4156 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
19:28:45.0782 4156 LanmanServer - ok
19:28:45.0797 4156 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:28:45.0813 4156 LanmanWorkstation - ok
19:28:45.0875 4156 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:28:45.0891 4156 LBTServ - ok
19:28:45.0906 4156 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:28:45.0906 4156 LHidFilt - ok
19:28:45.0953 4156 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:28:45.0953 4156 lltdio - ok
19:28:45.0969 4156 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:28:45.0984 4156 lltdsvc - ok
19:28:46.0000 4156 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:28:46.0000 4156 lmhosts - ok
19:28:46.0016 4156 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:28:46.0016 4156 LMouFilt - ok
19:28:46.0047 4156 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:28:46.0047 4156 LSI_FC - ok
19:28:46.0062 4156 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:28:46.0062 4156 LSI_SAS - ok
19:28:46.0078 4156 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:28:46.0078 4156 LSI_SAS2 - ok
19:28:46.0094 4156 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:28:46.0094 4156 LSI_SCSI - ok
19:28:46.0109 4156 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:28:46.0109 4156 luafv - ok
19:28:46.0140 4156 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:28:46.0140 4156 Mcx2Svc - ok
19:28:46.0156 4156 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:28:46.0156 4156 megasas - ok
19:28:46.0172 4156 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:28:46.0187 4156 MegaSR - ok
19:28:46.0203 4156 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:28:46.0203 4156 MMCSS - ok
19:28:46.0203 4156 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:28:46.0218 4156 Modem - ok
19:28:46.0265 4156 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:28:46.0265 4156 monitor - ok
19:28:46.0296 4156 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:28:46.0296 4156 mouclass - ok
19:28:46.0312 4156 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:28:46.0312 4156 mouhid - ok
19:28:46.0343 4156 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:28:46.0343 4156 mountmgr - ok
19:28:46.0359 4156 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:28:46.0374 4156 mpio - ok
19:28:46.0374 4156 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:28:46.0390 4156 mpsdrv - ok
19:28:46.0406 4156 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:28:46.0421 4156 MpsSvc - ok
19:28:46.0437 4156 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:28:46.0437 4156 MRxDAV - ok
19:28:46.0452 4156 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:28:46.0452 4156 mrxsmb - ok
19:28:46.0468 4156 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:28:46.0484 4156 mrxsmb10 - ok
19:28:46.0499 4156 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:28:46.0499 4156 mrxsmb20 - ok
19:28:46.0499 4156 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys
19:28:46.0499 4156 msahci - ok
19:28:46.0515 4156 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:28:46.0515 4156 msdsm - ok
19:28:46.0530 4156 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:28:46.0546 4156 MSDTC - ok
19:28:46.0562 4156 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:28:46.0562 4156 Msfs - ok
19:28:46.0562 4156 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:28:46.0577 4156 mshidkmdf - ok
19:28:46.0593 4156 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:28:46.0593 4156 msisadrv - ok
19:28:46.0624 4156 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:28:46.0624 4156 MSiSCSI - ok
19:28:46.0624 4156 msiserver - ok
19:28:46.0640 4156 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:28:46.0640 4156 MSKSSRV - ok
19:28:46.0655 4156 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:28:46.0655 4156 MSPCLOCK - ok
19:28:46.0671 4156 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:28:46.0671 4156 MSPQM - ok
19:28:46.0686 4156 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:28:46.0686 4156 MsRPC - ok
19:28:46.0702 4156 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:28:46.0702 4156 mssmbios - ok
19:28:46.0718 4156 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:28:46.0718 4156 MSTEE - ok
19:28:46.0733 4156 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:28:46.0733 4156 MTConfig - ok
19:28:46.0733 4156 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:28:46.0749 4156 Mup - ok
19:28:46.0780 4156 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:28:46.0780 4156 napagent - ok
19:28:46.0811 4156 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:28:46.0811 4156 NativeWifiP - ok
19:28:46.0874 4156 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:28:46.0874 4156 NDIS - ok
19:28:46.0889 4156 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:28:46.0905 4156 NdisCap - ok
19:28:46.0920 4156 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:28:46.0920 4156 NdisTapi - ok
19:28:46.0952 4156 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:28:46.0952 4156 Ndisuio - ok
19:28:46.0983 4156 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:28:46.0983 4156 NdisWan - ok
19:28:47.0014 4156 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:28:47.0014 4156 NDProxy - ok
19:28:47.0014 4156 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:28:47.0014 4156 NetBIOS - ok
19:28:47.0045 4156 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:28:47.0045 4156 NetBT - ok
19:28:47.0061 4156 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:28:47.0061 4156 Netlogon - ok
19:28:47.0108 4156 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:28:47.0108 4156 Netman - ok
19:28:47.0123 4156 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:28:47.0139 4156 netprofm - ok
19:28:47.0154 4156 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:28:47.0154 4156 NetTcpPortSharing - ok
19:28:47.0186 4156 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:28:47.0186 4156 nfrd960 - ok
19:28:47.0217 4156 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:28:47.0217 4156 NisDrv - ok
19:28:47.0248 4156 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:28:47.0248 4156 NlaSvc - ok
19:28:47.0264 4156 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:28:47.0264 4156 Npfs - ok
19:28:47.0279 4156 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:28:47.0279 4156 nsi - ok
19:28:47.0295 4156 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:28:47.0310 4156 nsiproxy - ok
19:28:47.0342 4156 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:28:47.0357 4156 Ntfs - ok
19:28:47.0357 4156 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:28:47.0357 4156 Null - ok
19:28:47.0420 4156 [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
19:28:47.0420 4156 NVHDA - ok
19:28:48.0215 4156 [ D3F22DA8F670EFD15D348B5952769CEF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:28:48.0262 4156 nvlddmkm - ok
19:28:48.0309 4156 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:28:48.0309 4156 nvraid - ok
19:28:48.0324 4156 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:28:48.0324 4156 nvstor - ok
19:28:48.0418 4156 [ A3B80E6B7CDE9660F639658739A5824E ] nvsvc C:\Windows\system32\nvvsvc.exe
19:28:48.0434 4156 nvsvc - ok
19:28:48.0512 4156 [ 61FF84F865B4414EFDC11856BF5757AD ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:28:48.0543 4156 nvUpdatusService - ok
19:28:48.0558 4156 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:28:48.0558 4156 nv_agp - ok
19:28:48.0574 4156 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:28:48.0590 4156 ohci1394 - ok
19:28:48.0636 4156 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:28:48.0652 4156 ose - ok
19:28:48.0777 4156 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:28:48.0886 4156 osppsvc - ok
19:28:48.0964 4156 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:28:48.0964 4156 p2pimsvc - ok
19:28:48.0995 4156 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:28:48.0995 4156 p2psvc - ok
19:28:49.0026 4156 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:28:49.0026 4156 Parport - ok
19:28:49.0042 4156 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:28:49.0042 4156 partmgr - ok
19:28:49.0058 4156 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:28:49.0073 4156 Parvdm - ok
19:28:49.0089 4156 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:28:49.0089 4156 PcaSvc - ok
19:28:49.0120 4156 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:28:49.0120 4156 pci - ok
19:28:49.0136 4156 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:28:49.0136 4156 pciide - ok
19:28:49.0167 4156 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:28:49.0167 4156 pcmcia - ok
19:28:49.0182 4156 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:28:49.0182 4156 pcw - ok
19:28:49.0214 4156 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:28:49.0214 4156 PEAUTH - ok
19:28:49.0245 4156 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:28:49.0276 4156 PeerDistSvc - ok
19:28:49.0370 4156 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:28:49.0401 4156 pla - ok
19:28:49.0432 4156 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:28:49.0432 4156 PlugPlay - ok
19:28:49.0463 4156 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:28:49.0463 4156 PNRPAutoReg - ok
19:28:49.0479 4156 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:28:49.0479 4156 PNRPsvc - ok
19:28:49.0494 4156 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:28:49.0510 4156 PolicyAgent - ok
19:28:49.0526 4156 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:28:49.0526 4156 Power - ok
19:28:49.0557 4156 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:28:49.0557 4156 PptpMiniport - ok
19:28:49.0572 4156 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:28:49.0572 4156 Processor - ok
19:28:49.0604 4156 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:28:49.0619 4156 ProfSvc - ok
19:28:49.0635 4156 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:28:49.0635 4156 ProtectedStorage - ok
19:28:49.0666 4156 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:28:49.0666 4156 Psched - ok
19:28:49.0697 4156 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
19:28:49.0697 4156 PSI_SVC_2 - ok
19:28:49.0744 4156 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:28:49.0744 4156 PxHelp20 - ok
19:28:49.0806 4156 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:28:49.0838 4156 ql2300 - ok
19:28:49.0884 4156 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:28:49.0900 4156 ql40xx - ok
19:28:49.0962 4156 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:28:49.0978 4156 QWAVE - ok
19:28:49.0994 4156 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:28:49.0994 4156 QWAVEdrv - ok
19:28:50.0009 4156 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:28:50.0009 4156 RasAcd - ok
19:28:50.0040 4156 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:28:50.0040 4156 RasAgileVpn - ok
19:28:50.0072 4156 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:28:50.0072 4156 RasAuto - ok
19:28:50.0087 4156 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:28:50.0087 4156 Rasl2tp - ok
19:28:50.0118 4156 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:28:50.0134 4156 RasMan - ok
19:28:50.0150 4156 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:28:50.0150 4156 RasPppoe - ok
19:28:50.0165 4156 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:28:50.0165 4156 RasSstp - ok
19:28:50.0181 4156 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:28:50.0181 4156 rdbss - ok
19:28:50.0181 4156 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:28:50.0181 4156 rdpbus - ok
19:28:50.0212 4156 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:28:50.0212 4156 RDPCDD - ok
19:28:50.0243 4156 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:28:50.0243 4156 RDPDR - ok
19:28:50.0259 4156 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:28:50.0274 4156 RDPENCDD - ok
19:28:50.0274 4156 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:28:50.0274 4156 RDPREFMP - ok
19:28:50.0290 4156 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:28:50.0290 4156 RDPWD - ok
19:28:50.0321 4156 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:28:50.0321 4156 rdyboost - ok
19:28:50.0337 4156 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:28:50.0352 4156 RemoteAccess - ok
19:28:50.0368 4156 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:28:50.0368 4156 RemoteRegistry - ok
19:28:50.0399 4156 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:28:50.0399 4156 RFCOMM - ok
19:28:50.0430 4156 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:28:50.0430 4156 RpcEptMapper - ok
19:28:50.0446 4156 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:28:50.0446 4156 RpcLocator - ok
19:28:50.0462 4156 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
19:28:50.0462 4156 RpcSs - ok
19:28:50.0477 4156 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:28:50.0477 4156 rspndr - ok
19:28:50.0508 4156 [ 31D45ECA63884FF5F7AECC50F7D1BAE0 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:28:50.0508 4156 RSUSBSTOR - ok
19:28:50.0555 4156 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
19:28:50.0555 4156 RTL8167 - ok
19:28:50.0586 4156 [ EB1BE0DD66FF7CCEC1A28DACE7C6056C ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x86.sys
19:28:50.0586 4156 RTL8168 - ok
19:28:50.0618 4156 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:28:50.0618 4156 s3cap - ok
19:28:50.0633 4156 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:28:50.0633 4156 SamSs - ok
19:28:50.0696 4156 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:28:50.0696 4156 SASDIFSV - ok
19:28:50.0711 4156 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:28:50.0711 4156 SASKUTIL - ok
19:28:50.0742 4156 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:28:50.0742 4156 sbp2port - ok
19:28:50.0774 4156 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:28:50.0774 4156 SCardSvr - ok
19:28:50.0789 4156 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:28:50.0789 4156 scfilter - ok
19:28:50.0836 4156 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:28:50.0867 4156 Schedule - ok
19:28:50.0883 4156 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:28:50.0883 4156 SCPolicySvc - ok
19:28:50.0914 4156 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:28:50.0914 4156 SDRSVC - ok
19:28:50.0945 4156 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:28:50.0945 4156 secdrv - ok
19:28:50.0961 4156 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:28:50.0961 4156 seclogon - ok
19:28:50.0976 4156 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
19:28:50.0992 4156 SENS - ok
19:28:51.0008 4156 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:28:51.0008 4156 SensrSvc - ok
19:28:51.0039 4156 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:28:51.0039 4156 Serenum - ok
19:28:51.0039 4156 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:28:51.0054 4156 Serial - ok
19:28:51.0070 4156 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:28:51.0070 4156 sermouse - ok
19:28:51.0086 4156 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:28:51.0101 4156 SessionEnv - ok
19:28:51.0117 4156 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:28:51.0117 4156 sffdisk - ok
19:28:51.0132 4156 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:28:51.0132 4156 sffp_mmc - ok
19:28:51.0132 4156 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:28:51.0132 4156 sffp_sd - ok
19:28:51.0148 4156 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:28:51.0148 4156 sfloppy - ok
19:28:51.0195 4156 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:28:51.0210 4156 SharedAccess - ok
19:28:51.0226 4156 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:28:51.0226 4156 ShellHWDetection - ok
19:28:51.0242 4156 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:28:51.0242 4156 sisagp - ok
19:28:51.0273 4156 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:28:51.0273 4156 SiSRaid2 - ok
19:28:51.0273 4156 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:28:51.0273 4156 SiSRaid4 - ok
19:28:51.0288 4156 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:28:51.0288 4156 Smb - ok
19:28:51.0335 4156 [ AC91455CEE37D26BB10D6F4E27DB9582 ] SmbDrvIntel C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
19:28:51.0335 4156 SmbDrvIntel - ok
19:28:51.0366 4156 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:28:51.0366 4156 SNMPTRAP - ok
19:28:51.0398 4156 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:28:51.0398 4156 spldr - ok
19:28:51.0460 4156 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:28:51.0476 4156 Spooler - ok
19:28:51.0538 4156 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:28:51.0616 4156 sppsvc - ok
19:28:51.0647 4156 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:28:51.0647 4156 sppuinotify - ok
19:28:51.0678 4156 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:28:51.0678 4156 srv - ok
19:28:51.0694 4156 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:28:51.0694 4156 srv2 - ok
19:28:51.0710 4156 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:28:51.0710 4156 srvnet - ok
19:28:51.0725 4156 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:28:51.0741 4156 SSDPSRV - ok
19:28:51.0741 4156 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:28:51.0741 4156 SstpSvc - ok
19:28:51.0756 4156 [ 1E72739A30A0D3E3FC95EBB07F83912D ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
19:28:51.0756 4156 stdcfltn - ok
19:28:51.0850 4156 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:28:51.0850 4156 Stereo Service - ok
19:28:51.0881 4156 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:28:51.0881 4156 stexstor - ok
19:28:51.0912 4156 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:28:51.0928 4156 StiSvc - ok
19:28:51.0975 4156 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:28:51.0975 4156 stllssvr - ok
19:28:51.0990 4156 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:28:51.0990 4156 storflt - ok
19:28:52.0006 4156 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
19:28:52.0022 4156 StorSvc - ok
19:28:52.0037 4156 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:28:52.0037 4156 storvsc - ok
19:28:52.0053 4156 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:28:52.0053 4156 swenum - ok
19:28:52.0068 4156 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:28:52.0084 4156 swprv - ok
19:28:52.0131 4156 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:28:52.0178 4156 SysMain - ok
19:28:52.0193 4156 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:28:52.0193 4156 TabletInputService - ok
19:28:52.0224 4156 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:28:52.0224 4156 TapiSrv - ok
19:28:52.0240 4156 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:28:52.0256 4156 TBS - ok
19:28:52.0302 4156 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:28:52.0318 4156 Tcpip - ok
19:28:52.0365 4156 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:28:52.0365 4156 TCPIP6 - ok
19:28:52.0396 4156 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:28:52.0396 4156 tcpipreg - ok
19:28:52.0443 4156 [ 53900527FA5E2CCC818C5894383772D1 ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
19:28:52.0443 4156 TcUsb - ok
19:28:52.0458 4156 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:28:52.0474 4156 TDPIPE - ok
19:28:52.0474 4156 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:28:52.0474 4156 TDTCP - ok
19:28:52.0490 4156 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:28:52.0490 4156 tdx - ok
19:28:52.0490 4156 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:28:52.0505 4156 TermDD - ok
19:28:52.0521 4156 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:28:52.0536 4156 TermService - ok
19:28:52.0552 4156 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:28:52.0552 4156 Themes - ok
19:28:52.0568 4156 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:28:52.0568 4156 THREADORDER - ok
19:28:52.0583 4156 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:28:52.0599 4156 TrkWks - ok
19:28:52.0614 4156 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:28:52.0630 4156 TrustedInstaller - ok
19:28:52.0646 4156 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:28:52.0646 4156 tssecsrv - ok
19:28:52.0661 4156 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:28:52.0661 4156 TsUsbFlt - ok
19:28:52.0692 4156 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:28:52.0708 4156 tunnel - ok
19:28:52.0739 4156 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:28:52.0739 4156 uagp35 - ok
19:28:52.0770 4156 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:28:52.0770 4156 udfs - ok
19:28:52.0802 4156 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:28:52.0802 4156 UI0Detect - ok
19:28:52.0833 4156 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:28:52.0833 4156 uliagpkx - ok
19:28:52.0864 4156 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:28:52.0864 4156 umbus - ok
19:28:52.0895 4156 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:28:52.0895 4156 UmPass - ok
19:28:52.0911 4156 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:28:52.0926 4156 UmRdpService - ok
19:28:52.0942 4156 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:28:52.0942 4156 upnphost - ok
19:28:52.0958 4156 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:28:52.0958 4156 usbccgp - ok
19:28:52.0973 4156 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:28:52.0989 4156 usbcir - ok
19:28:53.0004 4156 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:28:53.0004 4156 usbehci - ok
19:28:53.0020 4156 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:28:53.0020 4156 usbhub - ok
19:28:53.0036 4156 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:28:53.0036 4156 usbohci - ok
19:28:53.0067 4156 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:28:53.0067 4156 usbprint - ok
19:28:53.0082 4156 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:28:53.0098 4156 usbscan - ok
19:28:53.0114 4156 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:28:53.0114 4156 USBSTOR - ok
19:28:53.0114 4156 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:28:53.0129 4156 usbuhci - ok
19:28:53.0145 4156 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:28:53.0160 4156 usbvideo - ok
19:28:53.0160 4156 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:28:53.0176 4156 UxSms - ok
19:28:53.0192 4156 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:28:53.0192 4156 VaultSvc - ok
19:28:53.0238 4156 [ F44970C4137B57A5D5BD632B46113366 ] vcsFPService C:\Windows\system32\vcsFPService.exe
19:28:53.0270 4156 vcsFPService - ok
19:28:53.0301 4156 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:28:53.0301 4156 vdrvroot - ok
19:28:53.0332 4156 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:28:53.0348 4156 vds - ok
19:28:53.0379 4156 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:28:53.0379 4156 vga - ok
19:28:53.0394 4156 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:28:53.0394 4156 VgaSave - ok
19:28:53.0410 4156 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:28:53.0426 4156 vhdmp - ok
19:28:53.0441 4156 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:28:53.0441 4156 viaagp - ok
19:28:53.0457 4156 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:28:53.0457 4156 ViaC7 - ok
19:28:53.0472 4156 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:28:53.0472 4156 viaide - ok
19:28:53.0488 4156 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:28:53.0488 4156 vmbus - ok
19:28:53.0504 4156 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:28:53.0504 4156 VMBusHID - ok
19:28:53.0504 4156 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:28:53.0504 4156 volmgr - ok
19:28:53.0535 4156 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:28:53.0535 4156 volmgrx - ok
19:28:53.0535 4156 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:28:53.0550 4156 volsnap - ok
19:28:53.0566 4156 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:28:53.0566 4156 vsmraid - ok
19:28:53.0582 4156 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:28:53.0613 4156 VSS - ok
19:28:53.0613 4156 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:28:53.0613 4156 vwifibus - ok
19:28:53.0628 4156 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:28:53.0628 4156 vwififlt - ok
19:28:53.0644 4156 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:28:53.0644 4156 vwifimp - ok
19:28:53.0675 4156 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:28:53.0675 4156 W32Time - ok
19:28:53.0738 4156 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
19:28:53.0753 4156 W3SVC - ok
19:28:53.0753 4156 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:28:53.0769 4156 WacomPen - ok
19:28:53.0784 4156 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:28:53.0784 4156 WANARP - ok
19:28:53.0800 4156 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:28:53.0800 4156 Wanarpv6 - ok
19:28:53.0847 4156 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
19:28:53.0847 4156 WAS - ok
19:28:53.0909 4156 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:28:53.0940 4156 WatAdminSvc - ok
19:28:53.0972 4156 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:28:54.0003 4156 wbengine - ok
19:28:54.0003 4156 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:28:54.0003 4156 WbioSrvc - ok
19:28:54.0034 4156 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:28:54.0050 4156 wcncsvc - ok
19:28:54.0065 4156 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:28:54.0065 4156 WcsPlugInService - ok
19:28:54.0081 4156 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:28:54.0081 4156 Wd - ok
19:28:54.0096 4156 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:28:54.0096 4156 Wdf01000 - ok
19:28:54.0112 4156 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:28:54.0112 4156 WdiServiceHost - ok
19:28:54.0128 4156 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:28:54.0128 4156 WdiSystemHost - ok
19:28:54.0159 4156 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:28:54.0159 4156 WebClient - ok
19:28:54.0174 4156 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:28:54.0174 4156 Wecsvc - ok
19:28:54.0174 4156 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:28:54.0190 4156 wercplsupport - ok
19:28:54.0206 4156 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:28:54.0206 4156 WerSvc - ok
19:28:54.0221 4156 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:28:54.0221 4156 WfpLwf - ok
19:28:54.0237 4156 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:28:54.0237 4156 WIMMount - ok
19:28:54.0284 4156 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:28:54.0299 4156 WinDefend - ok
19:28:54.0315 4156 WinHttpAutoProxySvc - ok
19:28:54.0377 4156 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:28:54.0377 4156 Winmgmt - ok
19:28:54.0408 4156 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:28:54.0455 4156 WinRM - ok
19:28:54.0502 4156 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
19:28:54.0502 4156 WinUSB - ok
19:28:54.0533 4156 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:28:54.0564 4156 Wlansvc - ok
19:28:54.0580 4156 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:28:54.0580 4156 WmiAcpi - ok
19:28:54.0658 4156 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:28:54.0658 4156 wmiApSrv - ok
19:28:54.0720 4156 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:28:54.0752 4156 WMPNetworkSvc - ok
19:28:54.0767 4156 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:28:54.0767 4156 WPCSvc - ok
19:28:54.0798 4156 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:28:54.0798 4156 WPDBusEnum - ok
19:28:54.0830 4156 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:28:54.0830 4156 ws2ifsl - ok
19:28:54.0845 4156 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
19:28:54.0845 4156 wscsvc - ok
19:28:54.0923 4156 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:28:54.0970 4156 wuauserv - ok
19:28:54.0986 4156 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:28:54.0986 4156 WudfPf - ok
19:28:55.0017 4156 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:28:55.0017 4156 WUDFRd - ok
19:28:55.0032 4156 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:28:55.0032 4156 wudfsvc - ok
19:28:55.0048 4156 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:28:55.0064 4156 WwanSvc - ok
19:28:55.0095 4156 ================ Scan global ===============================
19:28:55.0126 4156 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:28:55.0142 4156 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:28:55.0157 4156 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:28:55.0173 4156 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:28:55.0220 4156 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:28:55.0235 4156 [Global] - ok
19:28:55.0235 4156 ================ Scan MBR ==================================
19:28:55.0251 4156 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:28:56.0514 4156 \Device\Harddisk0\DR0 - ok
19:28:56.0733 4156 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:28:56.0748 4156 \Device\Harddisk1\DR1 - ok
19:28:56.0764 4156 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk2\DR2
19:28:56.0764 4156 \Device\Harddisk2\DR2 - ok
19:28:56.0764 4156 ================ Scan VBR ==================================
19:28:56.0780 4156 [ 7328AEF14B7C63B6C88DD5A52AC35D11 ] \Device\Harddisk0\DR0\Partition1
19:28:56.0780 4156 \Device\Harddisk0\DR0\Partition1 - ok
19:28:56.0795 4156 [ DE538D6C5D0364BCC87F0C19AE320948 ] \Device\Harddisk0\DR0\Partition2
19:28:56.0795 4156 \Device\Harddisk0\DR0\Partition2 - ok
19:28:56.0811 4156 [ 7BC75A79E19233B4253497A6A4194110 ] \Device\Harddisk1\DR1\Partition1
19:28:56.0811 4156 \Device\Harddisk1\DR1\Partition1 - ok
19:28:56.0826 4156 [ 93629021DE1C0DCB2953F90CF8C4B01A ] \Device\Harddisk2\DR2\Partition1
19:28:56.0826 4156 \Device\Harddisk2\DR2\Partition1 - ok
19:28:56.0826 4156 ============================================================
19:28:56.0826 4156 Scan finished
19:28:56.0826 4156 ============================================================
19:28:56.0842 4148 Detected object count: 0
19:28:56.0842 4148 Actual detected object count: 0
19:29:13.0066 1052 Deinitialize success


OTL logfile created on: 10/5/2012 7:31:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JMCAWOOD3\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 62.74% Memory free
7.47 Gb Paging File | 6.23 Gb Available in Paging File | 83.33% Paging File free
Paging file location(s): c:\pagefile.sys 4593 9216 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 260.25 Gb Free Space | 87.34% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.69 Gb Free Space | 89.40% Space Free | Partition Type: FAT

Computer Name: CAWOODLAWLAP | User Name: JMCAWOOD3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/05 19:30:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JMCAWOOD3\Desktop\OTL.exe
PRC - [2012/08/30 15:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/30 11:57:35 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/08/30 11:57:34 | 000,864,104 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/19 19:37:30 | 000,147,456 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe
PRC - [2012/08/16 14:47:32 | 004,912,584 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2012/07/24 04:05:36 | 002,498,048 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2012/07/10 22:01:50 | 001,730,048 | ---- | M] (xwidget.com) -- C:\Program Files\XWidget\xwidget.exe
PRC - [2012/02/27 10:22:28 | 003,459,376 | ---- | M] (Comfort Software Group) -- C:\Program Files\ComfortClipboard\CClipboard.exe
PRC - [2012/02/08 15:11:46 | 000,124,184 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/10 14:25:52 | 000,035,120 | ---- | M] () -- C:\Program Files\ComfortClipboard\CClipboardCm.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/01 09:48:18 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/09/03 09:57:04 | 001,877,328 | ---- | M] (EMC) -- C:\Program Files\Iomega StorCenter\sohoclient.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/08 10:11:34 | 002,677,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\QTTabBar\3524571b8ccfc8f8bfa2beb5c39ebf83\QTTabBar.ni.dll
MOD - [2012/08/08 10:09:28 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/08/08 10:08:56 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/08/08 10:05:50 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/08/08 10:05:28 | 000,344,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.SHDocVw\d98b40dca6566262aedec85913a8b89b\Interop.SHDocVw.ni.dll
MOD - [2012/08/08 10:05:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/08/08 10:05:11 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/08/08 10:05:09 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
MOD - [2012/08/08 10:05:04 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/08/08 10:04:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/08/08 10:04:56 | 000,052,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BandObjectLib\d831d29bbb6ea38d7c146cc3ffd17eba\BandObjectLib.ni.dll
MOD - [2012/08/08 10:04:53 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/08/08 10:04:36 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/08/02 18:15:02 | 001,542,720 | ---- | M] () -- C:\Program Files\WOT\WOT.dll
MOD - [2012/07/24 04:05:36 | 002,633,216 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2012/07/24 04:05:36 | 002,498,048 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
MOD - [2012/07/24 04:05:36 | 001,205,760 | ---- | M] () -- C:\Program Files\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2012/07/24 04:05:36 | 000,707,584 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2012/07/24 04:05:36 | 000,502,784 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2012/07/24 04:05:36 | 000,485,376 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2012/07/24 04:05:36 | 000,198,144 | ---- | M] () -- C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2012/07/24 04:05:36 | 000,140,800 | ---- | M] () -- C:\Program Files\Rainlendar2\lua52.dll
MOD - [2012/07/24 04:05:36 | 000,131,584 | ---- | M] () -- C:\Program Files\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2012/07/24 04:05:36 | 000,012,800 | ---- | M] () -- C:\Program Files\Rainlendar2\lfs.dll
MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/05/10 14:25:58 | 000,037,680 | ---- | M] () -- C:\Program Files\ComfortClipboard\CClipboardH.dll
MOD - [2011/05/10 14:25:52 | 000,035,120 | ---- | M] () -- C:\Program Files\ComfortClipboard\CClipboardCm.exe
MOD - [2011/05/10 13:31:08 | 000,184,624 | ---- | M] () -- C:\Program Files\ComfortClipboard\CClipboardDeskBand.dll
MOD - [2010/10/01 09:48:18 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/07/04 17:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/04 17:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2009/09/03 09:57:05 | 006,463,488 | ---- | M] () -- C:\Program Files\Iomega StorCenter\wxmsw28u_vc_custom.dll
MOD - [2009/08/12 12:09:14 | 000,077,824 | ---- | M] () -- C:\Program Files\XWidget\Res\Lib\lib.dll


========== Services (SafeList) ==========

SRV - [2012/09/30 23:15:08 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/08/30 15:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/07 10:56:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/06/03 15:40:00 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/10/20 09:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [On_Demand | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JMCAWO~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/08/30 15:13:00 | 010,790,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/08 02:03:38 | 000,044,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts)
DRV - [2012/08/01 07:09:28 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2012/07/31 02:04:12 | 000,572,048 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rt630x86.sys -- (RTL8168)
DRV - [2012/07/03 11:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/04/09 15:04:30 | 000,023,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/29 10:38:00 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/08/20 11:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2009/09/17 19:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/08/10 11:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV - [2009/06/15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory =
IE - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 71 4F CE 45 87 CD 01 [binary data]
IE - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\JMCAWOOD3\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\JMCAWOOD3\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JMCAWOOD3\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JMCAWOOD3\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2012/09/28 03:10:42 | 000,000,846 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts:
O1 - Hosts:
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts:
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [LogiScrollApp] C:\Program Files\Logitech\FlowScroll\KhalScroll.exe (Logitech, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000..\Run: [CClipboard] C:\Program Files\ComfortClipboard\CClipboard.exe (Comfort Software Group)
O4 - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000..\Run: [XWidget] C:\Program Files\XWidget\xwidget.exe (xwidget.com)
O4 - HKU\S-1-5-21-4100312129-1962855927-2915203428-1001..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-4100312129-1962855927-2915203428-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4100312129-1962855927-2915203428-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-4100312129-1962855927-2915203428-1000\..Trusted Domains: eset.com ([www] http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{373A00D8-BD7B-4612-98E7-D93963692D2A}: DhcpNameServer = 74.128.17.114 74.128.19.102
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/08/04 10:45:48 | 000,000,000 | ---D | M] - F:\Autoruns -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/05 19:30:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JMCAWOOD3\Desktop\OTL.exe
[2012/10/05 19:26:35 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JMCAWOOD3\Desktop\tdsskiller.exe
[2012/10/04 22:19:21 | 000,000,000 | ---D | C] -- C:\Users\JMCAWOOD3\AppData\Roaming\Malwarebytes
[2012/10/04 22:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/04 22:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/04 22:19:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/04 22:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/04 22:12:19 | 000,000,000 | ---D | C] -- C:\Users\JMCAWOOD3\AppData\Roaming\TuneUp Software
[2012/10/04 22:02:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/04 22:01:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/04 21:56:35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/04 21:55:08 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\JMCAWOOD3\Desktop\ComboFix.exe
[2012/10/04 20:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkinCalc
[2012/10/04 20:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Cloanto
[2012/10/04 19:18:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\JMCAWOOD3\Desktop\aswMBR.exe
[2012/10/04 19:14:29 | 000,307,757 | ---- | C] (Farbar) -- C:\Users\JMCAWOOD3\Desktop\ListParts.exe
[2012/10/02 17:12:39 | 000,000,000 | ---D | C] -- C:\Users\JMCAWOOD3\Desktop\RK_Quarantine
[2012/10/02 14:34:02 | 000,000,000 | ---D | C] -- C:\Users\JMCAWOOD3\AppData\Roaming\Macromedia
[2012/09/30 22:32:51 | 000,000,000 | ---D | C] -- C:\inetpub
[2012/09/30 22:32:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
[2012/09/30 16:23:51 | 000,572,048 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rt630x86.sys
[2012/09/30 16:22:49 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2012/09/30 16:22:49 | 000,023,440 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys
[2012/09/30 15:52:26 | 000,000,000 | ---D | C] -- C:\Users\JMCAWOOD3\AppData\Local\Innovative Solutions
[2012/09/30 15:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2012/09/30 15:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2012/09/28 21:19:12 | 000,000,000 | --SD | C] -- C:\Windows\Sun
[2012/09/28 19:42:21 | 000,000,000 | ---D | C] -- C:\Users\JMCAWOOD3\AppData\Roaming\7stacks
[2012/09/28 19:04:13 | 000,000,000 | ---D | C] -- C:\Users\JMCAWOOD3\AppData\Local\CrashDumps
[2012/09/28 18:26:32 | 000,000,000 | ---D | C] -- C:\Users\JMCAWOOD3\AppData\Roaming\LibrariIcon
[2012/09/28 03:25:34 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/09/28 00:50:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/09/28 00:50:28 | 000,000,000 | ---D | C] -- C:\Users\JMCAWOOD3\AppData\Local\MFAData
[2012/09/28 00:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/09/28 00:13:19 | 000,000,000 | --SD | C] -- C:\Windows\SoftwareDistribution
[2012/09/28 00:10:13 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/09/28 00:08:40 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/09/27 23:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/09/27 23:08:48 | 000,000,000 | ---D | C] -- C:\temp
[2012/09/27 23:07:36 | 019,828,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/09/27 23:07:36 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/09/27 23:07:36 | 010,790,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/09/27 23:07:36 | 007,626,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/09/27 23:07:36 | 006,109,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2012/09/27 23:07:36 | 002,573,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/09/27 23:07:36 | 001,866,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/09/27 23:07:36 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2012/09/27 23:07:36 | 000,149,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2012/09/27 23:07:36 | 000,028,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2012/09/27 21:10:59 | 000,000,000 | ---D | C] -- C:\Users\JMCAWOOD3\AppData\Local\Microsoft Corporation
[2012/09/27 20:06:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/27 20:06:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/27 20:06:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/27 20:06:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/27 20:06:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/27 20:06:29 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/27 20:06:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/27 20:06:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/27 17:35:34 | 000,000,000 | ---D | C] -- C:\Users\JMCAWOOD3\AppData\Roaming\Mozilla
[2012/09/27 17:09:27 | 000,000,000 | ---D | C] -- C:\Users\JMCAWOOD3\AppData\Local\temp
[2012/09/27 17:04:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/27 17:04:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/27 17:04:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/27 17:04:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/27 16:26:31 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/17 22:57:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/17 22:57:53 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/17 22:57:53 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/17 22:57:53 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/06 03:25:21 | 000,000,000 | ---D | C] -- C:\Users\JMCAWOOD3\AppData\Local\NPE
[2012/09/06 03:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/09/05 20:25:10 | 000,000,000 | ---D | C] -- C:\Users\JMCAWOOD3\AppData\Local\Google
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/05 19:30:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JMCAWOOD3\Desktop\OTL.exe
[2012/10/05 19:28:35 | 000,007,120 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 19:28:35 | 000,007,120 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 19:26:35 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JMCAWOOD3\Desktop\tdsskiller.exe
[2012/10/05 19:25:41 | 000,073,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/05 19:25:41 | 000,025,334 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/05 19:21:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/05 19:21:16 | 2408,529,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/04 22:37:24 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/04 21:55:08 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\JMCAWOOD3\Desktop\ComboFix.exe
[2012/10/04 19:34:11 | 000,000,512 | ---- | M] () -- C:\Users\JMCAWOOD3\Desktop\MBR.dat
[2012/10/04 19:18:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\JMCAWOOD3\Desktop\aswMBR.exe
[2012/10/04 19:14:29 | 000,307,757 | ---- | M] (Farbar) -- C:\Users\JMCAWOOD3\Desktop\ListParts.exe
[2012/09/30 17:27:47 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2012/09/30 16:23:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2012/09/30 15:27:07 | 000,000,900 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/09/28 03:32:50 | 000,181,808 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2012/09/28 03:32:21 | 000,262,103 | ---- | M] () -- C:\Users\JMCAWOOD3\AppData\Local\census.cache
[2012/09/28 03:32:09 | 000,120,701 | ---- | M] () -- C:\Users\JMCAWOOD3\AppData\Local\ars.cache
[2012/09/28 03:25:29 | 000,000,036 | ---- | M] () -- C:\Users\JMCAWOOD3\AppData\Local\housecall.guid.cache
[2012/09/28 03:10:42 | 000,000,846 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/28 00:23:20 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/09/28 00:09:01 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-CAWOODLAWLAP-Microsoft-Windows-7-Professional-(32-bit).dat
[2012/09/27 22:35:32 | 000,364,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/27 17:08:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_424
[2012/09/27 16:31:24 | 000,513,501 | ---- | M] () -- C:\Users\JMCAWOOD3\Desktop\adwcleaner.exe
[2012/09/27 16:31:04 | 000,881,724 | ---- | M] () -- C:\Users\JMCAWOOD3\Desktop\SecurityCheck.exe
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/06 04:52:09 | 000,007,623 | ---- | M] () -- C:\Users\JMCAWOOD3\AppData\Local\Resmon.ResmonCfg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/04 19:34:11 | 000,000,512 | ---- | C] () -- C:\Users\JMCAWOOD3\Desktop\MBR.dat
[2012/09/30 22:33:03 | 000,073,126 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2012/09/30 22:33:03 | 000,025,334 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2012/09/30 16:23:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2012/09/28 03:32:50 | 000,181,808 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2012/09/28 03:32:21 | 000,262,103 | ---- | C] () -- C:\Users\JMCAWOOD3\AppData\Local\census.cache
[2012/09/28 03:32:09 | 000,120,701 | ---- | C] () -- C:\Users\JMCAWOOD3\AppData\Local\ars.cache
[2012/09/28 03:25:29 | 000,000,036 | ---- | C] () -- C:\Users\JMCAWOOD3\AppData\Local\housecall.guid.cache
[2012/09/28 00:09:01 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CAWOODLAWLAP-Microsoft-Windows-7-Professional-(32-bit).dat
[2012/09/27 22:35:20 | 000,364,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/27 17:04:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/27 17:04:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/27 17:04:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/27 17:04:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/27 17:04:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/27 16:32:12 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/09/27 16:31:24 | 000,513,501 | ---- | C] () -- C:\Users\JMCAWOOD3\Desktop\adwcleaner.exe
[2012/09/27 16:31:04 | 000,881,724 | ---- | C] () -- C:\Users\JMCAWOOD3\Desktop\SecurityCheck.exe
[2012/09/06 04:52:09 | 000,007,623 | ---- | C] () -- C:\Users\JMCAWOOD3\AppData\Local\Resmon.ResmonCfg
[2012/09/04 22:20:46 | 000,000,000 | ---- | C] () -- C:\Users\JMCAWOOD3\defogger_reenable
[2012/08/30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/08/09 10:46:55 | 000,033,134 | ---- | C] () -- C:\Users\JMCAWOOD3\AppData\Roaming\UserTile.png
[2012/08/08 02:03:38 | 000,044,184 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2012/08/07 07:47:21 | 000,307,200 | ---- | C] () -- C:\Windows\SetACL.exe
[2012/08/04 11:43:19 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/08/01 07:10:49 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012/07/31 23:55:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini
[2012/10/02 16:14:42 | 000,000,177 | RH-- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.ApplicationId.RuleWizard\desktop.ini
[2012/10/02 16:14:42 | 000,000,180 | RH-- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.ApplicationId.RuleWizard\6.1.0.0__31bf3856ad364e35\desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >




OTL Extras logfile created on: 10/5/2012 7:31:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JMCAWOOD3\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 62.74% Memory free
7.47 Gb Paging File | 6.23 Gb Available in Paging File | 83.33% Paging File free
Paging file location(s): c:\pagefile.sys 4593 9216 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 260.25 Gb Free Space | 87.34% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.69 Gb Free Space | 89.40% Space Free | Partition Type: FAT

Computer Name: CAWOODLAWLAP | User Name: JMCAWOOD3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E3AA3B8-B3E0-4371-B85E-726ABDC00FA4}" = rport=138 | protocol=17 | dir=out | app=system |
"{0F750517-5A93-4865-B165-068F9A544C8C}" = rport=445 | protocol=6 | dir=out | app=system |
"{0FEC3C3B-2B0F-4F95-AD72-4618EA23D2AB}" = lport=138 | protocol=17 | dir=in | app=system |
"{29A7C2BC-C965-4965-9158-412B66E2FA1F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A8FF7DC-273F-4645-8E76-62112DAAF324}" = lport=445 | protocol=6 | dir=in | app=system |
"{3A1084AA-EE2A-413B-A815-ED059DF98D2C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{40DFF7E4-DD13-4CD7-AD86-BFE7EE791A3C}" = lport=139 | protocol=6 | dir=in | app=system |
"{46C1693C-DB7B-48AD-A10F-08ED9E3765F9}" = rport=137 | protocol=17 | dir=out | app=system |
"{540702EA-B91F-4EF5-95A1-97BAAEF7B39C}" = lport=137 | protocol=17 | dir=in | app=system |
"{5EA0DC43-5A4F-4DD8-8036-916D913C91D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{640F1E62-D1CA-4897-BDAE-83DFF281ABDA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7A13753F-4FC1-48CE-A499-FA1EC548378F}" = rport=139 | protocol=6 | dir=out | app=system |
"{80DFA7C2-A016-4F49-9465-8049BB0FED93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2AF444E-1010-486E-A9B8-276847C6B3DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{60D847E0-94D6-4C57-B444-7F5E261F2CB6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B447CE5A-0BB3-444B-8FD1-AE583A0C82E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D08A95BD-F5A0-484E-89EE-9AB3CB62D4B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F22FE28D-057A-4424-9BF1-6B28DF69A745}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{B4F46CBB-E44A-4AC6-AC26-AB5754971D62}C:\program files\iomega storcenter\sohoclient.exe" = protocol=6 | dir=in | app=c:\program files\iomega storcenter\sohoclient.exe |
"TCP Query User{F708E613-C124-4F11-8DC1-A17EFEA6F088}C:\program files\iomega storcenter\sohoclient.exe" = protocol=6 | dir=in | app=c:\program files\iomega storcenter\sohoclient.exe |
"UDP Query User{C9FB11EF-6F86-4150-9EC5-61D301A7405C}C:\program files\iomega storcenter\sohoclient.exe" = protocol=17 | dir=in | app=c:\program files\iomega storcenter\sohoclient.exe |
"UDP Query User{EC67E916-2FB9-432D-BDEA-325C598486A6}C:\program files\iomega storcenter\sohoclient.exe" = protocol=17 | dir=in | app=c:\program files\iomega storcenter\sohoclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{13EBF9E8-82FF-47D0-A324-534B79EF7F71}" = WordPerfect Office X5 - WT
"{17C5A285-F7B6-492B-8F3B-343D02B84D75}" = WordPerfect Office X5 - Common
"{19B4CD07-1919-4002-B28F-A5D2027026E0}" = WordPerfect Office X5 - IPM
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = WordPerfect IFilter 32 bit
"{1F0D7D15-8A36-4AE4-8573-70BEA7DF379D}" = WordPerfect Office X5 - Migration Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{24DDDBFD-2E44-4CC0-9767-08554D6C8AE5}_is1" = XLaunchPad Ver1.07
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{378BAC91-3AE8-45F0-90E4-4F81E3EAEBC5}" = WordPerfect Office X5 - PR
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{629B8602-DCDC-40F7-A5CE-E3A13E25691F}" = Melloware PlacesBar Editor
"{64459BD5-3AE8-4689-B7B0-D57B667D8399}" = WordPerfect Office X5 - PerfectExperts EN
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6C13C708-FF28-4991-84E6-5526A0EE677B}" = WordPerfect Office X5 - Oxford
"{6C445ECD-A55A-43CA-9311-A738D2B7E23D}" = Classic Shell
"{6E4B1E42-A831-44B4-A705-D006F68560EC}" = WordPerfect Office X5 - Graphics
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D2F8EE-9D45-4D95-A6F6-F6433C2B94B5}" = WordPerfect Office X5 - System EN
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7EDF4F60-E41A-4D55-8400-A633443C0065}" = QTTabBar 1.5.0.0 Beta 2
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{87BB4097-8385-4DF9-8350-74EA7F3D696E}" = update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C67E383-E3FA-42A9-B7EC-002B9FD36944}" = SkinCalc
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92B60B3B-7DF3-4BF7-8823-9F17A9EEA31E}" = WordPerfect Office X5
"{969568E5-5613-4BA5-8FA9-FB9023C9DE71}_is1" = Comfort Clipboard Pro 5.1.4.0
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9FCB6355-689E-4141-9714-3EEC2AE10292}" = Validity Sensors DDK
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A6E16998-A241-438F-A916-5CD59B5506C0}_is1" = XWidget Ver1.6
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{CD5C6C29-E6CB-4DF3-B45F-A04087B1C294}" = WordPerfect Office X5 - Templates
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4167D08-0F61-4F44-BC3F-26B4960745C4}" = WordPerfect Office X5 - Skins
"{D7643510-C1AE-44AD-B0F9-0665C4D73BFD}" = WordPerfect Office X5 - LegalTools
"{DAEDCD3D-B981-4F10-B17B-764753EDAF9F}" = WordPerfect Office X5 - QP
"{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
"{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5 - Setup Files
"{E52F8D95-AEB5-3B67-879C-C59DF8AF88EE}" = Google Talk Plugin
"{E539B721-4458-4EFC-8BD0-04D4842051AE}" = Wordperfect Office X5 - EN
"{E67732DE-3387-4F1E-BDDA-2D0C08BC025B}" = WordPerfect Office X5 - Filters
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{EC61C6D9-159B-4B14-AAF3-AF33FCFA50DD}" = WordPerfect Office X5 - WP
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF6E933E-760B-40EA-8E00-E6DE3482F472}_is1" = 7stacks 1.5 beta 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"7-Zip" = 7-Zip 9.20
"9E0994BD91E500242443FCEFC56A7698F1FC87F6" = Windows Driver Package - Broadcom Bluetooth (12/01/2009 6.2.0.9411)
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 4.1
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"Dell Webcam Central" = Dell Webcam Central
"DMX5_is1" = DriverMax 6
"DW WLAN Card Utility" = DW WLAN Card Utility
"Folderico" = Folderico 4.0 RC11
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 5.1.0.383
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Iomega StorCenter" = Iomega StorCenter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Rainlendar2" = Rainlendar2 (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.94
"Sn1" = Logitech Flow Scroll 4.0
"sp6" = Logitech SetPoint 6.32
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Unlocker" = Unlocker 1.9.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4100312129-1962855927-2915203428-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/4/2012 6:10:08 PM | Computer Name = CAWOODLAWLAP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Dell Drivers\PalmRest.R253442\WinWDF\x64\DellTpad.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/4/2012 6:10:08 PM | Computer Name = CAWOODLAWLAP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Dell Drivers\PalmRest.R253442\WinWDF\x64\dpinst.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/4/2012 6:24:39 PM | Computer Name = CAWOODLAWLAP | Source = simpleServer | ID = 3299
Description =

Error - 10/4/2012 9:04:53 PM | Computer Name = CAWOODLAWLAP | Source = simpleServer | ID = 3299
Description =

Error - 10/4/2012 10:11:31 PM | Computer Name = CAWOODLAWLAP | Source = VSS | ID = 8194
Description =

Error - 10/4/2012 10:18:04 PM | Computer Name = CAWOODLAWLAP | Source = simpleServer | ID = 3299
Description =

Error - 10/4/2012 10:28:26 PM | Computer Name = CAWOODLAWLAP | Source = Application Error | ID = 1000
Description = Faulting application name: DisplayFusion.exe, version: 4.1.0.0, time
stamp: 0x502d07e6 Faulting module name: USER32.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7ba26 Exception code: 0xc0000409 Fault offset: 0x000662e4 Faulting process
id: 0xa0c Faulting application start time: 0x01cda2a0b9d2ac74 Faulting application
path: C:\Program Files\DisplayFusion\DisplayFusion.exe Faulting module path: C:\Windows\system32\USER32.dll
Report
Id: 574ab271-0e94-11e2-b898-a4badbd8ac94

Error - 10/4/2012 10:37:17 PM | Computer Name = CAWOODLAWLAP | Source = MsiInstaller | ID = 11316
Description =

Error - 10/4/2012 10:37:24 PM | Computer Name = CAWOODLAWLAP | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
installation. An error has prevented the Security Essentials setup wizard from
completing successfully. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 10/4/2012 11:49:10 PM | Computer Name = CAWOODLAWLAP | Source = simpleServer | ID = 3299
Description =

Error - 10/5/2012 2:28:12 PM | Computer Name = CAWOODLAWLAP | Source = simpleServer | ID = 3299
Description =

Error - 10/5/2012 7:22:08 PM | Computer Name = CAWOODLAWLAP | Source = simpleServer | ID = 3299
Description =

[ System Events ]
Error - 10/5/2012 2:27:01 PM | Computer Name = CAWOODLAWLAP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom PxHelp20

Error - 10/5/2012 2:42:03 PM | Computer Name = CAWOODLAWLAP | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 10/5/2012 2:42:21 PM | Computer Name = CAWOODLAWLAP | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/5/2012 3:04:33 PM | Computer Name = CAWOODLAWLAP | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 2 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 10/5/2012 4:24:36 PM | Computer Name = CAWOODLAWLAP | Source = DCOM | ID = 10005
Description =

Error - 10/5/2012 4:24:36 PM | Computer Name = CAWOODLAWLAP | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 10/5/2012 4:24:36 PM | Computer Name = CAWOODLAWLAP | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 10/5/2012 4:24:36 PM | Computer Name = CAWOODLAWLAP | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 10/5/2012 4:24:36 PM | Computer Name = CAWOODLAWLAP | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 10/5/2012 7:21:30 PM | Computer Name = CAWOODLAWLAP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom PxHelp20


< End of report >

Attached Files



#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:42 PM

Posted 05 October 2012 - 10:12 PM

Hi again,

Sorry if I seem harsh here...I do not mean to be harsh. I only need this information so that I can help you, okay? :)
And I also apologize for all the quotes, but I want to cover all the bases that's all! :wink:

The reason that I think something is going on is that after doing the clean installs, I was able to see numerous old files that had remained after I selected "show hidden files" and "show protected os files" and the exact same files are now on my two desktops that run windows xp.

This is not an indication of malware. There are many files and folders used in Windows 7 just as they were in XP. These are hidden for a reason...they are supposed to be there and you should not toy with them. :)

I also have numerous svchost.exe files running in task manager

This is also quite normal and no cause for concern!

and, strange activities popping up all the time.

Could you elaborate on these? What kind of activities?

Most recently, I ran RogueKiller and the resulting report indicated that I was infected with ZeroAccess.

The RogueKiller log you attached does not confirm you were infected with ZA. There is a section in the log for files/folders to be listed under ZeroAccess if present, but that section is empty. :)

But, I do not know if I was successful in reformatting.

I'm not sure what you mean here. Reformatting is a routine you choose to do when you boot from your installation disk. You have a choice to do a "quick format", or a full format of a partition on your disk. Maybe you have not formatted the proper partition?

have a multitude of strange files that are normallly associated with malware

Could you please list these filepaths for me? I need to see where they are located.

Also to double up on that, visit Virustotal.com and upload those files for analysis with these instructions:

  • Go to VirusTotal.com
  • Click the "Choose File" button.
  • Navigate to "one of the files in question" and click Open.
  • Click the "Scan It" button (***Note: If it says this file has already been scanned, please click "Reanalyze").
  • When it is finished scanning please provide a link to the results page.
Do this for those files normally associated with malware that you are worried about on your machine, and link me to the results pages for all of them. >>(with the results page open, just highlight the address from the address bar, copy, and paste the address into your reply)

Also, let me know if you have any problems or questions for me!

Thanks for your patience and also for sticking with me! :thumbup2:

bloopie

#11 JimC3

JimC3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 06 October 2012 - 03:28 PM

Ok, thank you for your assistance. Perhaps I was able to remove the infection previously when I ran all those programs on my own, and now just have several left over files. Anyway, I will upload any files as you instructed and let you know over the next week. The strange activities that are bugging me the most currently are as follows: (1) my mouse/cursor slows way down, becomes very difficult to move across the screen, and is very difficult to use and/or navigate anywhere unless or until I restart the computer occasionally; I cannot install MS Security Essentials; and, Windows Media Player and Flash update services continue to reappear in task manager even after I end the processes. Lastly, I am now going to proceed with rre-connecting my network, i.e. storcenter drive, and 2 desktops - is there a particular scan that I can recommend that I run afterwards to make sure the desktops and/or network components are clean? Also, can you recommend a particular free virus/malware protection software program to me for use in the future? I have been infected at least twice when using MSE and the others that I have used seem rather bulky and/or interfere with normal computer use. Thanks again.

#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:42 PM

Posted 06 October 2012 - 04:38 PM

Hi again,

Okay, thanks for that information! Bear in mind that I will continue to work with you to get all of this sorted out to the best of my abilities. :thumbup2:

==========

The issue with the mouse/cursor: First, we should make sure your drivers are up to date. What mouse are you using (make and model and weather wireless or wired)?

==========

I will recommend a very good antimalware solution you should use regularly, for your machine and others you may use. Malwarebytes Antimalware. I want you to run that program on this machine as well, instructions below.

Microsoft Security Essentials is a great free AV program, and I use it on all of my machines. It's extremely compatible with other Microsoft products (like your Operating System), and it leaves a very small footprint. So we will try to get that sorted out as well.

Unfortunately new viruses and trojans come out everyday, so your AV will ALWAYS be a step behind new malware. The best way to prevent reinfection is safe surfing: Simple and easy ways to keep your computer safe and secure on the Internet

You can also give two other free AV programs a try, but I doubt they will be any better than MSE:


==========

All that being said, let's get back to repairing this machine! :)

Since you're having problems getting MSE to work properly, I'd suggest we run the System File Checker to make sure all the necessary files are in place. Then we'll run a couple of other scans to get some more information.

Step :step1:

We need to run the SFC /SCANNOW Command

The sfc /scannow command (System File Checker) scans the integrity of all protected Windows system files and replaces incorrect corrupted, changed/modified, or damaged versions with the correct versions if possible.

  • Click the Windows "Orb" button.
  • Type cmd.
  • Right click on the search result cmd.exe and click Run as Administrator.

Next:

  • Copy the following line of text and paste it into the black box.
    (right-click in the black box and choose paste)

    sfc /scannow
  • Press Enter to run the command.

    Keep your Windows Installation disk handy! If you are asked to insert it, please do so and click Retry!

    Note: This may take a while to finish.
  • If SFC could not fix something, then run the command again to see if it may be able to the next time. Sometimes it may take running the sfc /scannow command 3 or more times to completely fix everything that it's able to.

==========

Step :step2:

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

=========

Step :step3:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Note2: This scan may take some time (2-3 hours depending on your connection speed and the size of your hard drive)!

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

==========

Step :step4:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

==========

In your next reply, please include the following:

  • The MBAM log
  • The ESET log
  • The FSS log
  • An answer to my question about the mouse
  • Any problems doing the above steps?
bloopie

#13 JimC3

JimC3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 07 October 2012 - 02:32 PM

Thank you so very much!! Please note that this laptop was infected with a virus/malware that locked me into a fake federal security screen that advised me I had unlawfully downloaded files and required me to pay $300 and then insert the payment receipt # in order to bypass the screen and logon to my laptop. I unwisely deleted my temporary internet files folder and performed a few other steps that I later read were not supposed to be done because it could damage my system. I then performed several clean installs, and following the clean installs, I was able to locate numerous old files and folders of my own (not system files) that remained after the clean installs. I do believe that I reformatted at the time of doing the last clean install. In any event, I have since believed that I had an infected BCD, with a rogue file system and/or P2P/file sharing software on this laptop. I also believed that the date of the infection and/or infected file(s) were 7/31/12. Most, if not all, of the suspected rogue files are dated 7/13/09 .... can you tell me whether most of the Windows 7 system files are properly dated 7/13/09? I also thought I had a kernel mode infection and/or my keyboard and mouse entries had been compromised. I have many advanced firewall and task scheduler settings that I did not configure and looked suspicious to me. Also, when I go into advanced internet settings, it indicates that some have been set by the administrator and cannot be changed.

In regard to the mouse, I am using a Logitech VX Revolution ... and, have installed SetPoint 6.32 with Driver version: 5.33.14. The problem seems to occur because of a conflict with something else is running. I also have encountered screen flickering when opening and/or closing windows recently, which seems to be due to a conflict as well. I thought it was AVG because both problems started about the same time that was installed, but I have since uninstalled and problems continue - just less frequently.

I ran the sfc /scannow command as administrator - it reported as follows when finished: "Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log." I wanted to attach that log for your review, but was unable to locate the file anywhere on my system - even a search failed to return any results for the file.

I thereafter downloaded Malwarebytes Anti-Malware onto my desktop and ran a full scan. The result of that scan was as follows:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.07.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
JMCAWOOD3 :: CAWOODLAWLAP [administrator]

10/7/2012 1:43:38 PM
mbam-log-2012-10-07 (13-43-38).txt

Scan type: Full scan (C:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 320465
Time elapsed: 36 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Next, I ran ESET Online Scanner. The result of that scan was as follows:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=46ac186aa8975042a037a6e463905f82
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-10-07 07:13:19
# local_time=2012-10-07 03:13:19 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 101179253 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=132476
# found=0
# cleaned=0
# scan_time=2737

LASTLY, I RAN FARBAR SERVICE SCANNER. THE RESULT OF THE FSS SCAN WAS AS FOLLOWS:


Farbar Service Scanner Version: 19-09-2012
Ran by JMCAWOOD3 (administrator) on 07-10-2012 at 15:26:57
Running from "C:\Users\JMCAWOOD3\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-17 22:57] - [2012-08-22 13:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

PLEASE NOTE THAT I HAVE NOT YET RE-CONNECTED MY NETWORK AT THE TIME THE ABOVE SCANS WERE RUN.






#14 JimC3

JimC3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 07 October 2012 - 03:09 PM

I have been uploading files to VirusTotal, and found one that was suspicious. The file and suspicious info is as follows:

SHA256:67291d21c102dcc2f4eeb9cbd6e68486238035636b966ad8d03e76dd0ecf0f77SHA1:d6e823c78a8f14e9d3b05cb686ba3a50f5750001MD5:82683411c04a7e11c93628a32a8b80f7File size:745.3 KB ( 763232 bytes ) File name:GoogleUpdateSetup.exeFile type:Win32 EXETags:peexesignedmzDetection ratio:1 / 44Analysis date: 2012-10-07 20:06:13 UTC ( 1 minute ago )
TrendMicro-HouseCall: TROJ_GEN.F47V0914: 20121005

#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:42 PM

Posted 07 October 2012 - 10:25 PM

Hello again,

Thank you so very much!!

It's my pleasure! :)

note that this laptop was infected with a virus/malware that locked me into a fake federal security screen

Indeed this is called "ransomware" or a "screenlocker", and is fairly common today. Basically, that's all the malware does to your system and is easy to remove once you know how. However and more often than not, it will come bundled with other malicious software like other droppers that will leave your system a sitting duck to further infection if not handled properly and immediately.

Yours has been removed already by some program (that's why we tell people not to make changes to their machine while we're helping them, we need to know "what" was removed and "how"!), could have been combofix on an earlier run which I have not asked the logs for. Either way that particular infection and ZeroAcess or an MBR rootkit is not here now so you can breathe again! :thumbup2:

and following the clean installs, I was able to locate numerous old files and folders of my own (not system files) that remained after the clean installs.

This brings me back to what I asked earlier. If these non-system files are there after a clean install, there is only a few reasons for this!:

  • You didn't reformat, and just installed Windows "on top" of Windows
  • They have been installed with other normal software you have installed and are still legit

As you have seen, you've already double checked some files at VirusTotal.com and they all come back clean!

...Even the one you mention:

GoogleUpdateSetup.exe : Detection ratio:1 / 44Analysis date: 2012-10-07 20:06:13 UTC ( 1 minute ago )


Just because one out of 42 antivirus companies around the world find this file questionable, does not make it bad!

can you tell me whether most of the Windows 7 system files are properly dated 7/13/09?

Unfortunately not. The date of the files you are looking at are the "creation date" on the machine, and are most probably the date of installation. That doesn't tell when the file itself was created, but it tells when the file first came on to the machine (usually during the Windows 7 installation process). If they are still there and haven't been removed by our methods, they are probably supposed to be there and are legit.

When was the date of your last supposed "clean install"? That will tell us the creation date on the machine! :wink:

==========

As of now, all your logs look clean! And the SFC has fixed at least one issue so that's good news!

Let's retrieve that logfile for review:

Step :step1:

Retrieving SFC /scannow log

For Windows Vista / 7:

  • Click the Windows "Orb" button.
  • Type cmd.
  • Right click on the search result cmd.exe and click Run as Administrator.
  • Copy the following line of text in the codebox and paste it into the black box.
    (right-click in the black box and choose paste)

    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
  • Press Enter to run the command.
  • A text file sfcdetails.txt should appear on your desktop. Post the content of the file in your next reply.

==========

Step :step2:

Now, let's try to remove AVG (that AV program hasn't quite kept up with the latest malware definitions), and then now try to install MSE:


Now completely remove AVG from the Add/Remove programs list, and then use the removal tool you just downloaded to make sure the program is gone and reboot as necessary!

Then double-click the MSE installation file on your desktop, and follow the prompts to install it. It will ask you to run a quick scan, allow it to do so!

==========

In your next reply:

  • Please post the logfile of the SFC
  • Let me know if you were able to get MSE to install and run!!
  • Do you still have the mouse/cursor problem?
  • Any other remaining problems I should know about?

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users