Fawst
-
Posts
19 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Fawst
-
-
I think I might be all set! I reinstalled MSE and after it updated the definitions, there was nothing found on the scan.
-
Nothing showed up on a MBAM scan, which is good! The only issue I can see is that Microsoft Security Essentials is stopped and when I try to start it, it says that the Security Essentials service isn't installed. Do I need to uninstall and reinstall MSE? Or is there a better option available to use?
-
It seems like I may have been using a newer version than the one you gave instructions for as some of the requests were not available. For instance, Complete Scan didn't provide an option for choosing drives, it chose everything on its own. It also moved the two incurable files automatically, I had no option to click on the image you posted.
Also, I saved the .csv file, but it was pretty sparse. There was a notification that a log file was saved, but it's a 23mb .txt file. I'm posting the .csv contents below:
OTL(1).exe;C:\Documents and Settings\Diane\Desktop;Trojan.Siggen4.6108;Incurable.Moved.;
OTL(1).exe;C:\Documents and Settings\Diane\DoctorWeb\Quarantine;Trojan.Siggen4.6108;Incurable.Moved.;
-
MBAM found rootkit.0access again, but once I rebooted and ran MBAM a second time, nothing was detected. Here's the MBAM log from the first run when it found rootkit.0access:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.21.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Diane :: DIANE [administrator]
6/21/2012 12:10:22 PM
mbam-log-2012-06-21 (12-10-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206695
Time elapsed: 1 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Diane\0.6109149139324841.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
-
Here's the OTL fix log:
All processes killed
========== OTL ==========
Folder C:\ProgramData\B7E85889000153270000620DB4EB2331\ not found.
C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\@ moved successfully.
========== FILES ==========
C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\U folder moved successfully.
C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\L folder moved successfully.
C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Diane\Desktop\cmd.bat deleted successfully.
C:\Users\Diane\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Diane
->Temp folder emptied: 199876635 bytes
->Temporary Internet Files folder emptied: 105781910 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14606706 bytes
->Flash cache emptied: 2963 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6295 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2982022 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 308.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.50.0 log created on 06212012_120023
Files\Folders moved on Reboot...
C:\Users\Diane\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
-
Logs incoming:
11:18:15.0662 3584 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
11:18:15.0896 3584 ============================================================
11:18:15.0896 3584 Current date / time: 2012/06/21 11:18:15.0896
11:18:15.0896 3584 SystemInfo:
11:18:15.0896 3584
11:18:15.0896 3584 OS Version: 6.1.7601 ServicePack: 1.0
11:18:15.0896 3584 Product type: Workstation
11:18:15.0896 3584 ComputerName: DIANE
11:18:15.0896 3584 UserName: Diane
11:18:15.0896 3584 Windows directory: C:\Windows
11:18:15.0896 3584 System windows directory: C:\Windows
11:18:15.0896 3584 Running under WOW64
11:18:15.0896 3584 Processor architecture: Intel x64
11:18:15.0896 3584 Number of processors: 4
11:18:15.0896 3584 Page size: 0x1000
11:18:15.0896 3584 Boot type: Normal boot
11:18:15.0896 3584 ============================================================
11:18:16.0566 3584 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:18:16.0582 3584 ============================================================
11:18:16.0582 3584 \Device\Harddisk0\DR0:
11:18:16.0582 3584 MBR partitions:
11:18:16.0582 3584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x192D000
11:18:16.0582 3584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1941000, BlocksNum 0x23AE8AB0
11:18:16.0582 3584 ============================================================
11:18:16.0598 3584 C: <-> \Device\Harddisk0\DR0\Partition1
11:18:16.0598 3584 ============================================================
11:18:16.0598 3584 Initialize success
11:18:16.0598 3584 ============================================================
11:18:55.0941 1408 ============================================================
11:18:55.0941 1408 Scan started
11:18:55.0941 1408 Mode: Manual; SigCheck; TDLFS;
11:18:55.0941 1408 ============================================================
11:18:56.0362 1408 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:18:56.0440 1408 1394ohci - ok
11:18:56.0487 1408 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:18:56.0503 1408 ACPI - ok
11:18:56.0503 1408 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:18:56.0581 1408 AcpiPmi - ok
11:18:56.0659 1408 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:18:56.0674 1408 AdobeFlashPlayerUpdateSvc - ok
11:18:56.0705 1408 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:18:56.0737 1408 adp94xx - ok
11:18:56.0752 1408 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:18:56.0768 1408 adpahci - ok
11:18:56.0783 1408 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:18:56.0799 1408 adpu320 - ok
11:18:56.0815 1408 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:18:56.0893 1408 AeLookupSvc - ok
11:18:56.0939 1408 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
11:18:57.0017 1408 AERTFilters - ok
11:18:57.0064 1408 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:18:57.0111 1408 AFD - ok
11:18:57.0158 1408 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:18:57.0173 1408 agp440 - ok
11:18:57.0189 1408 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:18:57.0220 1408 ALG - ok
11:18:57.0251 1408 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:18:57.0267 1408 aliide - ok
11:18:57.0283 1408 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:18:57.0283 1408 amdide - ok
11:18:57.0314 1408 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:18:57.0361 1408 AmdK8 - ok
11:18:57.0376 1408 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:18:57.0392 1408 AmdPPM - ok
11:18:57.0423 1408 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:18:57.0439 1408 amdsata - ok
11:18:57.0454 1408 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:18:57.0470 1408 amdsbs - ok
11:18:57.0485 1408 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:18:57.0501 1408 amdxata - ok
11:18:57.0532 1408 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:18:57.0657 1408 AppID - ok
11:18:57.0673 1408 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:18:57.0735 1408 AppIDSvc - ok
11:18:57.0766 1408 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:18:57.0813 1408 Appinfo - ok
11:18:57.0844 1408 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:18:57.0891 1408 AppMgmt - ok
11:18:57.0907 1408 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:18:57.0922 1408 arc - ok
11:18:57.0922 1408 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:18:57.0938 1408 arcsas - ok
11:18:57.0953 1408 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:18:58.0016 1408 AsyncMac - ok
11:18:58.0031 1408 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:18:58.0047 1408 atapi - ok
11:18:58.0094 1408 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:18:58.0156 1408 AudioEndpointBuilder - ok
11:18:58.0172 1408 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:18:58.0203 1408 AudioSrv - ok
11:18:58.0265 1408 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:18:58.0328 1408 AxInstSV - ok
11:18:58.0359 1408 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:18:58.0406 1408 b06bdrv - ok
11:18:58.0421 1408 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:18:58.0453 1408 b57nd60a - ok
11:18:58.0484 1408 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:18:58.0499 1408 BDESVC - ok
11:18:58.0515 1408 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:18:58.0546 1408 Beep - ok
11:18:58.0609 1408 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:18:58.0655 1408 BFE - ok
11:18:58.0702 1408 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:18:58.0765 1408 BITS - ok
11:18:58.0811 1408 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:18:58.0843 1408 blbdrive - ok
11:18:58.0874 1408 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:18:58.0905 1408 bowser - ok
11:18:58.0967 1408 BPowMon (1ad28a8a753e4bd8fdb4f5f857ace561) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
11:18:58.0983 1408 BPowMon - ok
11:18:58.0999 1408 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:18:59.0045 1408 BrFiltLo - ok
11:18:59.0045 1408 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:18:59.0061 1408 BrFiltUp - ok
11:18:59.0077 1408 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:18:59.0139 1408 BridgeMP - ok
11:18:59.0155 1408 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:18:59.0201 1408 Browser - ok
11:18:59.0217 1408 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:18:59.0248 1408 Brserid - ok
11:18:59.0248 1408 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:18:59.0279 1408 BrSerWdm - ok
11:18:59.0295 1408 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:18:59.0342 1408 BrUsbMdm - ok
11:18:59.0342 1408 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:18:59.0373 1408 BrUsbSer - ok
11:18:59.0373 1408 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:18:59.0404 1408 BTHMODEM - ok
11:18:59.0420 1408 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:18:59.0467 1408 bthserv - ok
11:18:59.0498 1408 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:18:59.0545 1408 cdfs - ok
11:18:59.0591 1408 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:18:59.0607 1408 cdrom - ok
11:18:59.0654 1408 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:18:59.0701 1408 CertPropSvc - ok
11:18:59.0716 1408 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:18:59.0732 1408 circlass - ok
11:18:59.0779 1408 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:18:59.0794 1408 CLFS - ok
11:18:59.0841 1408 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:18:59.0857 1408 clr_optimization_v2.0.50727_32 - ok
11:18:59.0888 1408 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:18:59.0903 1408 clr_optimization_v2.0.50727_64 - ok
11:18:59.0966 1408 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:18:59.0966 1408 clr_optimization_v4.0.30319_32 - ok
11:19:00.0013 1408 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:19:00.0013 1408 clr_optimization_v4.0.30319_64 - ok
11:19:00.0044 1408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:19:00.0059 1408 CmBatt - ok
11:19:00.0091 1408 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:19:00.0106 1408 cmdide - ok
11:19:00.0122 1408 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:19:00.0153 1408 CNG - ok
11:19:00.0169 1408 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:19:00.0184 1408 Compbatt - ok
11:19:00.0215 1408 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:19:00.0262 1408 CompositeBus - ok
11:19:00.0278 1408 COMSysApp - ok
11:19:00.0293 1408 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:19:00.0309 1408 crcdisk - ok
11:19:00.0340 1408 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:19:00.0387 1408 CryptSvc - ok
11:19:00.0418 1408 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:19:00.0465 1408 CSC - ok
11:19:00.0512 1408 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
11:19:00.0543 1408 CscService - ok
11:19:00.0590 1408 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:19:00.0621 1408 DcomLaunch - ok
11:19:00.0683 1408 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:19:00.0730 1408 defragsvc - ok
11:19:00.0777 1408 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:19:00.0824 1408 DfsC - ok
11:19:00.0871 1408 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:19:00.0917 1408 Dhcp - ok
11:19:00.0933 1408 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:19:00.0980 1408 discache - ok
11:19:00.0995 1408 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:19:01.0011 1408 Disk - ok
11:19:01.0042 1408 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:19:01.0073 1408 Dnscache - ok
11:19:01.0120 1408 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:19:01.0151 1408 dot3svc - ok
11:19:01.0183 1408 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:19:01.0214 1408 DPS - ok
11:19:01.0245 1408 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:19:01.0261 1408 drmkaud - ok
11:19:01.0307 1408 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:19:01.0339 1408 DXGKrnl - ok
11:19:01.0354 1408 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:19:01.0401 1408 EapHost - ok
11:19:01.0495 1408 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:19:01.0573 1408 ebdrv - ok
11:19:01.0651 1408 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:19:01.0682 1408 EFS - ok
11:19:01.0744 1408 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:19:01.0791 1408 ehRecvr - ok
11:19:01.0822 1408 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:19:01.0853 1408 ehSched - ok
11:19:01.0900 1408 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:19:01.0931 1408 elxstor - ok
11:19:01.0947 1408 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:19:01.0978 1408 ErrDev - ok
11:19:02.0009 1408 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:19:02.0056 1408 EventSystem - ok
11:19:02.0072 1408 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:19:02.0103 1408 exfat - ok
11:19:02.0119 1408 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:19:02.0165 1408 fastfat - ok
11:19:02.0228 1408 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:19:02.0290 1408 Fax - ok
11:19:02.0306 1408 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:19:02.0321 1408 fdc - ok
11:19:02.0337 1408 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:19:02.0384 1408 fdPHost - ok
11:19:02.0384 1408 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:19:02.0431 1408 FDResPub - ok
11:19:02.0462 1408 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:19:02.0477 1408 FileInfo - ok
11:19:02.0493 1408 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:19:02.0524 1408 Filetrace - ok
11:19:02.0540 1408 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:19:02.0555 1408 flpydisk - ok
11:19:02.0587 1408 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:19:02.0602 1408 FltMgr - ok
11:19:02.0649 1408 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:19:02.0727 1408 FontCache - ok
11:19:02.0774 1408 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:19:02.0789 1408 FontCache3.0.0.0 - ok
11:19:02.0836 1408 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:19:02.0836 1408 FsDepends - ok
11:19:02.0867 1408 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:19:02.0883 1408 Fs_Rec - ok
11:19:02.0914 1408 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:19:02.0930 1408 fvevol - ok
11:19:02.0945 1408 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:19:02.0961 1408 gagp30kx - ok
11:19:03.0008 1408 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:19:03.0055 1408 gpsvc - ok
11:19:03.0070 1408 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:19:03.0117 1408 hcw85cir - ok
11:19:03.0148 1408 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:19:03.0179 1408 HDAudBus - ok
11:19:03.0195 1408 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:19:03.0211 1408 HidBatt - ok
11:19:03.0211 1408 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:19:03.0242 1408 HidBth - ok
11:19:03.0257 1408 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:19:03.0289 1408 HidIr - ok
11:19:03.0320 1408 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:19:03.0351 1408 hidserv - ok
11:19:03.0398 1408 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:19:03.0398 1408 HidUsb - ok
11:19:03.0429 1408 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:19:03.0491 1408 hkmsvc - ok
11:19:03.0507 1408 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:19:03.0523 1408 HomeGroupListener - ok
11:19:03.0554 1408 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:19:03.0569 1408 HomeGroupProvider - ok
11:19:03.0601 1408 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:19:03.0616 1408 HpSAMD - ok
11:19:03.0663 1408 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:19:03.0710 1408 HTTP - ok
11:19:03.0741 1408 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:19:03.0741 1408 hwpolicy - ok
11:19:03.0788 1408 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:19:03.0803 1408 i8042prt - ok
11:19:03.0850 1408 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:19:03.0866 1408 iaStorV - ok
11:19:03.0944 1408 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:19:03.0975 1408 idsvc - ok
11:19:04.0240 1408 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:19:04.0459 1408 igfx - ok
11:19:04.0537 1408 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:19:04.0552 1408 iirsp - ok
11:19:04.0615 1408 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:19:04.0677 1408 IKEEXT - ok
11:19:04.0739 1408 IntcAzAudAddService (5ba1779e2c84fde2a5e201fff9c42c9c) C:\Windows\system32\drivers\RTKVHD64.sys
11:19:04.0771 1408 IntcAzAudAddService - ok
11:19:04.0849 1408 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:19:04.0864 1408 intelide - ok
11:19:04.0880 1408 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:19:04.0911 1408 intelppm - ok
11:19:04.0927 1408 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:19:04.0973 1408 IPBusEnum - ok
11:19:05.0005 1408 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:19:05.0036 1408 IpFilterDriver - ok
11:19:05.0067 1408 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:19:05.0129 1408 iphlpsvc - ok
11:19:05.0145 1408 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:19:05.0161 1408 IPMIDRV - ok
11:19:05.0192 1408 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:19:05.0239 1408 IPNAT - ok
11:19:05.0254 1408 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:19:05.0270 1408 IRENUM - ok
11:19:05.0301 1408 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:19:05.0317 1408 isapnp - ok
11:19:05.0332 1408 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:19:05.0348 1408 iScsiPrt - ok
11:19:05.0395 1408 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
11:19:05.0410 1408 k57nd60a - ok
11:19:05.0426 1408 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:19:05.0441 1408 kbdclass - ok
11:19:05.0457 1408 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:19:05.0488 1408 kbdhid - ok
11:19:05.0504 1408 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:19:05.0519 1408 KeyIso - ok
11:19:05.0535 1408 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:19:05.0551 1408 KSecDD - ok
11:19:05.0551 1408 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:19:05.0566 1408 KSecPkg - ok
11:19:05.0582 1408 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:19:05.0629 1408 ksthunk - ok
11:19:05.0660 1408 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:19:05.0707 1408 KtmRm - ok
11:19:05.0753 1408 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:19:05.0800 1408 LanmanServer - ok
11:19:05.0816 1408 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:19:05.0863 1408 LanmanWorkstation - ok
11:19:05.0878 1408 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:19:05.0941 1408 lltdio - ok
11:19:05.0972 1408 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:19:06.0034 1408 lltdsvc - ok
11:19:06.0050 1408 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:19:06.0081 1408 lmhosts - ok
11:19:06.0143 1408 LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
11:19:06.0159 1408 LMIGuardianSvc - ok
11:19:06.0190 1408 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
11:19:06.0190 1408 LMIInfo - ok
11:19:06.0221 1408 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
11:19:06.0237 1408 LMIMaint - ok
11:19:06.0237 1408 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
11:19:06.0253 1408 lmimirr - ok
11:19:06.0253 1408 LMIRfsClientNP - ok
11:19:06.0268 1408 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
11:19:06.0284 1408 LMIRfsDriver - ok
11:19:06.0315 1408 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
11:19:06.0331 1408 LogMeIn - ok
11:19:06.0346 1408 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:19:06.0362 1408 LSI_FC - ok
11:19:06.0362 1408 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:19:06.0377 1408 LSI_SAS - ok
11:19:06.0393 1408 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:19:06.0409 1408 LSI_SAS2 - ok
11:19:06.0409 1408 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:19:06.0424 1408 LSI_SCSI - ok
11:19:06.0440 1408 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:19:06.0487 1408 luafv - ok
11:19:06.0502 1408 mbamchameleon (08aa34bc5f95f4fdd58dd7528a9c63cc) C:\Windows\system32\drivers\mbamchameleon.sys
11:19:06.0518 1408 mbamchameleon - ok
11:19:06.0533 1408 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:19:06.0549 1408 Mcx2Svc - ok
11:19:06.0565 1408 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:19:06.0580 1408 megasas - ok
11:19:06.0580 1408 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:19:06.0611 1408 MegaSR - ok
11:19:06.0658 1408 Microsoft SharePoint Workspace Audit Service - ok
11:19:06.0689 1408 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:19:06.0736 1408 MMCSS - ok
11:19:06.0736 1408 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:19:06.0783 1408 Modem - ok
11:19:06.0814 1408 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:19:06.0845 1408 monitor - ok
11:19:06.0877 1408 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:19:06.0892 1408 mouclass - ok
11:19:06.0908 1408 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:19:06.0939 1408 mouhid - ok
11:19:06.0955 1408 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:19:06.0970 1408 mountmgr - ok
11:19:07.0033 1408 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
11:19:07.0048 1408 MpFilter - ok
11:19:07.0079 1408 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:19:07.0095 1408 mpio - ok
11:19:07.0095 1408 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:19:07.0126 1408 mpsdrv - ok
11:19:07.0204 1408 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:19:07.0251 1408 MpsSvc - ok
11:19:07.0267 1408 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:19:07.0298 1408 MRxDAV - ok
11:19:07.0313 1408 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:19:07.0360 1408 mrxsmb - ok
11:19:07.0391 1408 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:19:07.0423 1408 mrxsmb10 - ok
11:19:07.0438 1408 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:19:07.0438 1408 mrxsmb20 - ok
11:19:07.0469 1408 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:19:07.0485 1408 msahci - ok
11:19:07.0501 1408 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:19:07.0516 1408 msdsm - ok
11:19:07.0547 1408 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:19:07.0563 1408 MSDTC - ok
11:19:07.0594 1408 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:19:07.0625 1408 Msfs - ok
11:19:07.0657 1408 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:19:07.0688 1408 mshidkmdf - ok
11:19:07.0703 1408 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:19:07.0703 1408 msisadrv - ok
11:19:07.0719 1408 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:19:07.0766 1408 MSiSCSI - ok
11:19:07.0766 1408 msiserver - ok
11:19:07.0797 1408 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:19:07.0828 1408 MSKSSRV - ok
11:19:07.0828 1408 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:19:07.0875 1408 MSPCLOCK - ok
11:19:07.0891 1408 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:19:07.0922 1408 MSPQM - ok
11:19:07.0953 1408 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:19:07.0969 1408 MsRPC - ok
11:19:08.0000 1408 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:19:08.0015 1408 mssmbios - ok
11:19:08.0015 1408 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:19:08.0062 1408 MSTEE - ok
11:19:08.0062 1408 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:19:08.0078 1408 MTConfig - ok
11:19:08.0093 1408 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:19:08.0109 1408 Mup - ok
11:19:08.0140 1408 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:19:08.0203 1408 napagent - ok
11:19:08.0234 1408 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:19:08.0249 1408 NativeWifiP - ok
11:19:08.0281 1408 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:19:08.0312 1408 NDIS - ok
11:19:08.0312 1408 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:19:08.0359 1408 NdisCap - ok
11:19:08.0359 1408 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:19:08.0405 1408 NdisTapi - ok
11:19:08.0421 1408 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:19:08.0468 1408 Ndisuio - ok
11:19:08.0499 1408 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:19:08.0546 1408 NdisWan - ok
11:19:08.0577 1408 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:19:08.0624 1408 NDProxy - ok
11:19:08.0655 1408 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:19:08.0702 1408 NetBIOS - ok
11:19:08.0733 1408 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:19:08.0780 1408 NetBT - ok
11:19:08.0795 1408 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:19:08.0811 1408 Netlogon - ok
11:19:08.0842 1408 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:19:08.0905 1408 Netman - ok
11:19:08.0920 1408 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:19:08.0967 1408 netprofm - ok
11:19:09.0014 1408 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:19:09.0029 1408 NetTcpPortSharing - ok
11:19:09.0061 1408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:19:09.0061 1408 nfrd960 - ok
11:19:09.0107 1408 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:19:09.0123 1408 NisDrv - ok
11:19:09.0170 1408 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
11:19:09.0185 1408 NisSrv - ok
11:19:09.0232 1408 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:19:09.0279 1408 NlaSvc - ok
11:19:09.0310 1408 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:19:09.0341 1408 Npfs - ok
11:19:09.0357 1408 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:19:09.0404 1408 nsi - ok
11:19:09.0404 1408 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:19:09.0451 1408 nsiproxy - ok
11:19:09.0529 1408 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:19:09.0575 1408 Ntfs - ok
11:19:09.0653 1408 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:19:09.0685 1408 Null - ok
11:19:09.0731 1408 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:19:09.0731 1408 nvraid - ok
11:19:09.0747 1408 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:19:09.0763 1408 nvstor - ok
11:19:09.0794 1408 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:19:09.0809 1408 nv_agp - ok
11:19:09.0841 1408 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:19:09.0872 1408 ohci1394 - ok
11:19:09.0919 1408 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:19:09.0934 1408 ose - ok
11:19:10.0075 1408 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:19:10.0199 1408 osppsvc - ok
11:19:10.0277 1408 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:19:10.0309 1408 p2pimsvc - ok
11:19:10.0324 1408 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:19:10.0340 1408 p2psvc - ok
11:19:10.0371 1408 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:19:10.0387 1408 Parport - ok
11:19:10.0418 1408 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:19:10.0433 1408 partmgr - ok
11:19:10.0449 1408 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:19:10.0465 1408 PcaSvc - ok
11:19:10.0496 1408 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:19:10.0511 1408 pci - ok
11:19:10.0527 1408 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:19:10.0543 1408 pciide - ok
11:19:10.0558 1408 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:19:10.0574 1408 pcmcia - ok
11:19:10.0589 1408 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:19:10.0605 1408 pcw - ok
11:19:10.0621 1408 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:19:10.0667 1408 PEAUTH - ok
11:19:10.0714 1408 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:19:10.0777 1408 PeerDistSvc - ok
11:19:10.0808 1408 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:19:10.0839 1408 PerfHost - ok
11:19:10.0933 1408 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:19:10.0979 1408 pla - ok
11:19:11.0026 1408 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:19:11.0057 1408 PlugPlay - ok
11:19:11.0073 1408 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:19:11.0104 1408 PNRPAutoReg - ok
11:19:11.0120 1408 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:19:11.0135 1408 PNRPsvc - ok
11:19:11.0182 1408 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
11:19:11.0198 1408 Point64 - ok
11:19:11.0229 1408 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:19:11.0291 1408 PolicyAgent - ok
11:19:11.0307 1408 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:19:11.0354 1408 Power - ok
11:19:11.0401 1408 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:19:11.0432 1408 PptpMiniport - ok
11:19:11.0447 1408 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:19:11.0463 1408 Processor - ok
11:19:11.0494 1408 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:19:11.0541 1408 ProfSvc - ok
11:19:11.0572 1408 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:19:11.0572 1408 ProtectedStorage - ok
11:19:11.0603 1408 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:19:11.0650 1408 Psched - ok
11:19:11.0728 1408 QBCFMonitorService (ee46f431b25c14778d2e89d6f10f1d65) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
11:19:11.0744 1408 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
11:19:11.0744 1408 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
11:19:11.0775 1408 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
11:19:11.0791 1408 QBFCService ( UnsignedFile.Multi.Generic ) - warning
11:19:11.0791 1408 QBFCService - detected UnsignedFile.Multi.Generic (1)
11:19:11.0837 1408 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:19:11.0884 1408 ql2300 - ok
11:19:11.0947 1408 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:19:11.0962 1408 ql40xx - ok
11:19:11.0993 1408 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:19:12.0009 1408 QWAVE - ok
11:19:12.0025 1408 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:19:12.0056 1408 QWAVEdrv - ok
11:19:12.0056 1408 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:19:12.0103 1408 RasAcd - ok
11:19:12.0134 1408 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:19:12.0165 1408 RasAgileVpn - ok
11:19:12.0181 1408 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:19:12.0212 1408 RasAuto - ok
11:19:12.0243 1408 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:19:12.0290 1408 Rasl2tp - ok
11:19:12.0305 1408 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:19:12.0337 1408 RasMan - ok
11:19:12.0368 1408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:19:12.0399 1408 RasPppoe - ok
11:19:12.0415 1408 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:19:12.0446 1408 RasSstp - ok
11:19:12.0477 1408 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:19:12.0508 1408 rdbss - ok
11:19:12.0524 1408 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:19:12.0539 1408 rdpbus - ok
11:19:12.0555 1408 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:19:12.0586 1408 RDPCDD - ok
11:19:12.0617 1408 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:19:12.0649 1408 RDPDR - ok
11:19:12.0664 1408 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:19:12.0711 1408 RDPENCDD - ok
11:19:12.0742 1408 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:19:12.0773 1408 RDPREFMP - ok
11:19:12.0805 1408 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:19:12.0836 1408 RDPWD - ok
11:19:12.0867 1408 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:19:12.0883 1408 rdyboost - ok
11:19:12.0898 1408 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:19:12.0945 1408 RemoteAccess - ok
11:19:12.0976 1408 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:19:13.0023 1408 RemoteRegistry - ok
11:19:13.0023 1408 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:19:13.0070 1408 RpcEptMapper - ok
11:19:13.0101 1408 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:19:13.0132 1408 RpcLocator - ok
11:19:13.0163 1408 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
11:19:13.0195 1408 RpcSs - ok
11:19:13.0226 1408 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:19:13.0257 1408 rspndr - ok
11:19:13.0288 1408 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:19:13.0304 1408 s3cap - ok
11:19:13.0319 1408 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:19:13.0335 1408 SamSs - ok
11:19:13.0366 1408 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:19:13.0366 1408 sbp2port - ok
11:19:13.0413 1408 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:19:13.0444 1408 SCardSvr - ok
11:19:13.0460 1408 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:19:13.0507 1408 scfilter - ok
11:19:13.0553 1408 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:19:13.0631 1408 Schedule - ok
11:19:13.0663 1408 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:19:13.0694 1408 SCPolicySvc - ok
11:19:13.0694 1408 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:19:13.0741 1408 SDRSVC - ok
11:19:13.0787 1408 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:19:13.0834 1408 secdrv - ok
11:19:13.0850 1408 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:19:13.0897 1408 seclogon - ok
11:19:13.0912 1408 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:19:13.0959 1408 SENS - ok
11:19:13.0975 1408 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:19:14.0006 1408 SensrSvc - ok
11:19:14.0021 1408 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:19:14.0037 1408 Serenum - ok
11:19:14.0068 1408 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:19:14.0084 1408 Serial - ok
11:19:14.0115 1408 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:19:14.0131 1408 sermouse - ok
11:19:14.0162 1408 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:19:14.0209 1408 SessionEnv - ok
11:19:14.0240 1408 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:19:14.0271 1408 sffdisk - ok
11:19:14.0287 1408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:19:14.0302 1408 sffp_mmc - ok
11:19:14.0318 1408 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:19:14.0349 1408 sffp_sd - ok
11:19:14.0349 1408 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:19:14.0365 1408 sfloppy - ok
11:19:14.0411 1408 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:19:14.0458 1408 SharedAccess - ok
11:19:14.0489 1408 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:19:14.0536 1408 ShellHWDetection - ok
11:19:14.0552 1408 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:19:14.0567 1408 SiSRaid2 - ok
11:19:14.0567 1408 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:19:14.0583 1408 SiSRaid4 - ok
11:19:14.0599 1408 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:19:14.0645 1408 Smb - ok
11:19:14.0677 1408 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:19:14.0708 1408 SNMPTRAP - ok
11:19:14.0708 1408 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:19:14.0723 1408 spldr - ok
11:19:14.0770 1408 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:19:14.0801 1408 Spooler - ok
11:19:14.0911 1408 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:19:15.0020 1408 sppsvc - ok
11:19:15.0098 1408 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:19:15.0145 1408 sppuinotify - ok
11:19:15.0176 1408 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:19:15.0223 1408 srv - ok
11:19:15.0254 1408 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:19:15.0285 1408 srv2 - ok
11:19:15.0301 1408 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:19:15.0332 1408 srvnet - ok
11:19:15.0347 1408 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:19:15.0394 1408 SSDPSRV - ok
11:19:15.0425 1408 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:19:15.0457 1408 SstpSvc - ok
11:19:15.0472 1408 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:19:15.0488 1408 stexstor - ok
11:19:15.0503 1408 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
11:19:15.0519 1408 StillCam - ok
11:19:15.0566 1408 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:19:15.0597 1408 stisvc - ok
11:19:15.0628 1408 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:19:15.0644 1408 storflt - ok
11:19:15.0659 1408 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
11:19:15.0691 1408 StorSvc - ok
11:19:15.0722 1408 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:19:15.0737 1408 storvsc - ok
11:19:15.0753 1408 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:19:15.0769 1408 swenum - ok
11:19:15.0925 1408 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:19:15.0987 1408 swprv - ok
11:19:16.0049 1408 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:19:16.0112 1408 SysMain - ok
11:19:16.0190 1408 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:19:16.0205 1408 TabletInputService - ok
11:19:16.0221 1408 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:19:16.0268 1408 TapiSrv - ok
11:19:16.0283 1408 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:19:16.0330 1408 TBS - ok
11:19:16.0408 1408 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:19:16.0471 1408 Tcpip - ok
11:19:16.0549 1408 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:19:16.0580 1408 TCPIP6 - ok
11:19:16.0642 1408 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:19:16.0673 1408 tcpipreg - ok
11:19:16.0689 1408 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:19:16.0720 1408 TDPIPE - ok
11:19:16.0767 1408 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:19:16.0783 1408 TDTCP - ok
11:19:16.0814 1408 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:19:16.0845 1408 tdx - ok
11:19:16.0876 1408 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:19:16.0892 1408 TermDD - ok
11:19:16.0923 1408 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:19:16.0985 1408 TermService - ok
11:19:17.0017 1408 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:19:17.0048 1408 Themes - ok
11:19:17.0079 1408 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:19:17.0110 1408 THREADORDER - ok
11:19:17.0110 1408 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:19:17.0157 1408 TrkWks - ok
11:19:17.0188 1408 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:19:17.0219 1408 TrustedInstaller - ok
11:19:17.0251 1408 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:19:17.0297 1408 tssecsrv - ok
11:19:17.0329 1408 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:19:17.0360 1408 TsUsbFlt - ok
11:19:17.0391 1408 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:19:17.0438 1408 tunnel - ok
11:19:17.0453 1408 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:19:17.0469 1408 uagp35 - ok
11:19:17.0500 1408 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:19:17.0547 1408 udfs - ok
11:19:17.0563 1408 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:19:17.0578 1408 UI0Detect - ok
11:19:17.0609 1408 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:19:17.0609 1408 uliagpkx - ok
11:19:17.0641 1408 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:19:17.0672 1408 umbus - ok
11:19:17.0672 1408 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:19:17.0687 1408 UmPass - ok
11:19:17.0719 1408 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
11:19:17.0734 1408 UmRdpService - ok
11:19:17.0750 1408 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:19:17.0797 1408 upnphost - ok
11:19:17.0828 1408 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
11:19:17.0859 1408 usbccgp - ok
11:19:17.0890 1408 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:19:17.0921 1408 usbcir - ok
11:19:17.0937 1408 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:19:17.0953 1408 usbehci - ok
11:19:17.0984 1408 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:19:18.0015 1408 usbhub - ok
11:19:18.0062 1408 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:19:18.0077 1408 usbohci - ok
11:19:18.0093 1408 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:19:18.0124 1408 usbprint - ok
11:19:18.0124 1408 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:19:18.0171 1408 USBSTOR - ok
11:19:18.0202 1408 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:19:18.0218 1408 usbuhci - ok
11:19:18.0249 1408 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:19:18.0280 1408 UxSms - ok
11:19:18.0311 1408 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:19:18.0327 1408 VaultSvc - ok
11:19:18.0343 1408 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:19:18.0343 1408 vdrvroot - ok
11:19:18.0389 1408 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:19:18.0436 1408 vds - ok
11:19:18.0467 1408 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:19:18.0483 1408 vga - ok
11:19:18.0499 1408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:19:18.0545 1408 VgaSave - ok
11:19:18.0561 1408 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:19:18.0577 1408 vhdmp - ok
11:19:18.0608 1408 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:19:18.0623 1408 viaide - ok
11:19:18.0655 1408 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:19:18.0670 1408 vmbus - ok
11:19:18.0701 1408 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:19:18.0717 1408 VMBusHID - ok
11:19:18.0733 1408 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:19:18.0748 1408 volmgr - ok
11:19:18.0779 1408 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:19:18.0795 1408 volmgrx - ok
11:19:18.0842 1408 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:19:18.0857 1408 volsnap - ok
11:19:18.0904 1408 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
11:19:18.0904 1408 vpcbus - ok
11:19:18.0951 1408 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
11:19:18.0982 1408 vpcnfltr - ok
11:19:18.0998 1408 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
11:19:19.0029 1408 vpcusb - ok
11:19:19.0045 1408 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
11:19:19.0060 1408 vpcvmm - ok
11:19:19.0076 1408 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:19:19.0091 1408 vsmraid - ok
11:19:19.0138 1408 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:19:19.0216 1408 VSS - ok
11:19:19.0279 1408 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:19:19.0294 1408 vwifibus - ok
11:19:19.0325 1408 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:19:19.0357 1408 W32Time - ok
11:19:19.0372 1408 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:19:19.0403 1408 WacomPen - ok
11:19:19.0435 1408 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:19:19.0481 1408 WANARP - ok
11:19:19.0481 1408 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:19:19.0513 1408 Wanarpv6 - ok
11:19:19.0575 1408 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:19:19.0622 1408 WatAdminSvc - ok
11:19:19.0684 1408 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:19:19.0747 1408 wbengine - ok
11:19:19.0825 1408 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:19:19.0840 1408 WbioSrvc - ok
11:19:19.0871 1408 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:19:19.0903 1408 wcncsvc - ok
11:19:19.0918 1408 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:19:19.0949 1408 WcsPlugInService - ok
11:19:19.0981 1408 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:19:19.0981 1408 Wd - ok
11:19:20.0012 1408 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:19:20.0027 1408 Wdf01000 - ok
11:19:20.0043 1408 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:19:20.0121 1408 WdiServiceHost - ok
11:19:20.0121 1408 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:19:20.0137 1408 WdiSystemHost - ok
11:19:20.0183 1408 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:19:20.0215 1408 WebClient - ok
11:19:20.0230 1408 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:19:20.0277 1408 Wecsvc - ok
11:19:20.0293 1408 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:19:20.0339 1408 wercplsupport - ok
11:19:20.0355 1408 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:19:20.0402 1408 WerSvc - ok
11:19:20.0449 1408 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:19:20.0480 1408 WfpLwf - ok
11:19:20.0495 1408 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:19:20.0511 1408 WIMMount - ok
11:19:20.0527 1408 WinDefend - ok
11:19:20.0527 1408 WinHttpAutoProxySvc - ok
11:19:20.0589 1408 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:19:20.0636 1408 Winmgmt - ok
11:19:20.0698 1408 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:19:20.0792 1408 WinRM - ok
11:19:20.0979 1408 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:19:21.0010 1408 Wlansvc - ok
11:19:21.0119 1408 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:19:21.0182 1408 wlidsvc - ok
11:19:21.0244 1408 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:19:21.0260 1408 WmiAcpi - ok
11:19:21.0322 1408 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:19:21.0353 1408 wmiApSrv - ok
11:19:21.0369 1408 WMPNetworkSvc - ok
11:19:21.0385 1408 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:19:21.0416 1408 WPCSvc - ok
11:19:21.0447 1408 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:19:21.0463 1408 WPDBusEnum - ok
11:19:21.0494 1408 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:19:21.0525 1408 ws2ifsl - ok
11:19:21.0541 1408 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:19:21.0572 1408 wscsvc - ok
11:19:21.0572 1408 WSearch - ok
11:19:21.0650 1408 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:19:21.0759 1408 wuauserv - ok
11:19:21.0837 1408 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:19:21.0868 1408 WudfPf - ok
11:19:21.0899 1408 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:19:21.0946 1408 WUDFRd - ok
11:19:21.0962 1408 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:19:21.0993 1408 wudfsvc - ok
11:19:22.0024 1408 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:19:22.0055 1408 WwanSvc - ok
11:19:22.0071 1408 XnetSrvc (65ce22c63a0b3c9f2577e4fac44d08da) C:\Windows\system32\xnetsrvc.exe
11:19:22.0087 1408 XnetSrvc - ok
11:19:22.0102 1408 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
11:19:22.0305 1408 \Device\Harddisk0\DR0 - ok
11:19:22.0305 1408 Boot (0x1200) (e02464838de4413330e5d67477b75192) \Device\Harddisk0\DR0\Partition0
11:19:22.0305 1408 \Device\Harddisk0\DR0\Partition0 - ok
11:19:22.0336 1408 Boot (0x1200) (350844d92513917d742870d3bf272813) \Device\Harddisk0\DR0\Partition1
11:19:22.0336 1408 \Device\Harddisk0\DR0\Partition1 - ok
11:19:22.0336 1408 ============================================================
11:19:22.0336 1408 Scan finished
11:19:22.0336 1408 ============================================================
11:19:22.0352 1228 Detected object count: 2
11:19:22.0352 1228 Actual detected object count: 2
11:19:50.0120 1228 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:50.0120 1228 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:50.0120 1228 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:50.0120 1228 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:21:30.0022 2780 Deinitialize success
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-21 11:22:03
-----------------------------
11:22:03.562 OS Version: Windows x64 6.1.7601 Service Pack 1
11:22:03.562 Number of processors: 4 586 0x170A
11:22:03.562 ComputerName: DIANE UserName: Diane
11:22:04.982 Initialize success
11:22:58.350 AVAST engine defs: 12062100
11:23:03.451 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:23:03.451 Disk 0 Vendor: ST3320418AS CC45 Size: 305245MB BusType: 3
11:23:03.482 Disk 0 MBR read successfully
11:23:03.482 Disk 0 MBR scan
11:23:03.482 Disk 0 Windows VISTA default MBR code
11:23:03.482 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:23:03.498 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12890 MB offset 81920
11:23:03.513 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 292305 MB offset 26480640
11:23:03.529 Disk 0 scanning C:\Windows\system32\drivers
11:23:13.154 Service scanning
11:23:30.002 Modules scanning
11:23:30.002 Disk 0 trace - called modules:
11:23:30.018 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
11:23:30.018 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d84060]
11:23:30.033 3 CLASSPNP.SYS[fffff880021bc43f] -> nt!IofCallDriver -> [0xfffffa8004672d10]
11:23:30.033 5 ACPI.sys[fffff880017ab7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004687060]
11:23:30.704 AVAST engine scan C:\Windows
11:23:32.529 AVAST engine scan C:\Windows\system32
11:26:05.784 AVAST engine scan C:\Windows\system32\drivers
11:26:17.063 AVAST engine scan C:\Users\Diane
11:27:26.436 AVAST engine scan C:\ProgramData
11:27:52.675 Scan finished successfully
11:28:28.852 Disk 0 MBR has been saved successfully to "C:\Users\Diane\Desktop\MBR.dat"
11:28:28.852 The log file has been saved successfully to "C:\Users\Diane\Desktop\aswMBR.txt"
OTL logfile created on: 6/21/2012 11:31:11 AM - Run 2
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Diane\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.97 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.88% Memory free
7.93 Gb Paging File | 6.77 Gb Available in Paging File | 85.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.45 Gb Total Space | 234.52 Gb Free Space | 82.16% Space Free | Partition Type: NTFS
Drive Z: | 454.02 Gb Total Space | 432.68 Gb Free Space | 95.30% Space Free | Partition Type: NTFS
Computer Name: DIANE | User Name: Diane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/21 11:29:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Diane\Desktop\OTL(1).exe
PRC - [2012/02/04 09:52:02 | 001,155,432 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/02/04 08:40:44 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/11/19 17:15:54 | 000,201,984 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysNative\xnetsrvc.exe -- (XnetSrvc)
SRV:64bit: - [2009/08/17 17:40:54 | 000,117,568 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/31 18:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2012/06/19 14:01:01 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/21 09:23:57 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/05/21 09:23:37 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/02/04 08:40:44 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/12/08 10:41:47 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/06/19 16:06:16 | 000,033,096 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2012/05/21 09:23:37 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/31 11:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/05/31 11:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2009/08/21 16:50:48 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/05/31 11:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C27266D7-DA1B-4B4B-BC98-A24B51456743}
IE:64bit: - HKLM\..\SearchScopes\{C27266D7-DA1B-4B4B-BC98-A24B51456743}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A96AC96-50C9-4704-B685-51D6BBD14FE5}
IE - HKLM\..\SearchScopes\{6A96AC96-50C9-4704-B685-51D6BBD14FE5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..\SearchScopes,DefaultScope = {65FDC139-AD4C-4F14-A475-D38B478ADAC0}
IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..\SearchScopes\{65FDC139-AD4C-4F14-A475-D38B478ADAC0}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/15 11:34:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/15 11:34:43 | 000,000,000 | ---D | M]
[2010/09/21 10:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diane\AppData\Roaming\Mozilla\Extensions
[2010/09/21 10:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diane\AppData\Roaming\Mozilla\Firefox\Profiles\ttmjef0z.default\extensions
[2012/05/15 12:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/15 12:07:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
O1 HOSTS File: ([2012/06/20 12:46:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XeroxMercuryBackgroundTask] C:\Windows\SysNative\x856Mbgnd.exe ()
O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_47808157.lnk = C:\Users\Diane\AppData\Local\Temp\_uninst_47808157.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..Trusted Domains: bankofamerica.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..Trusted Domains: bankofamerica.com ([cashproonline] https in Trusted sites)
O15 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..Trusted Domains: bankofamerica.com ([cashproonlineca] * in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.226 68.87.73.242
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31120606-A45E-49C5-A557-DAEC54016CD2}: DhcpNameServer = 68.87.71.226 68.87.73.242
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/21 11:30:35 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Diane\Desktop\OTL(1).exe
[2012/06/21 11:21:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Diane\Desktop\aswMBR.exe
[2012/06/21 09:34:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/21 08:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/20 15:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/20 13:06:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/20 12:09:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/20 12:09:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/20 12:09:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/20 12:07:54 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/20 12:07:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/20 12:06:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/20 12:02:53 | 004,563,504 | R--- | C] (Swearware) -- C:\Users\Diane\Desktop\ComboFix.exe
[2012/06/20 10:44:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/20 08:46:12 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Diane\Desktop\tdsskiller.exe
[2012/06/19 16:36:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Diane\Desktop\dds.com
[2012/06/19 14:10:16 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/19 14:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E85889000153270000620DB4EB2331
[2012/05/29 09:46:49 | 000,000,000 | ---D | C] -- C:\Users\Diane\Documents\HR
========== Files - Modified Within 30 Days ==========
[2012/06/21 11:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/21 11:29:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Diane\Desktop\OTL(1).exe
[2012/06/21 11:28:28 | 000,000,512 | ---- | M] () -- C:\Users\Diane\Desktop\MBR.dat
[2012/06/21 11:20:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Diane\Desktop\aswMBR.exe
[2012/06/21 11:17:54 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Diane\Desktop\tdsskiller.exe
[2012/06/21 09:45:35 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 09:45:35 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 09:45:00 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/21 09:45:00 | 000,630,806 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/21 09:45:00 | 000,109,012 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/21 09:40:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/21 09:40:00 | 3193,544,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/21 09:21:11 | 000,189,952 | ---- | M] () -- C:\Users\Diane\0.6109149139324841.exe
[2012/06/21 08:45:33 | 000,001,007 | ---- | M] () -- C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_47808157.lnk
[2012/06/21 08:41:46 | 137,525,896 | ---- | M] () -- C:\Users\Diane\Desktop\setup_11.0.0.1245.x01_2012_06_19_21_12.exe
[2012/06/20 12:46:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/20 12:02:44 | 004,563,504 | R--- | M] (Swearware) -- C:\Users\Diane\Desktop\ComboFix.exe
[2012/06/19 16:35:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Diane\Desktop\dds.com
[2012/06/19 16:06:16 | 000,033,096 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/06/19 11:21:37 | 000,000,586 | ---- | M] () -- C:\Users\Diane\Desktop\Batchbc78f.iif
[2012/06/14 03:27:11 | 000,431,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/05 11:56:22 | 000,000,338 | ---- | M] () -- C:\Users\Diane\Desktop\Batch3587b.iif
[2012/05/29 13:39:10 | 000,082,618 | ---- | M] () -- C:\Users\Diane\Desktop\AllianceSphere.pdf
[2012/05/29 13:36:13 | 003,833,856 | ---- | M] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf300.dll
[2012/05/29 13:32:25 | 006,642,728 | ---- | M] () -- C:\Users\Diane\Desktop\PDF_Utility.exe
[2012/05/29 13:23:26 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/05/29 12:22:54 | 001,635,059 | ---- | M] () -- C:\Users\Diane\Desktop\Amex May.pdf
[2012/05/29 11:04:00 | 000,000,417 | ---- | M] () -- C:\Users\Diane\Desktop\Batch97ba2.iif
[2012/05/22 12:46:02 | 005,571,836 | ---- | M] () -- C:\Users\Diane\Documents\Tag Fees.tif
========== Files Created - No Company Name ==========
[2012/06/21 11:28:28 | 000,000,512 | ---- | C] () -- C:\Users\Diane\Desktop\MBR.dat
[2012/06/21 09:21:11 | 000,189,952 | ---- | C] () -- C:\Users\Diane\0.6109149139324841.exe
[2012/06/21 08:45:33 | 000,001,007 | ---- | C] () -- C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_47808157.lnk
[2012/06/21 08:44:14 | 137,525,896 | ---- | C] () -- C:\Users\Diane\Desktop\setup_11.0.0.1245.x01_2012_06_19_21_12.exe
[2012/06/20 12:09:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/20 12:09:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/20 12:09:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/20 12:09:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/20 12:09:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/19 15:21:35 | 000,033,096 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/06/19 11:21:37 | 000,000,586 | ---- | C] () -- C:\Users\Diane\Desktop\Batchbc78f.iif
[2012/06/05 11:56:21 | 000,000,338 | ---- | C] () -- C:\Users\Diane\Desktop\Batch3587b.iif
[2012/05/29 13:39:09 | 000,082,618 | ---- | C] () -- C:\Users\Diane\Desktop\AllianceSphere.pdf
[2012/05/29 13:32:11 | 006,642,728 | ---- | C] () -- C:\Users\Diane\Desktop\PDF_Utility.exe
[2012/05/29 12:22:54 | 001,635,059 | ---- | C] () -- C:\Users\Diane\Desktop\Amex May.pdf
[2012/05/29 11:04:00 | 000,000,417 | ---- | C] () -- C:\Users\Diane\Desktop\Batch97ba2.iif
[2012/05/22 12:46:26 | 005,571,836 | ---- | C] () -- C:\Users\Diane\Documents\Tag Fees.tif
[2012/05/15 11:38:03 | 000,007,632 | ---- | C] () -- C:\Users\Diane\AppData\Local\Resmon.ResmonCfg
[2012/01/10 19:23:36 | 000,002,048 | -HS- | C] () -- C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\@
[2010/09/21 10:44:48 | 000,749,796 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/21 09:15:32 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/08/14 02:17:49 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/14 02:17:49 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/14 01:26:35 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/08/14 01:26:35 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/07/28 21:08:46 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/07/28 21:08:44 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/07/28 21:08:42 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
========== LOP Check ==========
[2010/09/21 11:04:37 | 000,000,000 | ---D | M] -- C:\Users\Diane\AppData\Roaming\Xerox
[2009/07/14 01:08:49 | 000,017,660 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
-
That took a while. Here's the log:
Status: Deleted (events: 5)
6/21/2012 9:27:40 AM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\06202012_104429\C_Users\Diane\AppData\Roaming\opops.dll High
6/21/2012 9:41:13 AM Deleted Trojan program Backdoor.Win64.ZAccess.bp C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\n High
6/21/2012 9:41:13 AM Deleted Trojan program Backdoor.Win32.ZAccess.mbg c:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\00000001.@ High
6/21/2012 9:41:13 AM Deleted Trojan program Backdoor.Win64.ZAccess.bm c:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\80000000.@ High
6/21/2012 9:41:13 AM Deleted Trojan program Backdoor.Win64.ZAccess.bn c:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\800000cb.@ High
Status: Disinfected (events: 7)
6/21/2012 9:33:18 AM Disinfected Trojan program Rootkit.Boot.SST.b \Device\Harddisk0\DR0 High
6/21/2012 9:49:29 AM Disinfected Trojan program Trojan-Spy.Win32.Zbot.csnm Outlook\dianel@strategic-alliances.com\Top of Outlook data file\Inbox\Art\[From:Art Canter][subject:FW: IRS Notification IRS: Penalty For The Failure To File Income Tax Returns ID: N57XC5FVBOSU5EQ6HV5IJ][Time:2011/12/12 12:19:25]/IRS-Penalty-Income-Tax-Warning-Notification-11824937492PWB4B.zip High
6/21/2012 9:49:29 AM Disinfected Trojan program Trojan-Spy.Win32.Zbot.csnm Outlook\dianel@strategic-alliances.com\Top of Outlook data file\Inbox\Art\[From:Art Canter][subject:FW: IRS Notification IRS: Penalty For The Failure To File Income Tax Returns ID: N57XC5FVBOSU5EQ6HV5IJ][Time:2011/12/12 12:19:25]/IRS-Penalty-Income-Tax-Warning-Notification-11824937492PWB4B.zip/IRS-Penalty-Income-Tax-Warning-Notification.exe High
6/21/2012 9:49:59 AM Disinfected Trojan program Backdoor.Win32.Bredolab.ude Outlook\dianel@strategic-alliances.com\Top of Outlook data file\Inbox\Art\[From:Art Canter][subject:FW: Deposit Posted][Time:2011/12/19 16:52:33]/USAA_Deposit_Details_122011_741400262.zip High
6/21/2012 9:49:59 AM Disinfected Trojan program Backdoor.Win32.Bredolab.ude Outlook\dianel@strategic-alliances.com\Top of Outlook data file\Inbox\Art\[From:Art Canter][subject:FW: Deposit Posted][Time:2011/12/19 16:52:33]/USAA_Deposit_Details_122011_741400262.zip/USAA_Deposit_Posted_Details_122012.exe High
6/21/2012 9:54:10 AM Disinfected Trojan program Trojan-Dropper.Win32.Injector.bsve Outlook\dianel@strategic-alliances.com\Top of Outlook data file\Inbox\Lori\[From:Lori Gold][subject:FW: ConEdison Billing Summary as of Jan 12][Time:2012/01/12 12:01:28]/Billing-Summary-ConEdison-4905927-Jan2012.zip High
6/21/2012 9:54:09 AM Disinfected Trojan program Trojan-Dropper.Win32.Injector.bsve Outlook\dianel@strategic-alliances.com\Top of Outlook data file\Inbox\Lori\[From:Lori Gold][subject:FW: ConEdison Billing Summary as of Jan 12][Time:2012/01/12 12:01:28]/Billing-Summary-ConEdison-4905927-Jan2012.zip/Your-Billing-Summary-Jan2012-ConEdison.exe High
-
I noticed stack overflow messages so I'm not sure if the system is totally clean yet. I won't be in the office to check it again for another 14 hours or so, but I'll give an update once I am!
-
Unfortunately, yes. That's all that was in the log.txt file. It looks like it didn't create a log file for post-scan, since the time stamp on this one is from 3:13, which is right around when I started the scan.
Should I run it again? -
Didn't take that long, thankfully! Here's the data from the log.txt file (it found and cleaned 6 files, is this log incomplete?):
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
-
Well, that took a little while! MBAM found nothing on this run, seems like a step in the right direction. Here are the logs:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.20.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Diane :: DIANE [administrator]
6/20/2012 11:59:27 AM
mbam-log-2012-06-20 (11-59-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204683
Time elapsed: 1 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
ComboFix 12-06-20.01 - Diane 06/20/2012 12:16:05.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4061.2695 [GMT -4:00]
Running from: c:\users\Diane\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))
.
.
2012-06-20 16:43 . 2012-06-20 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-20 14:44 . 2012-06-20 14:44 -------- d-----w- C:\_OTL
2012-06-19 19:21 . 2012-06-19 20:06 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-06-19 18:10 . 2012-06-19 18:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-19 18:00 . 2012-06-19 18:00 -------- d-----w- c:\programdata\B7E85889000153270000620DB4EB2331
2012-06-19 07:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B269F30A-E508-466C-9CBD-E007E1BD4CE5}\mpengine.dll
2012-06-18 07:37 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-13 11:12 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 11:12 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 11:12 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 11:12 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 11:12 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 11:12 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 11:12 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 15:02 . 2012-05-15 15:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 15:02 . 2012-05-15 15:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D39944F-0174-4BE6-8D93-293959193E7A}\gapaengine.dll
2012-05-22 14:26 . 2012-05-22 14:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-22 14:26 . 2012-05-22 14:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-22 14:11 . 2012-05-22 14:11 -------- d-----w- c:\windows\system32\appmgmt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 18:01 . 2012-04-10 15:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 18:01 . 2011-07-14 13:52 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-29 17:36 . 2010-12-14 15:59 3833856 ----a-w- c:\windows\SysWow64\cdintf300.dll
2012-05-21 13:23 . 2010-10-05 17:14 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-05-21 13:23 . 2010-10-05 17:14 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-21 13:23 . 2010-10-05 17:14 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-15 16:06 . 2012-05-15 16:06 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-15 16:06 . 2010-08-14 03:34 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 18:33 . 2012-04-10 15:33 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 11:35 . 2012-05-09 10:12 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-2-4 1155432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 257224]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 117568]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-21 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 XnetSrvc;XnetSrvc;c:\windows\system32\xnetsrvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 18:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-12 8114720]
"XeroxMercuryBackgroundTask"="c:\windows\system32\x856Mbgnd.exe" [2009-11-19 106752]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: bankofamerica.com
Trusted Zone: bankofamerica.com\cashproonline
Trusted Zone: bankofamerica.com\cashproonlineca
TCP: DhcpNameServer = 68.87.71.226 68.87.73.242
FF - ProfilePath - c:\users\Diane\AppData\Roaming\Mozilla\Firefox\Profiles\ttmjef0z.default\
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
**************************************************************************
.
Completion time: 2012-06-20 13:05:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-20 17:05
.
Pre-Run: 253,074,104,320 bytes free
Post-Run: 252,571,303,936 bytes free
.
- - End Of File - - 65E2544262F404B805209647A1C20EAE
-
Done. Here is the log:
All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-943651884-426696246-2160020666-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-943651884-426696246-2160020666-1001\Software\Microsoft\Windows\CurrentVersion\Run\\opops deleted successfully.
C:\Users\Diane\AppData\Roaming\opops.dll moved successfully.
C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum folder moved successfully.
File C:\Users\Diane\AppData\Roaming\opops.dll not found.
Folder C:\ProgramData\B7E85889000153270000620DB4EB2331\ not found.
C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\800000cb.@ moved successfully.
C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\80000000.@ moved successfully.
C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\00000001.@ moved successfully.
C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\@ moved successfully.
C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\@ moved successfully.
========== FILES ==========
C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U folder moved successfully.
C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\L folder moved successfully.
Folder move failed. C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954} scheduled to be moved on reboot.
C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\U folder moved successfully.
C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\L folder moved successfully.
C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Diane\Desktop\cmd.bat deleted successfully.
C:\Users\Diane\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Diane
->Temp folder emptied: 91735249 bytes
->Temporary Internet Files folder emptied: 42142822 bytes
->Java cache emptied: 143826 bytes
->Flash cache emptied: 75621 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 304619600 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 56968126 bytes
RecycleBin emptied: 30729808 bytes
Total Files Cleaned = 502.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.50.0 log created on 06202012_104429
Files\Folders moved on Reboot...
C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U folder moved successfully.
C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954} folder moved successfully.
C:\Users\Diane\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
-
Here are the OTL and Extras logs:
OTL logfile created on: 6/20/2012 10:11:23 AM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Diane\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.97 Gb Total Physical Memory | 2.82 Gb Available Physical Memory | 71.17% Memory free
7.93 Gb Paging File | 6.64 Gb Available in Paging File | 83.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.45 Gb Total Space | 235.82 Gb Free Space | 82.61% Space Free | Partition Type: NTFS
Computer Name: DIANE | User Name: Diane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/20 10:06:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Diane\Desktop\OTL.exe
PRC - [2012/02/04 09:52:02 | 001,155,432 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/02/04 08:40:44 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/11/19 17:15:54 | 000,201,984 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysNative\xnetsrvc.exe -- (XnetSrvc)
SRV:64bit: - [2009/08/17 17:40:54 | 000,117,568 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/31 18:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2012/06/19 14:01:01 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/21 09:23:57 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/05/21 09:23:37 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/02/04 08:40:44 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/12/08 10:41:47 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/06/19 16:06:16 | 000,033,096 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2012/05/21 09:23:37 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/31 11:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/05/31 11:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2009/08/21 16:50:48 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/05/31 11:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C27266D7-DA1B-4B4B-BC98-A24B51456743}
IE:64bit: - HKLM\..\SearchScopes\{C27266D7-DA1B-4B4B-BC98-A24B51456743}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A96AC96-50C9-4704-B685-51D6BBD14FE5}
IE - HKLM\..\SearchScopes\{6A96AC96-50C9-4704-B685-51D6BBD14FE5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..\SearchScopes,DefaultScope = {65FDC139-AD4C-4F14-A475-D38B478ADAC0}
IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..\SearchScopes\{65FDC139-AD4C-4F14-A475-D38B478ADAC0}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/15 11:34:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/15 11:34:43 | 000,000,000 | ---D | M]
[2010/09/21 10:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diane\AppData\Roaming\Mozilla\Extensions
[2010/09/21 10:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diane\AppData\Roaming\Mozilla\Firefox\Profiles\ttmjef0z.default\extensions
[2012/05/15 12:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/15 12:07:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XeroxMercuryBackgroundTask] C:\Windows\SysNative\x856Mbgnd.exe ()
O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-943651884-426696246-2160020666-1001..\Run: [opops] C:\Users\Diane\AppData\Roaming\opops.dll (Duplex Secure Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..Trusted Domains: bankofamerica.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..Trusted Domains: bankofamerica.com ([cashproonline] https in Trusted sites)
O15 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..Trusted Domains: bankofamerica.com ([cashproonlineca] * in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.226 68.87.73.242
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31120606-A45E-49C5-A557-DAEC54016CD2}: DhcpNameServer = 68.87.71.226 68.87.73.242
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/20 10:10:25 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Diane\Desktop\OTL.exe
[2012/06/19 16:36:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Diane\Desktop\dds.com
[2012/06/19 16:24:15 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Diane\Desktop\tdsskiller.exe
[2012/06/19 14:10:16 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/19 14:04:41 | 000,000,000 | ---D | C] -- C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012/06/19 14:00:40 | 000,123,904 | -HS- | C] (Duplex Secure Ltd.) -- C:\Users\Diane\AppData\Roaming\opops.dll
[2012/06/19 14:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E85889000153270000620DB4EB2331
[2012/05/29 09:46:49 | 000,000,000 | ---D | C] -- C:\Users\Diane\Documents\HR
[2012/05/22 10:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/22 10:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/22 10:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/22 10:11:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
========== Files - Modified Within 30 Days ==========
[2012/06/20 10:14:13 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/20 10:14:13 | 000,630,806 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/20 10:14:13 | 000,109,012 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/20 10:08:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/20 10:08:26 | 3193,544,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/20 10:06:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Diane\Desktop\OTL.exe
[2012/06/20 09:05:13 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 09:05:13 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/19 16:35:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Diane\Desktop\dds.com
[2012/06/19 16:33:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/19 16:18:11 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Diane\Desktop\tdsskiller.exe
[2012/06/19 16:06:16 | 000,033,096 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/06/19 14:00:27 | 000,123,904 | -HS- | M] (Duplex Secure Ltd.) -- C:\Users\Diane\AppData\Roaming\opops.dll
[2012/06/19 11:21:37 | 000,000,586 | ---- | M] () -- C:\Users\Diane\Desktop\Batchbc78f.iif
[2012/06/14 03:27:11 | 000,431,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/05 11:56:22 | 000,000,338 | ---- | M] () -- C:\Users\Diane\Desktop\Batch3587b.iif
[2012/05/29 13:39:10 | 000,082,618 | ---- | M] () -- C:\Users\Diane\Desktop\AllianceSphere.pdf
[2012/05/29 13:36:13 | 003,833,856 | ---- | M] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf300.dll
[2012/05/29 13:32:25 | 006,642,728 | ---- | M] () -- C:\Users\Diane\Desktop\PDF_Utility.exe
[2012/05/29 13:23:26 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/05/29 12:22:54 | 001,635,059 | ---- | M] () -- C:\Users\Diane\Desktop\Amex May.pdf
[2012/05/29 11:04:00 | 000,000,417 | ---- | M] () -- C:\Users\Diane\Desktop\Batch97ba2.iif
[2012/05/22 12:46:02 | 005,571,836 | ---- | M] () -- C:\Users\Diane\Documents\Tag Fees.tif
[2012/05/22 11:22:04 | 002,785,958 | ---- | M] () -- C:\Users\Diane\Documents\ASAP CC Authorization.tif
[2012/05/22 10:50:01 | 000,001,290 | ---- | M] () -- C:\Users\Diane\Desktop\Spybot - Search & Destroy.lnk
[2012/05/22 09:10:05 | 000,000,782 | ---- | M] () -- C:\Users\Diane\Desktop\Batchf51f4.iif
[2012/05/21 14:28:18 | 002,785,958 | ---- | M] () -- C:\Users\Diane\Desktop\Molly Form.tif
========== Files Created - No Company Name ==========
[2012/06/20 08:57:23 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\800000cb.@
[2012/06/19 15:21:35 | 000,033,096 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/06/19 14:01:07 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\80000000.@
[2012/06/19 14:01:07 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\00000001.@
[2012/06/19 11:21:37 | 000,000,586 | ---- | C] () -- C:\Users\Diane\Desktop\Batchbc78f.iif
[2012/06/05 11:56:21 | 000,000,338 | ---- | C] () -- C:\Users\Diane\Desktop\Batch3587b.iif
[2012/05/29 13:39:09 | 000,082,618 | ---- | C] () -- C:\Users\Diane\Desktop\AllianceSphere.pdf
[2012/05/29 13:32:11 | 006,642,728 | ---- | C] () -- C:\Users\Diane\Desktop\PDF_Utility.exe
[2012/05/29 12:22:54 | 001,635,059 | ---- | C] () -- C:\Users\Diane\Desktop\Amex May.pdf
[2012/05/29 11:04:00 | 000,000,417 | ---- | C] () -- C:\Users\Diane\Desktop\Batch97ba2.iif
[2012/05/22 12:46:26 | 005,571,836 | ---- | C] () -- C:\Users\Diane\Documents\Tag Fees.tif
[2012/05/22 11:22:25 | 002,785,958 | ---- | C] () -- C:\Users\Diane\Documents\ASAP CC Authorization.tif
[2012/05/22 10:26:32 | 000,001,290 | ---- | C] () -- C:\Users\Diane\Desktop\Spybot - Search & Destroy.lnk
[2012/05/22 09:10:04 | 000,000,782 | ---- | C] () -- C:\Users\Diane\Desktop\Batchf51f4.iif
[2012/05/21 14:28:33 | 002,785,958 | ---- | C] () -- C:\Users\Diane\Desktop\Molly Form.tif
[2012/05/15 11:38:03 | 000,007,632 | ---- | C] () -- C:\Users\Diane\AppData\Local\Resmon.ResmonCfg
[2012/01/10 19:23:36 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\@
[2012/01/10 19:23:36 | 000,002,048 | -HS- | C] () -- C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\@
[2010/09/21 10:44:48 | 000,749,796 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/21 09:15:32 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/08/14 02:17:49 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/14 02:17:49 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/14 01:26:35 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/08/14 01:26:35 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/07/28 21:08:46 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/07/28 21:08:44 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/07/28 21:08:42 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
========== LOP Check ==========
[2010/09/21 11:04:37 | 000,000,000 | ---D | M] -- C:\Users\Diane\AppData\Roaming\Xerox
[2009/07/14 01:08:49 | 000,016,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 6/20/2012 10:11:23 AM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Diane\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.97 Gb Total Physical Memory | 2.82 Gb Available Physical Memory | 71.17% Memory free
7.93 Gb Paging File | 6.64 Gb Available in Paging File | 83.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.45 Gb Total Space | 235.82 Gb Free Space | 82.61% Space Free | Partition Type: NTFS
Computer Name: DIANE | User Name: Diane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit)
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}" = Broadcom Management Programs
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975DFE7C-8E56-45BC-A329-401E6B1F8102}" = Dell Backup and Recovery Manager
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/12/2012 9:01:24 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 6/13/2012 12:30:34 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.
Error - 6/13/2012 12:30:38 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 6/14/2012 12:30:35 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.
Error - 6/14/2012 12:30:38 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 6/15/2012 12:30:30 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.
Error - 6/15/2012 12:30:33 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 6/16/2012 12:30:11 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.
Error - 6/16/2012 12:30:12 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 6/17/2012 12:30:12 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.
[ System Events ]
Error - 5/15/2012 11:56:45 AM | Computer Name = DIANE | Source = DCOM | ID = 10005
Description =
Error - 5/15/2012 11:56:45 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
Error - 5/15/2012 11:56:45 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069
Error - 5/15/2012 11:57:04 AM | Computer Name = DIANE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .
Error - 5/15/2012 11:58:58 AM | Computer Name = DIANE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .
Error - 5/15/2012 12:04:30 PM | Computer Name = DIANE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .
Error - 5/22/2012 10:51:28 AM | Computer Name = DIANE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .
Error - 5/22/2012 10:52:28 AM | Computer Name = DIANE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .
Error - 5/22/2012 11:12:22 AM | Computer Name = DIANE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .
Error - 5/23/2012 11:02:00 AM | Computer Name = DIANE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .
< End of report >
-
-
Looks like I've hit a new snag. From a clean computer, I downloaded FRST and copied it to a USB stick. I put it into the infected computer and after selecting "Repair your computer" I am presented with a screen that says "Windows is loading files..." with a solid grey bar beneath it. There is no hard drive activity and the bar doesn't seem to be "filling" to show that it's actually doing anything. It has been in this state for over five minutes, now. Unfortunately, I do not have a Windows installation CD as this computer didn't come with physical media (though it is a licensed copy).
-
-
Hi Maniac,
Thank you for your assistance! Here are the results of your instructions:
1) I downloaded TDSSKiller and attempted to run it in Normal mode, but nothing happened beyond asking if I was sure I wanted to run the program. I gave it a good five minutes just to be sure, but there was no activity from the program. I rebooted into Safe mode and attempted to run it again and experienced the same results. So, I have no log file for you for TDSSKiller, unfortunately.
2) I updated MBAM and ran it during the same Safe mode session from above. This time it identified three items (rootkit.0access and two others). I opted to remove the items. When the computer rebooted into Normal mode this time there was NO activity from Live Platinum Security (prior to this, every time the computer booted into Normal mode, the LPS scanner screen was immediately showing upon logging in). As a result, I ran MBAM a second time to see if there were any further infections. It detected rootkit.0access once again. I again opted to remove it and upon rebooting ran MBAM a third time to check if it was still there (it was). I have the log files for those first two MBAM runs posted below (I didn't include the third as it's probably the same as the second one), followed by a fresh DDS log which was run after the third MBAM scan.
Logs:
MBAM run 1
MBAM run 2
DDS
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.20.03
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Diane :: DIANE [administrator]
6/20/2012 8:47:49 AM
mbam-log-2012-06-20 (08-47-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203338
Time elapsed: 1 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|B7E85889000153270000620DB4EB2331 (Trojan.Lameshield) -> Data: C:\ProgramData\B7E85889000153270000620DB4EB2331\B7E85889000153270000620DB4EB2331.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\ProgramData\B7E85889000153270000620DB4EB2331\B7E85889000153270000620DB4EB2331.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.20.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Diane :: DIANE [administrator]
6/20/2012 8:53:19 AM
mbam-log-2012-06-20 (08-53-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203713
Time elapsed: 2 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32
Run by Diane at 9:01:28 on 2012-06-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4061.2819 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\x856Mbgnd.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\xrxbeacn.exe
C:\Windows\system32\xnetsrvc.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [opops] rundll32.exe "C:\Users\Diane\AppData\Roaming\opops.dll",HrCopyStreamToByte
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: bankofamerica.com
Trusted Zone: bankofamerica.com\cashproonline
Trusted Zone: bankofamerica.com\cashproonlineca
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: DhcpNameServer = 68.87.71.226 68.87.73.242
TCP: Interfaces\{31120606-A45E-49C5-A557-DAEC54016CD2} : DhcpNameServer = 68.87.71.226 68.87.73.242
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Diane\AppData\Roaming\Mozilla\Firefox\Profiles\ttmjef0z.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-14 92160]
R2 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-8-17 117568]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-27 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 XnetSrvc;XnetSrvc;C:\Windows\system32\xnetsrvc.exe --> C:\Windows\system32\xnetsrvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 257224]
S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-19 19:21:35 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2012-06-19 18:10:16 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-19 18:00:40 123904 --sha-w- C:\Users\Diane\AppData\Roaming\opops.dll
2012-06-19 18:00:40 -------- d-----w- C:\ProgramData\B7E85889000153270000620DB4EB2331
2012-06-19 07:37:41 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B269F30A-E508-466C-9CBD-E007E1BD4CE5}\mpengine.dll
2012-06-18 07:37:06 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-13 11:12:59 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 11:12:52 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 11:12:51 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 11:12:51 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 11:12:51 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 11:12:51 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 11:12:51 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 15:02:11 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 15:02:11 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D39944F-0174-4BE6-8D93-293959193E7A}\gapaengine.dll
2012-05-22 14:26:16 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-22 14:26:16 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-22 14:11:43 -------- d-----w- C:\Windows\System32\appmgmt
.
==================== Find3M ====================
.
2012-06-19 18:01:00 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-19 18:01:00 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-29 17:36:13 3833856 ----a-w- C:\Windows\SysWow64\cdintf300.dll
2012-05-21 13:23:37 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-05-21 13:23:37 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-05-21 13:23:37 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-05-15 16:06:42 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-15 16:06:42 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 18:33:09 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 9:09:39.73 ===============
-
Hello,
Thanks in advance for any help that is offered! It's very much appreciated!
I have a Windows 7 64-bit system that began running Live Platinum Securty (LPS from here out) scan this afternoon after an update to Adobe Reader was made. LPS cancelled the update to Adobe Reader and all tray icons vanished once the mouse moved over them. I am unable to run most programs (browsers, task manager, etc.) in Normal mode, only in Safe mode do they work. After running MBAM and removing multiple items (including LPS), rebooting and starting in Normal mode brought up the LPS scan window again. I have run MBAM Quick Scan at least four times and all four times, the only item found is Rootkit.0access.
Currently, the computer is pretty unusable as any programs I attempt to run do "nothing." The only reaction any program gives is Task Manager, which flashes briefly on the screen before vanishing. I was able to run MBAM early on in Normal mode by going through Chameleon, but otherwise all attempts have been made using Safe mode.
I ran DDS in Safe mode, as it did nothing when run in Normal mode. Hopefully that didn't affect the output of the two log files! The results are pasted below:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32
Run by Diane at 16:39:32 on 2012-06-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4061.3095 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [opops] rundll32.exe "C:\Users\Diane\AppData\Roaming\opops.dll",HrCopyStreamToByte
uRunOnce: [b7E85889000153270000620DB4EB2331] C:\ProgramData\B7E85889000153270000620DB4EB2331\B7E85889000153270000620DB4EB2331.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: bankofamerica.com
Trusted Zone: bankofamerica.com\cashproonline
Trusted Zone: bankofamerica.com\cashproonlineca
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: DhcpNameServer = 68.87.71.226 68.87.73.242
TCP: Interfaces\{31120606-A45E-49C5-A557-DAEC54016CD2} : DhcpNameServer = 68.87.71.226 68.87.73.242
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Diane\AppData\Roaming\Mozilla\Firefox\Profiles\ttmjef0z.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-14 92160]
S2 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-8-17 117568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-27 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 257224]
S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 XnetSrvc;XnetSrvc;C:\Windows\system32\xnetsrvc.exe --> C:\Windows\system32\xnetsrvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-19 19:21:35 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2012-06-19 18:10:16 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-19 18:00:40 123904 --sha-w- C:\Users\Diane\AppData\Roaming\opops.dll
2012-06-19 18:00:40 -------- d-----w- C:\ProgramData\B7E85889000153270000620DB4EB2331
2012-06-19 07:37:41 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B269F30A-E508-466C-9CBD-E007E1BD4CE5}\mpengine.dll
2012-06-18 07:37:06 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-13 11:12:59 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 11:12:52 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 11:12:51 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 11:12:51 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 11:12:51 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 11:12:51 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 11:12:51 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 15:02:11 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 15:02:11 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D39944F-0174-4BE6-8D93-293959193E7A}\gapaengine.dll
2012-05-22 14:26:16 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-22 14:26:16 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-22 14:11:43 -------- d-----w- C:\Windows\System32\appmgmt
.
==================== Find3M ====================
.
2012-06-19 18:01:00 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-19 18:01:00 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-29 17:36:13 3833856 ----a-w- C:\Windows\SysWow64\cdintf300.dll
2012-05-21 13:23:37 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-05-21 13:23:37 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-05-21 13:23:37 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-05-15 16:06:42 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-15 16:06:42 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 18:33:09 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 16:47:51.95 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/16/2010 6:54:17 AM
System Uptime: 6/19/2012 4:37:58 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 07N90W
Processor: Intel® Core™2 Quad CPU Q8400 @ 2.66GHz | CPU 1 | 2660/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 236.099 GiB free.
D: is CDROM ()
Z: is NetworkDisk (NTFS) - 454 GiB total, 432.824 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP433: 5/23/2012 11:01:59 AM - Windows Update
RP434: 5/27/2012 2:17:29 AM - Windows Update
RP435: 5/30/2012 11:02:07 AM - Windows Update
RP436: 6/3/2012 2:17:31 AM - Windows Update
RP437: 6/5/2012 3:00:11 AM - Windows Update
RP438: 6/8/2012 11:01:42 AM - Windows Update
RP439: 6/12/2012 11:01:26 AM - Windows Update
RP440: 6/14/2012 3:00:11 AM - Windows Update
RP441: 6/17/2012 3:37:15 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.3.4
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 32
Junk Mail filter update
LogMeIn
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Mozilla Firefox (3.6.23)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
QuickBooks
QuickBooks Pro 2010
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Spybot - Search & Destroy
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
6/19/2012 4:38:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/19/2012 4:38:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/19/2012 4:38:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/19/2012 4:38:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/19/2012 4:38:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr vpcvmm Wanarpv6
6/19/2012 4:38:06 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
6/19/2012 4:29:08 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/19/2012 2:28:13 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 2:28:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/19/2012 2:28:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/19/2012 2:27:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf
6/19/2012 2:27:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 2:27:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2012 2:27:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2012 2:27:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 2:27:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 2:27:49 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2012 2:27:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 2:27:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2012 2:27:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2012 10:04:47 AM, Error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
Should I run it again?
Rootkit.0access and Live Platinum Security - Will Not Go Away
in Resolved Malware Removal Logs
Posted
Thank you very much for everything! I'm pretty sure this was due to someone using an infected USB drive so I'm going to put that to an end. I have zero desire to go through this (or put anyone else like yourself through it) again!