Jump to content

mrtwallz

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

Reputation

0 Neutral
  1. mrtwallz
    Here you go Process PID CPU Private Bytes Working Set Description Company Name Interrupts n/a 1.74 0 K 0 K Hardware Interrupts and DPCs System Idle Process 0 38.86 0 K 24 K System 4 1.30 128 K 1,244 K svchost.exe 252 0.11 37,284 K 19,776 K Host Process for Windows Services Microsoft Corporation smss.exe 272 352 K 456 K Windows Session Manager Microsoft Corporation egui.exe 316 0.02 6,952 K 4,992 K ESET GUI ESET csrss.exe 424 < 0.01 2,336 K 1,988 K Client Server Runtime Process Microsoft Corporation taskhost.exe 444 7,804 K 3,576 K Host Process for Windows Tasks Microsoft Corporation wininit.exe 480 1,280 K 392 K Windows Start-Up Application Microsoft Corporation csrss.exe 492 0.50 6,180 K 8,788 K Client Server Runtime Process Microsoft Corporation svchost.exe 496 0.01 8,624 K 6,476 K Host Process for Windows Services Microsoft Corporation dwm.exe 532 2.53 45,576 K 43,364 K Desktop Window Manager Microsoft Corporation services.exe 540 5,388 K 3,828 K Services and Controller app Microsoft Corporation lsass.exe 556 0.02 4,024 K 5,192 K Local Security Authority Process Microsoft Corporation lsm.exe 564 2,344 K 1,692 K Local Session Manager Service Microsoft Corporation winlogon.exe 608 2,432 K 1,800 K Windows Logon Application Microsoft Corporation SmartMenu.exe 712 6,864 K 988 K SmartMenu svchost.exe 724 3,760 K 3,308 K Host Process for Windows Services Microsoft Corporation nvvsvc.exe 788 1,116 K 500 K NVIDIA Driver Helper Service, Version 186.55 NVIDIA Corporation WUDFHost.exe 812 1,980 K 2,024 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation svchost.exe 816 0.03 4,956 K 4,640 K Host Process for Windows Services Microsoft Corporation svchost.exe 864 20,120 K 9,904 K Host Process for Windows Services Microsoft Corporation svchost.exe 984 < 0.01 90,572 K 81,136 K Host Process for Windows Services Microsoft Corporation nvvsvc.exe 1096 0.01 2,632 K 948 K NVIDIA Driver Helper Service, Version 186.55 NVIDIA Corporation audiodg.exe 1132 3.44 30,640 K 27,772 K Windows Audio Device Graph Isolation Microsoft Corporation svchost.exe 1140 < 0.01 38,264 K 9,016 K Host Process for Windows Services Microsoft Corporation spoolsv.exe 1248 5,964 K 1,464 K Spooler SubSystem App Microsoft Corporation svchost.exe 1284 9,304 K 4,576 K Host Process for Windows Services Microsoft Corporation armsvc.exe 1392 1,120 K 708 K Adobe Acrobat Update Service Adobe Systems Incorporated ekrn.exe 1444 0.26 87,144 K 47,964 K ESET Service ESET svchost.exe 1476 5,016 K 2,296 K Host Process for Windows Services Microsoft Corporation LSSrvc.exe 1504 1,152 K 420 K LightScribe Service Hewlett-Packard Company svchost.exe 1848 1,548 K 644 K Host Process for Windows Services Microsoft Corporation DkService.exe 2492 0.12 12,716 K 6,472 K Diskeeper Service Diskeeper Corporation hpwuschd2.exe 2524 852 K 736 K hpwuSchd Application Hewlett-Packard HPHC_Service.exe 2600 < 0.01 26,868 K 3,368 K HP Health Check Service Hewlett-Packard mbamservice.exe 2664 2,508 K 868 K Malwarebytes' Anti-Malware Malwarebytes Corporation svchost.exe 2724 0.02 79,668 K 22,164 K Host Process for Windows Services Microsoft Corporation SearchIndexer.exe 2780 0.01 21,048 K 14,208 K Microsoft Windows Search Indexer Microsoft Corporation procexp64.exe 2844 5.17 19,768 K 39,720 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com procexp.exe 2956 1,876 K 6,536 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com PictureMover.exe 2976 < 0.01 7,604 K 1,804 K PictureMover Application Hewlett-Packard Company CLMLSvc.exe 3048 0.22 22,696 K 5,500 K CyberLink MediaLibray Service CyberLink StikyNot.exe 3056 5,372 K 15,068 K Sticky Notes Microsoft Corporation svchost.exe 3248 1,680 K 696 K Host Process for Windows Services Microsoft Corporation explorer.exe 3348 0.17 48,548 K 80,296 K Windows Explorer Microsoft Corporation wmpnetwk.exe 3372 < 0.01 4,108 K 3,928 K Windows Media Player Network Sharing Service Microsoft Corporation wuauclt.exe 3496 1,700 K 1,280 K Windows Update Microsoft Corporation iexplore.exe 3700 45.44 437,504 K 460,044 K Internet Explorer Microsoft Corporation dllhost.exe 3856 1,716 K 5,368 K COM Surrogate Microsoft Corporation WmiPrvSE.exe 3964 2,124 K 5,600 K WMI Provider Host Microsoft Corporation svchost.exe 4024 1,224 K 3,856 K Host Process for Windows Services Microsoft Corporation Process: System Pid: 4 Name Description Company Name Version ACPI.sys ACPI Driver for NT Microsoft Corporation 6.1.7600.16385 afd.sys Ancillary Function Driver for WinSock Microsoft Corporation 6.1.7600.16802 AgileVpn.sys RAS Agile Vpn Miniport Call Manager Microsoft Corporation 6.1.7600.16385 amdk8.sys Processor Device Driver Microsoft Corporation 6.1.7600.16385 amdxata.sys Storage Filter Driver Advanced Micro Devices 1.1.2.5 ATMFD.DLL Windows NT OpenType/Type 1 Font Driver Adobe Systems Incorporated 5.1.2.234 Beep.SYS BEEP Driver Microsoft Corporation 6.1.7600.16385 blbdrive.sys BLB Drive Driver Microsoft Corporation 6.1.7600.16385 bowser.sys NT Lan Manager Datagram Receiver Driver Microsoft Corporation 6.1.7600.16765 cdd.dll Canonical Display Driver Microsoft Corporation 6.1.7600.16748 cdrom.sys SCSI CD-ROM Driver Microsoft Corporation 6.1.7600.16385 CI.dll Code Integrity Module Microsoft Corporation 6.1.7600.16385 CLASSPNP.SYS SCSI Class System Dll Microsoft Corporation 6.1.7600.16385 CLFS.SYS Common Log File System Driver Microsoft Corporation 6.1.7600.16385 cng.sys Kernel Cryptography, Next Generation Microsoft Corporation 6.1.7600.16385 CompositeBus.sys Multi-Transport Composite Bus Enumerator Microsoft Corporation 6.1.7600.16385 crashdmp.sys Crash Dump Driver Microsoft Corporation 6.1.7600.16385 dfsc.sys DFS Namespace Client Driver Microsoft Corporation 6.1.7600.16804 discache.sys System Indexer/Cache Driver Microsoft Corporation 6.1.7600.16385 disk.sys PnP Disk Driver Microsoft Corporation 6.1.7600.16385 DKRtWrt.sys Diskeeper IntelliWrite Mini-Filter Driver Diskeeper Corporation 3.0.1.0 drmk.sys Microsoft Trusted Audio Drivers Microsoft Corporation 6.1.7600.16385 dump_diskdump.sys dump_dumpfve.sys dump_nvstor64.sys Dxapi.sys DirectX API Driver Microsoft Corporation 6.1.7600.16385 dxgkrnl.sys DirectX Graphics Kernel Microsoft Corporation 6.1.7600.16748 dxgmms1.sys DirectX Graphics MMS Microsoft Corporation 6.1.7600.16748 eamonm.sys Amon monitor ESET 5.0.91.0 ehdrv.sys ESET Helper driver ESET 5.0.87.0 epfw.sys ESET Personal Firewall driver ESET 5.0.87.0 EpfwLWF.sys Epfw NDIS LightWeight Filter ESET 5.0.90.0 epfwwfp.sys ESET Personal Firewall driver ESET 5.0.87.0 fastfat.SYS Fast FAT File System Driver Microsoft Corporation 6.1.7600.16385 fileinfo.sys FileInfo Filter Driver Microsoft Corporation 6.1.7600.16385 fltmgr.sys Microsoft Filesystem Filter Manager Microsoft Corporation 6.1.7600.16385 Fs_Rec.sys File System Recognizer Driver Microsoft Corporation 6.1.7600.16385 fvevol.sys BitLocker Drive Encryption Driver Microsoft Corporation 6.1.7600.16429 fwpkclnt.sys FWP/IPsec Kernel-Mode API Microsoft Corporation 6.1.7600.16385 hal.dll Hardware Abstraction Layer DLL Microsoft Corporation 6.1.7600.16385 HDAudBus.sys High Definition Audio Bus Driver Microsoft Corporation 6.1.7600.16385 HIDCLASS.SYS Hid Class Library Microsoft Corporation 6.1.7600.16385 HIDPARSE.SYS Hid Parsing Library Microsoft Corporation 6.1.7600.16385 hidusb.sys USB Miniport Driver for Input Devices Microsoft Corporation 6.1.7600.16385 HTTP.sys HTTP Protocol Stack Microsoft Corporation 6.1.7600.16385 hwpolicy.sys Hardware Policy Driver Microsoft Corporation 6.1.7600.16385 kbdclass.sys Keyboard Class Driver Microsoft Corporation 6.1.7600.16385 kbdhid.sys HID Keyboard Filter Driver Microsoft Corporation 6.1.7600.16385 kdcom.dll Serial Kernel Debugger Microsoft Corporation 6.1.7600.16757 ks.sys Kernel CSA Library Microsoft Corporation 6.1.7600.16543 ksecdd.sys Kernel Security Support Provider Interface Microsoft Corporation 6.1.7600.16385 ksecpkg.sys Kernel Security Support Provider Interface Packages Microsoft Corporation 6.1.7600.16484 ksthunk.sys Kernel Streaming WOW Thunk Service Microsoft Corporation 6.1.7600.16385 lltdio.sys Link-Layer Topology Mapper I/O Driver Microsoft Corporation 6.1.7600.16385 luafv.sys LUA File Virtualization Filter Driver Microsoft Corporation 6.1.7600.16385 mbam.sys Malwarebytes' Anti-Malware Malwarebytes Corporation 1.50.1.0 mcupdate_AuthenticAMD.dll AMD Microcode Update Library Microsoft Corporation 6.1.7600.16385 monitor.sys Monitor Driver Microsoft Corporation 6.1.7600.16385 mouclass.sys Mouse Class Driver Microsoft Corporation 6.1.7600.16385 mouhid.sys HID Mouse Filter Driver Microsoft Corporation 6.1.7600.16385 mountmgr.sys Mount Point Manager Microsoft Corporation 6.1.7600.16385 mpsdrv.sys Microsoft Protection Service Driver Microsoft Corporation 6.1.7600.16385 mrxsmb.sys Windows NT SMB Minirdr Microsoft Corporation 6.1.7600.16808 mrxsmb10.sys Longhorn SMB Downlevel SubRdr Microsoft Corporation 6.1.7600.16847 mrxsmb20.sys Longhorn SMB 2.0 Redirector Microsoft Corporation 6.1.7600.16808 Msfs.SYS Mailslot driver Microsoft Corporation 6.1.7600.16385 msisadrv.sys ISA Driver Microsoft Corporation 6.1.7600.16385 msrpc.sys Kernel Remote Procedure Call Provider Microsoft Corporation 6.1.7600.16385 mssmbios.sys System Management BIOS Driver Microsoft Corporation 6.1.7600.16385 mup.sys Multiple UNC Provider Driver Microsoft Corporation 6.1.7600.16385 ndis.sys NDIS 6.20 driver Microsoft Corporation 6.1.7600.16385 ndistapi.sys NDIS 3.0 connection wrapper driver Microsoft Corporation 6.1.7600.16385 ndisuio.sys NDIS User mode I/O driver Microsoft Corporation 6.1.7600.16385 ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft Corporation 6.1.7600.16385 NDProxy.SYS NDIS Proxy Microsoft Corporation 6.1.7600.16385 netbios.sys NetBIOS interface driver Microsoft Corporation 6.1.7600.16385 netbt.sys MBT Transport driver Microsoft Corporation 6.1.7600.16385 NETIO.SYS Network I/O Subsystem Microsoft Corporation 6.1.7600.16569 Npfs.SYS NPFS Driver Microsoft Corporation 6.1.7600.16385 nsiproxy.sys NSI Proxy Microsoft Corporation 6.1.7600.16385 Ntfs.sys NT File System Driver Microsoft Corporation 6.1.7600.16778 ntoskrnl.exe NT Kernel & System Microsoft Corporation 6.1.7600.16841 Null.SYS NULL Driver Microsoft Corporation 6.1.7600.16385 nvBridge.kmd NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 186.55 NVIDIA Corporation 8.15.11.8655 nvlddmkm.sys NVIDIA Windows Kernel Mode Driver, Version 186.55 NVIDIA Corporation 8.15.11.8655 nvmf6264.sys NVIDIA MCP Networking Function Driver. NVIDIA Corporation 7.3.1.7314 nvstor64.sys NVIDIA® nForce Sata Performance Driver NVIDIA Corporation 11.1.0.33 nwifi.sys NativeWiFi Miniport Driver Microsoft Corporation 6.1.7600.16385 pacer.sys QoS Packet Scheduler Microsoft Corporation 6.1.7600.16385 partmgr.sys Partition Management Driver Microsoft Corporation 6.1.7600.16385 pci.sys NT Plug and Play PCI Enumerator Microsoft Corporation 6.1.7600.16385 pcw.sys Performance Counters for Windows Driver Microsoft Corporation 6.1.7600.16385 peauth.sys Protected Environment Authentication and Authorization Export Driver Microsoft Corporation 6.1.7600.16385 portcls.sys Port Class (Class Driver for Port/Miniport Devices) Microsoft Corporation 6.1.7600.16385 PROCEXP141.SYS PSHED.dll Platform Specific Hardware Error Driver Microsoft Corporation 6.1.7600.16385 rasl2tp.sys RAS L2TP mini-port/call-manager driver Microsoft Corporation 6.1.7600.16385 raspppoe.sys RAS PPPoE mini-port/call-manager driver Microsoft Corporation 6.1.7600.16385 raspptp.sys Peer-to-Peer Tunneling Protocol Microsoft Corporation 6.1.7600.16385 rassstp.sys RAS SSTP Miniport Call Manager Microsoft Corporation 6.1.7600.16385 rdbss.sys Redirected Drive Buffering SubSystem Driver Microsoft Corporation 6.1.7600.16385 RDPCDD.sys RDP Miniport Microsoft Corporation 6.1.7600.16385 rdpencdd.sys RDP Encoder Miniport Microsoft Corporation 6.1.7600.16385 rdprefmp.sys RDP Reflector Driver Miniport Microsoft Corporation 6.1.7600.16385 rdyboost.sys ReadyBoost Driver Microsoft Corporation 6.1.7600.16385 rspndr.sys Link-Layer Topology Responder Driver for NDIS 6 Microsoft Corporation 6.1.7600.16385 RTKVHD64.sys Realtek® High Definition Audio Function Driver Realtek Semiconductor Corp. 6.0.1.5938 secdrv.SYS Macrovision SECURITY Driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. 4.3.86.0 spldr.sys loader for security processor Microsoft Corporation 6.1.7127.0 srv.sys Server driver Microsoft Corporation 6.1.7600.16806 srv2.sys Smb 2.0 Server driver Microsoft Corporation 6.1.7600.16806 srvnet.sys Server Network driver Microsoft Corporation 6.1.7600.16806 storport.sys Microsoft Storage Port Driver Microsoft Corporation 6.1.7600.16778 swenum.sys Plug and Play Software Device Enumerator Microsoft Corporation 6.1.7600.16385 tcpip.sys TCP/IP Driver Microsoft Corporation 6.1.7600.16839 tcpipreg.sys TCP/IP Registry Compatibility Driver Microsoft Corporation 6.1.7600.16385 TDI.SYS TDI Wrapper Microsoft Corporation 6.1.7600.16385 tdx.sys TDI Translation Driver Microsoft Corporation 6.1.7600.16385 termdd.sys Remote Desktop Server Driver Microsoft Corporation 6.1.7600.16385 TSDDD.dll Framebuffer Display Driver Microsoft Corporation 6.1.7600.16385 tunnel.sys Microsoft Tunnel Interface Driver Microsoft Corporation 6.1.7600.16385 udfs.sys UDF File System Driver Microsoft Corporation 6.1.7600.16385 umbus.sys User-Mode Bus Enumerator Microsoft Corporation 6.1.7600.16385 usbccgp.sys USB Common Class Generic Parent Driver Microsoft Corporation 6.1.7600.16788 USBD.SYS Universal Serial Bus Driver Microsoft Corporation 6.1.7600.16788 usbehci.sys EHCI eUSB Miniport Driver Microsoft Corporation 6.1.7600.16788 usbhub.sys Default Hub Driver for USB Microsoft Corporation 6.1.7600.16788 usbohci.sys OHCI USB Miniport Driver Microsoft Corporation 6.1.7600.16788 USBPORT.SYS USB 1.1 & 2.0 Port Driver Microsoft Corporation 6.1.7600.16788 usbprint.sys USB Printer driver Microsoft Corporation 6.1.7600.16385 USBSTOR.SYS USB Mass Storage Class Driver Microsoft Corporation 6.1.7600.16778 vdrvroot.sys Virtual Drive Root Enumerator Microsoft Corporation 6.1.7600.16385 vga.sys VGA/Super VGA Video Driver Microsoft Corporation 6.1.7600.16385 VIDEOPRT.SYS Video Port Driver Microsoft Corporation 6.1.7600.16385 volmgr.sys Volume Manager Driver Microsoft Corporation 6.1.7600.16385 volmgrx.sys Volume Manager Extension Driver Microsoft Corporation 6.1.7600.16385 volsnap.sys Volume Shadow Copy Driver Microsoft Corporation 6.1.7600.16385 wanarp.sys MS Remote Access and Routing ARP Driver Microsoft Corporation 6.1.7600.16385 watchdog.sys Watchdog Driver Microsoft Corporation 6.1.7600.16385 Wdf01000.sys Kernel Mode Driver Framework Runtime Microsoft Corporation 1.9.7600.16385 WDFLDR.SYS Kernel Mode Driver Framework Loader Microsoft Corporation 1.9.7600.16385 wfplwf.sys WFP NDIS 6.20 Lightweight Filter Driver Microsoft Corporation 6.1.7600.16385 win32k.sys Multi-User Win32 Driver Microsoft Corporation 6.1.7600.16878 WMILIB.SYS WMILIB WMI support library Dll Microsoft Corporation 6.1.7600.16385 WudfPf.sys Windows Driver Foundation - User-mode Driver Framework Platform Driver Microsoft Corporation 6.1.7600.16385 WUDFRd.sys Windows Driver Foundation - User-mode Driver Framework Reflector Microsoft Corporation 6.1.7600.16385
  2. mrtwallz
    Alright, here they are Logs.rar
  3. mrtwallz
    And still getting site redirects from search engines
  4. mrtwallz
    Uninstalled Microsoft Essentials, Restarted and yes iexplorer is running. It even opened the browser on its own to my default msn homepage. So what's next doc, lol.
  5. mrtwallz
    Disk### Status Size Free Dyn Gpt Disk 0 Online 298 GB 0 B Disk 1 No Media 0 B 0 B
  6. mrtwallz
    Ok here it is: ComboFix 11-11-01.03 - Jazzarah 11/01/2011 12:49:31.2.1 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.919 [GMT -4:00] Running from: c:\users\Jazzarah\Desktop\ComboFix.exe AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\users\Jazzarah\Desktop\Internet Explorer.lnk c:\windows\msxml4-KB954430-enu.LOG c:\windows\msxml4-KB973688-enu.LOG G:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 ))))))))))))))))))))))))))))))) . . 2011-11-01 17:33 . 2011-11-01 17:33 -------- d-----w- C:\Diskeeper 2011-11-01 17:20 . 2011-11-01 17:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-01 11:07 . 2011-11-01 11:07 -------- d-----w- c:\program files (x86)\MSXML 4.0 2011-11-01 06:29 . 2011-11-01 17:23 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BE08519-168F-4FD3-A14D-B7727555C5FA}\offreg.dll 2011-11-01 06:28 . 2011-10-07 01:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BE08519-168F-4FD3-A14D-B7727555C5FA}\mpengine.dll 2011-10-30 21:27 . 2011-10-30 21:27 -------- d-----w- c:\programdata\PC Tools 2011-10-30 19:50 . 2011-10-30 19:50 -------- d-----w- c:\program files\Windows Imaging 2011-10-30 19:48 . 2011-10-30 19:51 -------- d-----w- c:\program files\Windows AIK 2011-10-30 19:12 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-10-30 19:12 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-10-30 19:12 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-10-30 19:12 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-10-30 19:12 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2011-10-30 19:12 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2011-10-30 19:12 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-10-30 19:11 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys 2011-10-30 19:11 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll 2011-10-30 19:11 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys 2011-10-30 19:11 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys 2011-10-30 19:11 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys 2011-10-30 19:11 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys 2011-10-30 19:11 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2011-10-30 19:11 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys 2011-10-30 19:11 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll 2011-10-30 19:11 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe 2011-10-30 19:11 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe 2011-10-30 17:19 . 2011-10-30 17:19 -------- dc----w- c:\windows\system32\DRVSTORE 2011-10-30 17:19 . 2011-06-13 21:22 44624 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys 2011-10-30 17:19 . 2011-10-30 17:19 -------- d-----w- c:\programdata\Diskeeper Corporation 2011-10-30 17:19 . 2011-10-30 17:19 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation 2011-10-30 17:19 . 2011-10-30 17:19 -------- d-----w- c:\program files\Diskeeper Corporation 2011-10-30 14:53 . 2011-10-30 14:53 -------- d-----w- c:\program files\ESET 2011-10-30 08:21 . 2011-10-30 08:21 -------- d-----w- c:\windows\SysWow64\Wat 2011-10-30 08:21 . 2011-10-30 08:21 -------- d-----w- c:\windows\system32\Wat 2011-10-30 07:56 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2011-10-30 07:56 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2011-10-30 07:21 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll 2011-10-30 07:21 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll 2011-10-30 07:21 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll 2011-10-30 07:21 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe 2011-10-30 07:21 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2011-10-30 07:21 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-10-30 07:21 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll 2011-10-30 07:21 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll 2011-10-30 07:21 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2011-10-30 07:21 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll 2011-10-30 07:01 . 2011-10-30 07:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2011-10-30 07:00 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys 2011-10-29 14:09 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll 2011-10-29 14:09 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-10-29 14:04 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll 2011-10-29 14:04 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll 2011-10-29 14:01 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll 2011-10-29 14:00 . 2011-05-04 05:28 2228224 ----a-w- c:\windows\system32\mssrch.dll 2011-10-29 13:59 . 2010-01-19 09:05 422912 ----a-w- c:\windows\system32\secproc_isv.dll 2011-10-29 13:58 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll 2011-10-29 13:58 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll 2011-10-29 13:58 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll 2011-10-29 13:58 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll 2011-10-29 13:58 . 2010-08-21 05:36 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll 2011-10-29 13:58 . 2011-09-06 03:07 3134976 ----a-w- c:\windows\system32\win32k.sys 2011-10-29 13:56 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys 2011-10-29 13:55 . 2010-11-02 05:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-10-29 13:54 . 2010-12-21 06:13 2003968 ----a-w- c:\windows\system32\msxml6.dll 2011-10-29 13:53 . 2009-10-28 06:24 389632 ----a-w- c:\windows\system32\winlogon.exe 2011-10-29 13:52 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll 2011-10-29 13:52 . 2010-06-19 06:23 37376 ----a-w- c:\windows\SysWow64\rtutils.dll 2011-10-29 13:52 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll 2011-10-29 13:52 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll 2011-10-29 13:52 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll 2011-10-29 13:52 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll 2011-10-29 13:49 . 2010-11-02 05:12 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2011-10-29 13:48 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll 2011-10-29 13:48 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll 2011-10-29 13:45 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2011-10-29 13:45 . 2010-09-01 04:26 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe 2011-10-29 13:45 . 2010-09-01 05:12 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2011-10-29 13:45 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL 2011-10-29 13:45 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe 2011-10-29 13:45 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe 2011-10-29 13:45 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-10-29 13:45 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-29 13:45 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll 2011-10-29 13:40 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe 2011-10-29 13:39 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-10-29 13:34 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-29 13:34 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-29 13:34 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-29 13:34 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-29 13:33 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll 2011-10-29 13:33 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll 2011-10-29 13:33 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-10-29 13:33 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-10-29 13:33 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-10-29 13:33 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-10-29 13:33 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2011-10-29 13:33 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2011-10-29 13:33 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2011-10-29 13:33 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2011-10-29 13:13 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll 2011-10-29 13:13 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll 2011-10-29 13:12 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-29 13:12 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-10-29 13:12 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-10-29 05:07 . 2011-10-29 05:07 -------- d-----w- c:\programdata\Recovery 2011-10-29 03:58 . 2011-10-29 03:58 -------- d-----w- c:\programdata\Kaspersky Lab 2011-10-29 03:41 . 2011-10-29 03:41 -------- d-----w- c:\programdata\Malwarebytes 2011-10-29 03:41 . 2011-10-29 03:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-10-29 03:41 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-29 02:36 . 2011-10-29 02:37 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-10-29 02:19 . 2011-10-29 02:19 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2011-10-29 02:13 . 2011-10-07 01:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-10-29 02:09 . 2011-10-29 02:08 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F27C297-953F-4CA0-A9B0-8A8FA371B6A8}\gapaengine.dll 2011-10-29 01:54 . 2011-10-29 01:54 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2011-10-29 01:53 . 2011-10-29 01:55 -------- d-----w- c:\program files\Microsoft Security Client 2011-10-29 01:53 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys 2011-10-29 01:46 . 2011-10-29 01:46 -------- d-----w- c:\program files (x86)\Microsoft.NET 2011-10-29 01:42 . 2011-10-29 01:42 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2011-10-29 01:41 . 2011-10-31 07:15 -------- d-----w- c:\programdata\Microsoft Help 2011-10-29 01:39 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F440A80E-0CEC-44D6-8E1F-7F8CBB78624C}\mpengine.dll 2011-10-29 01:39 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-10-29 01:37 . 2011-10-29 01:37 -------- d-----r- C:\MSOCache 2011-10-29 01:25 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll 2011-10-29 01:25 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll 2011-10-29 01:25 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-09 17:57 . 2011-08-09 17:57 202576 ----a-w- c:\windows\system32\drivers\eamonm.sys 2011-08-04 13:20 . 2011-08-04 13:20 62496 ----a-w- c:\windows\system32\drivers\epfwwfp.sys 2011-08-04 13:20 . 2011-08-04 13:20 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys 2011-08-04 13:20 . 2011-08-04 13:20 187632 ----a-w- c:\windows\system32\drivers\epfw.sys 2011-08-04 13:20 . 2011-08-04 13:20 146432 ----a-w- c:\windows\system32\drivers\ehdrv.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-10-30_22.56.10 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2011-10-31 00:07 35268 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:30 . 2011-10-30 14:54 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 05:30 . 2011-10-31 07:31 86016 c:\windows\system32\DriverStore\infpub.dat + 2011-10-30 19:11 . 2011-03-11 04:31 91136 c:\windows\system32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_dd8b7470ecdd8b8b\USBSTOR.SYS + 2011-10-30 19:12 . 2011-03-25 03:22 30720 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbuhci.sys + 2011-10-30 19:12 . 2011-03-25 03:22 25600 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbohci.sys + 2011-10-30 19:12 . 2011-03-25 03:22 52224 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbehci.sys + 2011-10-30 19:12 . 2011-03-25 03:23 98816 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_d378b476be3d939d\usbccgp.sys + 2011-10-30 19:12 . 2011-04-28 03:58 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\BTHUSB.SYS + 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\bthenum.sys + 2011-10-30 19:11 . 2011-03-11 06:22 27008 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdxata.sys + 2011-10-30 19:11 . 2011-03-11 04:31 91136 c:\windows\system32\drivers\USBSTOR.SYS + 2011-10-29 05:11 . 2011-11-01 17:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-10-29 05:11 . 2011-10-30 21:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-10-29 05:11 . 2011-11-01 17:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-10-29 05:11 . 2011-10-30 21:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-11-01 17:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-10-30 21:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-10-29 05:15 . 2011-11-01 17:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-10-29 05:15 . 2011-10-30 22:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2011-11-01 17:26 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2011-10-29 05:15 . 2011-10-30 22:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-10-29 05:15 . 2011-11-01 17:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-10-29 05:15 . 2011-11-01 17:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-10-29 05:15 . 2011-10-30 22:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-10-29 01:22 . 2011-10-30 22:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-10-29 01:22 . 2011-11-01 17:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-10-29 01:22 . 2011-10-30 22:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-10-29 01:22 . 2011-11-01 17:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-01 11:08 . 2011-11-01 11:08 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe - 2011-10-30 07:35 . 2011-10-30 07:35 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe + 2011-10-31 07:15 . 2011-10-31 07:15 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe + 2011-10-29 01:50 . 2011-10-31 07:15 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2011-10-29 01:50 . 2011-10-30 07:17 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2011-10-29 01:50 . 2011-10-30 07:17 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2011-10-29 01:50 . 2011-10-31 07:15 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2011-10-29 01:50 . 2011-10-30 07:17 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2011-10-29 01:50 . 2011-10-31 07:15 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2011-10-30 07:21 . 2011-10-30 07:21 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2011-10-31 07:15 . 2011-10-31 07:15 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2011-11-01 11:07 . 2011-11-01 11:07 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe + 2009-03-04 21:24 . 2009-03-04 21:24 54088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCANOST.EXE + 2009-03-04 21:24 . 2009-03-04 21:24 75608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RM.DLL + 2009-03-04 21:24 . 2009-03-04 21:24 38240 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RECALL.DLL + 2009-01-07 01:31 . 2009-01-07 01:31 48512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PUBTRAP.DLL + 2009-03-04 21:24 . 2009-03-04 21:24 52072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLVBA.DLL + 2008-10-25 12:18 . 2008-10-25 12:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONFILTER.DLL + 2008-10-25 12:18 . 2008-10-25 12:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTEM.EXE + 2009-03-04 21:24 . 2009-03-04 21:24 34192 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DUMPSTER.DLL + 2009-03-04 21:24 . 2009-03-04 21:24 87392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DLGSETP.DLL + 2006-10-27 02:58 . 2006-10-27 02:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VPREVIEW.EXE + 2011-10-31 07:32 . 2011-10-31 07:32 3886 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-10-29 01:20 . 2011-10-31 00:07 3360 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3874856960-2651343199-2381090643-1000_UserData.bin + 2011-10-30 19:12 . 2011-03-25 03:22 7936 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbd.sys + 2011-11-01 17:23 . 2011-11-01 17:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-10-30 22:54 . 2011-10-30 22:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-01 17:23 . 2011-11-01 17:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-10-30 22:54 . 2011-10-30 22:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-29 12:49 . 2011-11-01 17:16 182336 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2009-07-14 02:36 . 2011-11-01 17:30 617222 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-10-30 21:57 617222 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-10-30 21:57 104496 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2011-11-01 17:30 104496 c:\windows\system32\perfc009.dat + 2009-07-14 05:30 . 2011-10-31 07:31 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2011-10-30 14:54 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2011-10-31 07:31 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:30 . 2011-10-30 14:54 143360 c:\windows\system32\DriverStore\infstor.dat + 2011-10-30 19:12 . 2011-03-25 03:23 324608 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbport.sys + 2011-10-30 19:12 . 2011-03-25 03:23 343040 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbhub.sys + 2011-10-30 19:12 . 2011-03-25 03:23 343040 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_d378b476be3d939d\usbhub.sys + 2011-10-30 19:11 . 2011-03-11 06:23 166272 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys + 2011-10-30 19:11 . 2011-03-11 06:23 148352 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys + 2011-10-30 19:11 . 2011-03-11 06:23 410496 c:\windows\system32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys + 2009-07-14 00:06 . 2009-07-14 01:39 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\fsquirt.exe + 2011-10-30 19:12 . 2011-04-28 03:58 552448 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\bthport.sys + 2011-10-30 19:11 . 2011-03-11 06:22 107904 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdsata.sys + 2009-07-14 05:31 . 2011-10-31 07:31 399360 c:\windows\system32\DriverStore\drvindex.dat - 2009-07-14 05:31 . 2011-10-30 08:21 399360 c:\windows\system32\DriverStore\drvindex.dat - 2009-07-14 05:01 . 2011-10-30 22:53 399624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-11-01 17:22 399624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-10-30 08:19 . 2011-10-30 22:53 400392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3874856960-2651343199-2381090643-1000-8192.dat + 2011-10-30 08:19 . 2011-11-01 17:22 400392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3874856960-2651343199-2381090643-1000-8192.dat + 2011-04-19 08:54 . 2011-04-19 08:54 227328 c:\windows\Installer\5e8a5ca.msi + 2011-04-19 08:21 . 2011-04-19 08:21 235520 c:\windows\Installer\5e8a5c3.msi + 2011-03-18 00:03 . 2011-03-18 00:03 308736 c:\windows\Installer\17c3bd2.msp + 2010-08-04 19:13 . 2010-08-04 19:13 686080 c:\windows\Installer\17c3ab7.msp + 2009-05-26 22:53 . 2009-05-26 22:53 579072 c:\windows\Installer\17c399e.msp + 2010-07-23 05:03 . 2010-07-23 05:03 338432 c:\windows\Installer\17c3971.msp - 2011-10-29 01:50 . 2011-10-30 07:17 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2011-10-29 01:50 . 2011-10-31 07:15 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2011-10-29 01:50 . 2011-10-30 07:17 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2011-10-29 01:50 . 2011-10-31 07:15 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2011-10-29 01:50 . 2011-10-31 07:15 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2011-10-29 01:50 . 2011-10-30 07:17 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2011-10-29 01:50 . 2011-10-30 07:17 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2011-10-29 01:50 . 2011-10-31 07:15 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2011-10-29 01:50 . 2011-10-31 07:15 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2011-10-29 01:50 . 2011-10-30 07:17 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2011-10-29 01:50 . 2011-10-30 07:17 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2011-10-29 01:50 . 2011-10-31 07:15 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2011-10-29 01:50 . 2011-10-30 07:17 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2011-10-29 01:50 . 2011-10-31 07:15 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2009-04-03 22:11 . 2009-04-03 22:11 408424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WINWORD.EXE + 2009-03-06 06:37 . 2009-03-06 06:37 501640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SOA.DLL + 2009-03-04 21:24 . 2009-03-04 21:24 282032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCNPST64.DLL + 2009-03-04 21:24 . 2009-03-04 21:24 273320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCNPST32.DLL + 2009-03-06 06:06 . 2009-03-06 06:06 407904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RTFHTML.DLL + 2009-03-06 08:26 . 2009-03-06 08:26 770464 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\REGFORM.EXE + 2009-03-06 07:41 . 2009-03-06 07:41 589704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PUBCONV.DLL + 2009-01-08 14:59 . 2009-01-08 14:59 624520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PTXT9.DLL + 2009-03-04 21:24 . 2009-03-04 21:24 420696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PSTPRX32.DLL + 2008-10-25 10:21 . 2008-10-25 10:21 136072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PRTF9.DLL + 2011-10-30 07:12 . 2011-10-30 07:12 350064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTPIA.DLL + 2009-04-03 22:04 . 2009-04-03 22:04 521064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\POWERPNT.EXE + 2008-11-21 04:49 . 2008-11-21 04:49 169360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLPH.DLL + 2009-03-06 06:05 . 2009-03-06 06:05 593288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLMIME.DLL + 2008-10-31 01:24 . 2008-10-31 01:24 137552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLCTL.DLL + 2008-10-25 11:52 . 2008-10-25 11:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL + 2008-10-25 11:52 . 2008-10-25 11:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL + 2009-03-06 08:55 . 2009-03-06 08:55 194448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OMSXP32.DLL + 2009-03-06 08:55 . 2009-03-06 08:55 661888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OMSMAIN.DLL + 2009-03-04 21:24 . 2009-03-04 21:24 253808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OLKFSTUB.DLL + 2008-11-04 08:13 . 2008-11-04 08:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSCONV97.DLL + 2009-03-04 21:24 . 2009-03-04 21:24 340304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MIMEDIR.DLL + 2011-10-30 07:12 . 2011-10-30 07:12 118176 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPOMINT.DLL + 2008-10-25 13:27 . 2008-10-25 13:27 177040 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPOLK.DLL + 2009-03-04 21:24 . 2009-03-04 21:24 138072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IMPMAIL.DLL + 2009-02-14 10:04 . 2009-02-14 10:04 625520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBSERVICES.DLL + 2009-02-12 19:19 . 2009-02-12 19:19 688512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBPLATFORMSERVICES.DLL + 2009-03-06 08:33 . 2009-03-06 08:33 961888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEUTIL.DLL + 2009-02-14 10:03 . 2009-02-14 10:03 337264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVE.EXE + 2008-11-21 04:48 . 2008-11-21 04:48 116600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EMABLT32.DLL + 2009-03-06 06:05 . 2009-03-06 06:05 127336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\CONTAB32.DLL + 2008-10-26 10:26 . 2008-10-26 10:26 162680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACCWIZ.DLL + 2011-10-31 07:08 . 2011-10-31 07:08 117144 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll + 2011-10-31 07:09 . 2011-10-31 07:09 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll - 2011-10-30 07:12 . 2011-10-30 07:12 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll + 2011-10-30 08:52 . 2011-03-04 06:17 135168 c:\windows\AppPatch\AppPatch64\AcXtrnal.dll - 2011-10-29 13:49 . 2010-09-10 05:35 135168 c:\windows\AppPatch\AppPatch64\AcXtrnal.dll - 2011-10-29 13:49 . 2010-09-10 05:35 347648 c:\windows\AppPatch\AppPatch64\AcLayers.dll + 2011-10-30 08:52 . 2011-03-04 06:17 347648 c:\windows\AppPatch\AppPatch64\AcLayers.dll + 2009-07-21 04:05 . 2009-07-21 04:05 1348432 c:\windows\SysWOW64\msxml4.dll + 2009-08-18 03:33 . 2009-08-18 03:33 1193832 c:\windows\SysWOW64\FM20.DLL + 2009-07-14 04:45 . 2011-11-01 17:25 3801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2011-10-30 10:24 3801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-21 04:29 . 2009-07-21 04:29 6057984 c:\windows\Installer\5e8a5bc.msi + 2008-10-01 01:07 . 2008-10-01 01:07 6042112 c:\windows\Installer\5e8a5b5.msi + 2011-08-10 21:43 . 2011-08-10 21:43 3795968 c:\windows\Installer\17c3ba0.msp + 2011-04-29 16:28 . 2011-04-29 16:28 1995264 c:\windows\Installer\17c3b7b.msp + 2010-10-21 22:10 . 2010-10-21 22:10 3995136 c:\windows\Installer\17c3b6b.msp + 2011-09-07 01:46 . 2011-09-07 01:46 9006080 c:\windows\Installer\17c3b50.msp + 2011-06-21 15:59 . 2011-06-21 15:59 1764352 c:\windows\Installer\17c3b39.msp + 2010-02-21 05:03 . 2010-02-21 05:03 4472832 c:\windows\Installer\17c3b1e.msp + 2010-08-13 22:02 . 2010-08-13 22:02 2545664 c:\windows\Installer\17c3ae5.msp + 2011-08-10 21:42 . 2011-08-10 21:42 7070208 c:\windows\Installer\17c3ac7.msp + 2011-04-29 16:27 . 2011-04-29 16:27 4158464 c:\windows\Installer\17c3aa0.msp + 2010-08-13 22:00 . 2010-08-13 22:00 9404928 c:\windows\Installer\17c3a78.msp + 2009-08-05 11:49 . 2009-08-05 11:49 3457024 c:\windows\Installer\17c3a5f.msp + 2010-03-24 22:54 . 2010-03-24 22:54 3126272 c:\windows\Installer\17c3a45.msp + 2010-03-24 22:54 . 2010-03-24 22:54 2516992 c:\windows\Installer\17c3a44.msp + 2009-07-27 08:31 . 2009-07-27 08:31 3738624 c:\windows\Installer\17c39fe.msp + 2010-05-20 23:57 . 2010-05-20 23:57 4989952 c:\windows\Installer\17c39f4.msp + 2010-05-20 23:57 . 2010-05-20 23:57 5907456 c:\windows\Installer\17c39f3.msp + 2011-09-07 01:48 . 2011-09-07 01:48 8181248 c:\windows\Installer\17c39be.msp + 2009-10-16 11:08 . 2009-10-16 11:08 2237952 c:\windows\Installer\17c39b5.msp + 2009-08-18 17:08 . 2009-08-18 17:08 1373696 c:\windows\Installer\17c3988.msp + 2010-08-04 19:12 . 2010-08-04 19:12 1004544 c:\windows\Installer\17c395a.msp + 2011-07-27 11:39 . 2011-07-27 11:39 9892352 c:\windows\Installer\17c3911.msp + 2010-11-21 03:33 . 2010-11-21 03:33 1980928 c:\windows\Installer\17c3901.msp + 2011-04-16 04:14 . 2011-04-16 04:14 3186176 c:\windows\Installer\17c38eb.msi + 2011-04-29 16:30 . 2011-04-29 16:30 1197056 c:\windows\Installer\17c38dd.msp - 2011-10-29 01:50 . 2011-10-30 07:17 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2011-10-29 01:50 . 2011-10-31 07:15 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2011-10-29 01:50 . 2011-10-30 07:17 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2011-10-29 01:50 . 2011-10-31 07:15 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-11-21 07:12 . 2008-11-21 07:12 3750256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VVIEWER.DLL + 2008-10-25 13:35 . 2008-10-25 13:35 1847160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL + 2008-08-26 02:50 . 2008-08-26 02:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBE6.DLL + 2008-11-10 06:41 . 2008-11-10 06:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTVIEW.EXE + 2009-04-03 22:04 . 2009-04-03 22:04 8468840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPCORE.DLL + 2009-03-06 08:00 . 2009-03-06 08:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONMAIN.DLL + 2008-11-10 14:49 . 2008-11-10 14:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONLIBS.DLL + 2008-11-25 02:16 . 2008-11-25 02:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTE.EXE + 2009-03-06 06:05 . 2009-03-06 06:05 2964336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OLMAPI32.DLL + 2009-03-06 07:41 . 2009-03-06 07:41 9589096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPUB.EXE + 2009-03-06 08:26 . 2009-03-06 08:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPEDITOR.DLL + 2009-03-06 08:26 . 2009-03-06 08:26 5466488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPDESIGN.DLL + 2008-11-04 04:40 . 2008-11-04 04:40 1442160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\INFOPATH.EXE + 2009-02-14 10:03 . 2009-02-14 10:03 3070832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEDOCUMENTSHARETOOL.DLL + 2008-11-21 03:06 . 2008-11-21 03:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\FM20.DLL + 2009-04-02 18:35 . 2009-04-02 18:35 1787216 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PPCNV.DLL - 2009-07-14 02:34 . 2011-10-30 19:14 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2011-11-01 17:43 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2011-07-27 11:37 . 2011-07-27 11:37 11592192 c:\windows\Installer\17c3952.msp + 2010-07-23 05:04 . 2010-07-23 05:04 11395072 c:\windows\Installer\17c38d4.msp + 2009-04-03 22:21 . 2009-04-03 22:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6425\OART.DLL + 2009-04-03 22:11 . 2009-04-03 22:11 17740136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WWLIB.DLL + 2009-03-06 06:06 . 2009-03-06 06:06 12707696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLOOK.EXE + 2009-03-06 06:37 . 2009-03-06 06:37 10222432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSACCESS.EXE + 2009-04-03 22:11 . 2009-04-03 22:11 18330984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EXCEL.EXE . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="c:\users\Jazzarah\Desktop\sdsetup_revwire207.exe" [bU] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-08-10 974944] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-08-10 4030008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-09-17 89584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Jazzarah\AppData\Roaming\Mozilla\Firefox\Profiles\wx917g4m.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe c:\program files (x86)\Internet Explorer\iexplore.exe . ************************************************************************** . Completion time: 2011-11-01 14:17:11 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-01 18:16 . Pre-Run: 266,946,281,472 bytes free Post-Run: 266,754,822,144 bytes free . - - End Of File - - FC99C0198A0CED5EA836FFDFB5666B31
  7. mrtwallz
    Alright I'll take that back about internet explorer. It still lags
  8. mrtwallz
    And that is the thing i dont get. Everything else seems to come back clean, but my anti-virus software seems to pick it up with ease. I am experiencing redirects to other irrelevant sites, usually from search engines, to other search engines or malicious sites. The computer is running slower than it once was. Especially when trying to use internet explorer, its extremely slow and after a few minutes of use an error message comes up saying it stopped working and restarts Windows explorer. It is rendered next to useless. Thats why i'm using firefox for now. If you go back and look at the last log from mbr it showes internet explorer as a running process near the bottom, even though there was NO iexplorer window open. And it keeps coming back after i use task manager to end the process. And it would even open iexplorer on its own, without anyone ever clicking on it. I have both the partition and win7 x64 recovery disc. Here is the link from VirusTotal: https://www.virustotal.com/file-scan/report.html?id=f926c8bb026928980b1cde50ece3e9dec0d74cf96c932c172323cd1897aab71a-1320121488 And it appears no threat is detected from there either. I ran ESET's Win32/OlmarikTDL4Cleaner and it says Win32/Olmarik isn't found on my system. Just to make sure i scanned with ESET Smart Security again and it still shows its there. Here is the log, i only ran it briefly to show that it picked it up, everything else is clean: Scan Log Version of virus signature database: 6590 (20111031) Date: 11/1/2011 Time: 12:57:46 AM Scanned disks, folders and files: Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\ Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean C:\hiberfil.sys - error opening [4] C:\pagefile.sys - error opening [4] Scan terminated by user. Number of scanned objects: 438 Number of threats found: 1 Number of cleaned objects: 0 Time of completion: 12:58:02 AM Total scanning time: 16 sec (00:00:16) Notes: [4] Object cannot be opened. It may be in use by another application or operating system. If it is really there then it is hiding itself pretty good if you ask me. Update: This is a pretty confusing and frustrating rootkit. The computer seems to be running smoother now, even internet explorer, but still having site redirects. Ran another scan and smart security still shows its in the operating memory. Here is the story: My mom ended up clicking on a link for some free stuff. It allowed all kinds of maleware and viruses to get on here. Alot of files, programs and data were lost. I ended up using a norton recovery disc to get rid of most of them. Then found out online how to manually find and delete the last one. My aunt ended up having to wipe the drive and re-install windows. Bt it was slow and getting alot of site redirects. She used various programs to see if she could find what it was but no luck. Then I installed ESET Smart Security 5 and thats how i found out it was there.
  9. mrtwallz
    This is an HP Pavilion. The disc I was referring to was the ESET SysRescue CD. And yes this computer does have an recovery partition. Here is the log report MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: PEGATRON CORPORATION BIOS Manufacturer: Phoenix Technologies, LTD System Manufacturer: HP-Pavilion System Product Name: AZ205AV-ABA p6300z Logical Drives Mask: 0x0000003c Kernel Drivers (total 186): 0x02809000 \SystemRoot\system32\ntoskrnl.exe 0x02DE5000 \SystemRoot\system32\hal.dll 0x00BBF000 \SystemRoot\system32\kdcom.dll 0x00C21000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll 0x00C2E000 \SystemRoot\system32\PSHED.dll 0x00C42000 \SystemRoot\system32\CLFS.SYS 0x00CA0000 \SystemRoot\system32\CI.dll 0x00ED5000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F79000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F88000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00FDF000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00FE8000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys 0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00E40000 \SystemRoot\System32\drivers\partmgr.sys 0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys 0x00D60000 \SystemRoot\System32\drivers\mountmgr.sys 0x00D7A000 \SystemRoot\system32\DRIVERS\nvstor64.sys 0x01098000 \SystemRoot\system32\DRIVERS\storport.sys 0x010FA000 \SystemRoot\system32\drivers\amdxata.sys 0x01105000 \SystemRoot\system32\drivers\fltmgr.sys 0x01151000 \SystemRoot\system32\drivers\fileinfo.sys 0x01215000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01165000 \SystemRoot\System32\Drivers\msrpc.sys 0x013B7000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01000000 \SystemRoot\System32\Drivers\cng.sys 0x013D1000 \SystemRoot\System32\drivers\pcw.sys 0x013E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x0145B000 \SystemRoot\system32\drivers\ndis.sys 0x0154D000 \SystemRoot\system32\drivers\NETIO.SYS 0x015AD000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01603000 \SystemRoot\System32\drivers\tcpip.sys 0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x015D8000 \SystemRoot\system32\DRIVERS\epfwwfp.sys 0x01855000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x018A1000 \SystemRoot\System32\Drivers\spldr.sys 0x018A9000 \SystemRoot\System32\drivers\rdyboost.sys 0x018E3000 \SystemRoot\System32\Drivers\mup.sys 0x018F5000 \SystemRoot\System32\drivers\hwpolicy.sys 0x018FE000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01938000 \SystemRoot\system32\DRIVERS\disk.sys 0x0194E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01800000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x011C3000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0x0182A000 \SystemRoot\System32\Drivers\Null.SYS 0x01833000 \SystemRoot\System32\Drivers\Beep.SYS 0x00DB9000 \SystemRoot\system32\DRIVERS\ehdrv.sys 0x0183A000 \SystemRoot\System32\drivers\vga.sys 0x01073000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x019E8000 \SystemRoot\System32\drivers\watchdog.sys 0x01848000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x015ED000 \SystemRoot\system32\drivers\rdpencdd.sys 0x015F6000 \SystemRoot\system32\drivers\rdprefmp.sys 0x0144A000 \SystemRoot\System32\Drivers\Msfs.SYS 0x013EC000 \SystemRoot\System32\Drivers\Npfs.SYS 0x00DE0000 \SystemRoot\system32\DRIVERS\tdx.sys 0x01200000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02C81000 \SystemRoot\system32\drivers\afd.sys 0x02D0A000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02D4F000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02D58000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02D7E000 \SystemRoot\system32\DRIVERS\EpfwLWF.sys 0x02D8B000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02D9A000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02DB5000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02C68000 \SystemRoot\System32\drivers\discache.sys 0x02DC9000 \SystemRoot\System32\Drivers\dfsc.sys 0x02DE7000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03A6F000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x03A95000 \SystemRoot\system32\DRIVERS\amdk8.sys 0x03AAC000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x03AB7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x03B0D000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x03B1E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x03B42000 \SystemRoot\system32\DRIVERS\nvmf6264.sys 0x04893000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x05391000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x03C1B000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x03D0F000 \SystemRoot\System32\drivers\dxgmms1.sys 0x03D55000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x03D65000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x03D7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x03D9F000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x03DAB000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x03DDA000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x05393000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x03C00000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x053B4000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x053C3000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x03DF5000 \SystemRoot\system32\DRIVERS\swenum.sys 0x04800000 \SystemRoot\system32\DRIVERS\ks.sys 0x04843000 \SystemRoot\system32\DRIVERS\umbus.sys 0x03B94000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04855000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04016000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x03A00000 \SystemRoot\system32\drivers\portcls.sys 0x0486A000 \SystemRoot\system32\drivers\drmk.sys 0x04000000 \SystemRoot\system32\drivers\ksthunk.sys 0x00080000 \SystemRoot\System32\win32k.sys 0x04006000 \SystemRoot\System32\drivers\Dxapi.sys 0x0197E000 \SystemRoot\system32\DRIVERS\udfs.sys 0x053D2000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00580000 \SystemRoot\System32\TSDDD.dll 0x00610000 \SystemRoot\System32\cdd.dll 0x053E0000 \SystemRoot\System32\Drivers\crashdmp.sys 0x053EE000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x024E1000 \SystemRoot\System32\Drivers\dump_nvstor64.sys 0x02520000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x02533000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x02550000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x02552000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x0255E000 \SystemRoot\system32\drivers\USBSTOR.SYS 0x00940000 \SystemRoot\System32\ATMFD.DLL 0x02579000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x02587000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x025A0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x025A9000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x025B7000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x025C4000 \SystemRoot\system32\drivers\luafv.sys 0x02629000 \SystemRoot\system32\DRIVERS\eamonm.sys 0x0270B000 \SystemRoot\system32\drivers\WudfPf.sys 0x0272C000 \SystemRoot\system32\DRIVERS\epfw.sys 0x0275D000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x02772000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x02400000 \SystemRoot\system32\drivers\HTTP.sys 0x0278A000 \SystemRoot\system32\DRIVERS\bowser.sys 0x027A8000 \SystemRoot\System32\drivers\mpsdrv.sys 0x027C0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x03863000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x038B1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x038D4000 \SystemRoot\system32\drivers\peauth.sys 0x0397A000 \SystemRoot\System32\Drivers\secdrv.SYS 0x03985000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x039B2000 \SystemRoot\System32\drivers\tcpipreg.sys 0x044B9000 \SystemRoot\System32\DRIVERS\srv2.sys 0x04520000 \SystemRoot\System32\DRIVERS\srv.sys 0x04400000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x04453000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x04466000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x04497000 \SystemRoot\system32\DRIVERS\DKRtWrt.sys 0x044A5000 \??\C:\Windows\system32\drivers\mbam.sys 0x045B5000 \??\C:\Users\Jazzarah\AppData\Local\Temp\aswMBR.sys 0x76CB0000 \Windows\System32\ntdll.dll 0x47DB0000 \Windows\System32\smss.exe 0xFEFD0000 \Windows\System32\apisetschema.dll 0xFF410000 \Windows\System32\autochk.exe 0xFE230000 \Windows\System32\shell32.dll 0x76E80000 \Windows\System32\normaliz.dll 0xFE150000 \Windows\System32\oleaut32.dll 0xFE020000 \Windows\System32\rpcrt4.dll 0xFDF80000 \Windows\System32\comdlg32.dll 0xFDEE0000 \Windows\System32\clbcatq.dll 0xFDEC0000 \Windows\System32\sechost.dll 0xFDE20000 \Windows\System32\msvcrt.dll 0xFDDF0000 \Windows\System32\imm32.dll 0xFDDE0000 \Windows\System32\nsi.dll 0xFDBD0000 \Windows\System32\ole32.dll 0xFDBB0000 \Windows\System32\imagehlp.dll 0x76BB0000 \Windows\System32\user32.dll 0xFD950000 \Windows\System32\iertutil.dll 0xFD840000 \Windows\System32\msctf.dll 0xFD770000 \Windows\System32\usp10.dll 0xFD590000 \Windows\System32\setupapi.dll 0xFD410000 \Windows\System32\urlmon.dll 0xFD3C0000 \Windows\System32\ws2_32.dll 0xFD290000 \Windows\System32\wininet.dll 0xFD210000 \Windows\System32\shlwapi.dll 0x76A90000 \Windows\System32\kernel32.dll 0xFD200000 \Windows\System32\lpk.dll 0xFD120000 \Windows\System32\advapi32.dll 0xFD0D0000 \Windows\System32\Wldap32.dll 0x76E70000 \Windows\System32\psapi.dll 0xFD050000 \Windows\System32\difxapi.dll 0xFCFE0000 \Windows\System32\gdi32.dll 0xFCFA0000 \Windows\System32\wintrust.dll 0xFCF80000 \Windows\System32\devobj.dll 0xFCE10000 \Windows\System32\crypt32.dll 0xFCD70000 \Windows\System32\comctl32.dll 0xFCD00000 \Windows\System32\KernelBase.dll 0xFCCC0000 \Windows\System32\cfgmgr32.dll 0xFCCB0000 \Windows\System32\msasn1.dll 0x75A00000 \Windows\SysWOW64\normaliz.dll Processes (total 53): 0 System Idle Process 4 System 284 C:\Windows\System32\smss.exe 436 csrss.exe 480 C:\Windows\System32\wininit.exe 492 csrss.exe 540 C:\Windows\System32\services.exe 568 C:\Windows\System32\lsass.exe 576 C:\Windows\System32\lsm.exe 584 C:\Windows\System32\winlogon.exe 708 C:\Windows\System32\svchost.exe 764 C:\Windows\System32\nvvsvc.exe 792 C:\Windows\System32\svchost.exe 840 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 928 C:\Windows\System32\svchost.exe 972 C:\Windows\System32\svchost.exe 1012 C:\Windows\System32\svchost.exe 1092 C:\Windows\System32\svchost.exe 1180 C:\Windows\System32\svchost.exe 1320 C:\Windows\System32\spoolsv.exe 1360 C:\Windows\System32\svchost.exe 1464 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1516 C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe 1552 C:\Windows\System32\svchost.exe 1584 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 2072 WUDFHost.exe 2172 C:\Windows\System32\svchost.exe 2416 C:\Windows\System32\nvvsvc.exe 2672 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe 2784 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe 2832 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 2908 C:\Windows\System32\SearchIndexer.exe 992 C:\Windows\System32\taskhost.exe 2292 C:\Windows\System32\dwm.exe 1484 C:\Windows\explorer.exe 2392 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 1952 C:\Program Files\Microsoft Security Client\msseces.exe 1084 C:\Program Files\ESET\ESET Smart Security\egui.exe 144 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe 2756 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe 1968 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe 1444 C:\Windows\System32\wuauclt.exe 2092 C:\Windows\System32\svchost.exe 3388 C:\Program Files\Windows Media Player\wmpnetwk.exe 3484 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 3728 C:\Windows\System32\notepad.exe 2432 C:\Windows\System32\audiodg.exe 3696 C:\Program Files (x86)\Internet Explorer\iexplore.exe 816 C:\Windows\System32\SearchProtocolHost.exe 912 C:\Windows\System32\SearchFilterHost.exe 3980 C:\Users\Jazzarah\Downloads\MBRCheck.exe 3340 C:\Windows\System32\conhost.exe 1160 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`caa00000 (NTFS) PhysicalDrive0 Model Number: ST3320418AS, Rev: HP34 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done!
  10. mrtwallz
    Alrighty aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-10-30 20:27:11 ----------------------------- 20:27:11.782 OS Version: Windows x64 6.1.7600 20:27:11.782 Number of processors: 1 586 0x7F02 20:27:11.797 ComputerName: JAZZARAH-PC UserName: Jazzarah 20:27:13.030 Initialize success 20:27:19.956 AVAST engine defs: 11103001 20:27:25.369 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056 20:27:25.369 Disk 0 Vendor: ST332041 HP34 Size: 305245MB BusType: 3 20:27:27.507 Disk 0 MBR read successfully 20:27:27.522 Disk 0 MBR scan 20:27:27.553 Disk 0 unknown MBR code 20:27:27.631 Service scanning 20:27:28.630 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32 20:27:29.503 Modules scanning 20:27:29.503 Disk 0 trace - called modules: 20:27:29.628 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80022bb334]<< 20:27:29.628 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800229f0b0] 20:27:29.628 3 CLASSPNP.SYS[fffff8800199c43f] -> nt!IofCallDriver -> [0xfffffa8001f6fe40] 20:27:29.628 5 ACPI.sys[fffff88000f62781] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8001f7e9d0] 20:27:30.065 \Driver\nvstor64[0xfffffa8001f60550] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80022bb334 20:27:32.405 AVAST engine scan C:\Windows 20:27:50.910 AVAST engine scan C:\Windows\system32 20:31:33.680 AVAST engine scan C:\Windows\system32\drivers 20:31:49.699 AVAST engine scan C:\Users\Jazzarah 20:33:06.481 AVAST engine scan C:\ProgramData 20:33:38.336 Scan finished successfully 20:33:53.905 Disk 0 MBR has been saved successfully to "C:\Users\Jazzarah\Desktop\MBR.dat" 20:33:53.936 The log file has been saved successfully to "C:\Users\Jazzarah\Desktop\aswMBR.txt" aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-10-31 16:52:22 ----------------------------- 16:52:22.471 OS Version: Windows x64 6.1.7600 16:52:22.472 Number of processors: 1 586 0x7F02 16:52:22.473 ComputerName: JAZZARAH-PC UserName: Jazzarah 16:52:23.518 Initialize success 16:52:31.264 AVAST engine defs: 11103001 16:52:34.434 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056 16:52:34.444 Disk 0 Vendor: ST332041 HP34 Size: 305245MB BusType: 3 16:52:36.462 Disk 0 MBR read successfully 16:52:36.462 Disk 0 MBR scan 16:52:36.519 Disk 0 unknown MBR code 16:52:36.523 Service scanning 16:52:37.148 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32 16:52:37.964 Modules scanning 16:52:37.964 Disk 0 trace - called modules: 16:52:37.984 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8002690334]<< 16:52:37.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002674060] 16:52:37.994 3 CLASSPNP.SYS[fffff8800194f43f] -> nt!IofCallDriver -> [0xfffffa800208dca0] 16:52:38.004 5 ACPI.sys[fffff88000f93781] -> nt!IofCallDriver -> \Device\00000056[0xfffffa800209c9c0] 16:52:38.356 \Driver\nvstor64[0xfffffa80020833b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8002690334 16:52:40.824 AVAST engine scan C:\Windows 16:52:47.702 AVAST engine scan C:\Windows\system32 16:54:57.297 AVAST engine scan C:\Windows\system32\drivers 16:55:08.804 AVAST engine scan C:\Users\Jazzarah 16:56:05.937 AVAST engine scan C:\ProgramData 16:57:13.271 Scan finished successfully 17:12:56.022 Disk 0 MBR has been saved successfully to "C:\Users\Jazzarah\Desktop\MBR.dat" 17:12:56.069 The log file has been saved successfully to "C:\Users\Jazzarah\Desktop\aswMBR.txt"
  11. mrtwallz
    Thank you for the assistance. And here is the report: 14:36:34.0829 2896 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01 14:36:35.0318 2896 ============================================================ 14:36:35.0318 2896 Current date / time: 2011/10/31 14:36:35.0318 14:36:35.0318 2896 SystemInfo: 14:36:35.0318 2896 14:36:35.0318 2896 OS Version: 6.1.7600 ServicePack: 0.0 14:36:35.0318 2896 Product type: Workstation 14:36:35.0318 2896 ComputerName: JAZZARAH-PC 14:36:35.0318 2896 UserName: Jazzarah 14:36:35.0318 2896 Windows directory: C:\Windows 14:36:35.0318 2896 System windows directory: C:\Windows 14:36:35.0318 2896 Running under WOW64 14:36:35.0318 2896 Processor architecture: Intel x64 14:36:35.0318 2896 Number of processors: 1 14:36:35.0318 2896 Page size: 0x1000 14:36:35.0318 2896 Boot type: Normal boot 14:36:35.0318 2896 ============================================================ 14:36:37.0226 2896 Initialize success 14:37:55.0043 3600 ============================================================ 14:37:55.0043 3600 Scan started 14:37:55.0043 3600 Mode: Manual; SigCheck; TDLFS; 14:37:55.0043 3600 ============================================================ 14:37:56.0941 3600 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 14:37:59.0525 3600 1394ohci - ok 14:37:59.0624 3600 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 14:38:00.0188 3600 ACPI - ok 14:38:00.0237 3600 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 14:38:00.0404 3600 AcpiPmi - ok 14:38:00.0447 3600 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 14:38:00.0572 3600 adp94xx - ok 14:38:00.0613 3600 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 14:38:00.0723 3600 adpahci - ok 14:38:00.0766 3600 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 14:38:00.0833 3600 adpu320 - ok 14:38:00.0923 3600 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys 14:38:01.0086 3600 AFD - ok 14:38:01.0148 3600 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 14:38:01.0218 3600 agp440 - ok 14:38:01.0250 3600 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 14:38:01.0325 3600 aliide - ok 14:38:01.0341 3600 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 14:38:01.0481 3600 amdide - ok 14:38:01.0521 3600 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 14:38:01.0786 3600 AmdK8 - ok 14:38:01.0894 3600 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 14:38:02.0078 3600 AmdPPM - ok 14:38:02.0371 3600 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 14:38:02.0781 3600 amdsata - ok 14:38:02.0823 3600 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 14:38:03.0013 3600 amdsbs - ok 14:38:03.0885 3600 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 14:38:03.0964 3600 amdxata - ok 14:38:04.0014 3600 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 14:38:04.0365 3600 AppID - ok 14:38:04.0457 3600 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 14:38:04.0491 3600 arc - ok 14:38:04.0510 3600 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 14:38:04.0534 3600 arcsas - ok 14:38:04.0568 3600 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 14:38:04.0784 3600 AsyncMac - ok 14:38:04.0806 3600 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 14:38:04.0858 3600 atapi - ok 14:38:04.0934 3600 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 14:38:05.0156 3600 b06bdrv - ok 14:38:05.0236 3600 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 14:38:05.0308 3600 b57nd60a - ok 14:38:05.0364 3600 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 14:38:05.0567 3600 Beep - ok 14:38:05.0626 3600 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 14:38:05.0783 3600 blbdrive - ok 14:38:05.0820 3600 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 14:38:06.0056 3600 bowser - ok 14:38:06.0103 3600 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:38:06.0149 3600 BrFiltLo - ok 14:38:06.0170 3600 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:38:06.0294 3600 BrFiltUp - ok 14:38:06.0330 3600 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 14:38:06.0527 3600 Brserid - ok 14:38:06.0576 3600 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 14:38:06.0843 3600 BrSerWdm - ok 14:38:06.0920 3600 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:38:07.0177 3600 BrUsbMdm - ok 14:38:07.0230 3600 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 14:38:07.0433 3600 BrUsbSer - ok 14:38:07.0521 3600 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 14:38:07.0681 3600 BTHMODEM - ok 14:38:07.0736 3600 catchme - ok 14:38:07.0843 3600 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 14:38:08.0058 3600 cdfs - ok 14:38:08.0101 3600 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 14:38:08.0314 3600 cdrom - ok 14:38:08.0375 3600 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 14:38:08.0501 3600 circlass - ok 14:38:08.0557 3600 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 14:38:08.0639 3600 CLFS - ok 14:38:08.0669 3600 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 14:38:09.0035 3600 CmBatt - ok 14:38:09.0081 3600 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 14:38:09.0203 3600 cmdide - ok 14:38:09.0242 3600 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 14:38:09.0327 3600 CNG - ok 14:38:09.0344 3600 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 14:38:09.0379 3600 Compbatt - ok 14:38:09.0449 3600 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 14:38:09.0590 3600 CompositeBus - ok 14:38:09.0646 3600 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 14:38:09.0734 3600 crcdisk - ok 14:38:09.0815 3600 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 14:38:09.0994 3600 DfsC - ok 14:38:10.0165 3600 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 14:38:10.0451 3600 discache - ok 14:38:10.0479 3600 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 14:38:10.0565 3600 Disk - ok 14:38:10.0601 3600 DKRtWrt (3e3243506251da85c8cbe9a64a366ebf) C:\Windows\system32\DRIVERS\DKRtWrt.sys 14:38:10.0934 3600 DKRtWrt - ok 14:38:11.0169 3600 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 14:38:11.0436 3600 drmkaud - ok 14:38:11.0485 3600 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 14:38:11.0644 3600 DXGKrnl - ok 14:38:11.0707 3600 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys 14:38:11.0798 3600 eamonm - ok 14:38:12.0041 3600 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 14:38:12.0404 3600 ebdrv - ok 14:38:12.0459 3600 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys 14:38:12.0625 3600 ehdrv - ok 14:38:12.0715 3600 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 14:38:12.0888 3600 elxstor - ok 14:38:12.0953 3600 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys 14:38:13.0045 3600 epfw - ok 14:38:13.0085 3600 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys 14:38:13.0221 3600 EpfwLWF - ok 14:38:13.0257 3600 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys 14:38:13.0435 3600 epfwwfp - ok 14:38:13.0495 3600 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 14:38:13.0849 3600 ErrDev - ok 14:38:13.0904 3600 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 14:38:14.0220 3600 exfat - ok 14:38:14.0508 3600 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 14:38:14.0716 3600 fastfat - ok 14:38:14.0750 3600 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 14:38:15.0242 3600 fdc - ok 14:38:15.0365 3600 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 14:38:15.0464 3600 FileInfo - ok 14:38:15.0540 3600 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 14:38:15.0992 3600 Filetrace - ok 14:38:16.0009 3600 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 14:38:16.0204 3600 flpydisk - ok 14:38:16.0230 3600 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 14:38:16.0299 3600 FltMgr - ok 14:38:16.0333 3600 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 14:38:16.0402 3600 FsDepends - ok 14:38:16.0439 3600 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 14:38:16.0556 3600 Fs_Rec - ok 14:38:16.0617 3600 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 14:38:16.0676 3600 fvevol - ok 14:38:16.0686 3600 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 14:38:16.0868 3600 gagp30kx - ok 14:38:16.0904 3600 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 14:38:17.0076 3600 hcw85cir - ok 14:38:17.0136 3600 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 14:38:17.0247 3600 HDAudBus - ok 14:38:17.0264 3600 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 14:38:17.0470 3600 HidBatt - ok 14:38:17.0496 3600 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 14:38:18.0349 3600 HidBth - ok 14:38:18.0410 3600 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 14:38:18.0899 3600 HidIr - ok 14:38:18.0953 3600 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 14:38:19.0135 3600 HidUsb - ok 14:38:19.0270 3600 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 14:38:25.0175 3600 HpSAMD - ok 14:38:25.0317 3600 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 14:38:25.0464 3600 HTTP - ok 14:38:25.0603 3600 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 14:38:25.0644 3600 hwpolicy - ok 14:38:25.0681 3600 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 14:38:25.0724 3600 i8042prt - ok 14:38:25.0782 3600 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 14:38:25.0823 3600 iaStorV - ok 14:38:25.0874 3600 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 14:38:25.0896 3600 iirsp - ok 14:38:25.0982 3600 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys 14:38:26.0334 3600 IntcAzAudAddService - ok 14:38:26.0381 3600 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 14:38:26.0404 3600 intelide - ok 14:38:26.0427 3600 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 14:38:26.0676 3600 intelppm - ok 14:38:26.0707 3600 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:38:26.0827 3600 IpFilterDriver - ok 14:38:26.0888 3600 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 14:38:27.0086 3600 IPMIDRV - ok 14:38:27.0124 3600 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 14:38:27.0320 3600 IPNAT - ok 14:38:27.0356 3600 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 14:38:27.0533 3600 IRENUM - ok 14:38:27.0573 3600 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 14:38:27.0604 3600 isapnp - ok 14:38:27.0643 3600 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 14:38:27.0715 3600 iScsiPrt - ok 14:38:27.0752 3600 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 14:38:27.0805 3600 kbdclass - ok 14:38:27.0839 3600 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 14:38:28.0003 3600 kbdhid - ok 14:38:28.0051 3600 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 14:38:28.0090 3600 KSecDD - ok 14:38:28.0151 3600 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 14:38:28.0179 3600 KSecPkg - ok 14:38:28.0246 3600 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 14:38:28.0408 3600 ksthunk - ok 14:38:28.0580 3600 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 14:38:28.0744 3600 lltdio - ok 14:38:28.0825 3600 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 14:38:28.0865 3600 LSI_FC - ok 14:38:28.0898 3600 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 14:38:28.0940 3600 LSI_SAS - ok 14:38:28.0962 3600 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:38:29.0018 3600 LSI_SAS2 - ok 14:38:29.0056 3600 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:38:29.0107 3600 LSI_SCSI - ok 14:38:29.0227 3600 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 14:38:29.0324 3600 luafv - ok 14:38:29.0415 3600 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys 14:38:29.0541 3600 MBAMProtector - ok 14:38:29.0608 3600 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 14:38:29.0693 3600 megasas - ok 14:38:29.0765 3600 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 14:38:29.0956 3600 MegaSR - ok 14:38:29.0994 3600 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 14:38:30.0146 3600 Modem - ok 14:38:30.0206 3600 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 14:38:30.0347 3600 monitor - ok 14:38:30.0398 3600 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 14:38:30.0434 3600 mouclass - ok 14:38:30.0460 3600 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 14:38:30.0651 3600 mouhid - ok 14:38:30.0813 3600 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 14:38:30.0831 3600 mountmgr - ok 14:38:30.0931 3600 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys 14:38:31.0036 3600 MpFilter - ok 14:38:31.0115 3600 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 14:38:31.0156 3600 mpio - ok 14:38:31.0190 3600 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys 14:38:31.0232 3600 MpNWMon - ok 14:38:31.0266 3600 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 14:38:31.0565 3600 mpsdrv - ok 14:38:31.0627 3600 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 14:38:31.0725 3600 MRxDAV - ok 14:38:31.0809 3600 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:38:31.0966 3600 mrxsmb - ok 14:38:32.0027 3600 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:38:32.0066 3600 mrxsmb10 - ok 14:38:32.0123 3600 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:38:32.0477 3600 mrxsmb20 - ok 14:38:32.0529 3600 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 14:38:32.0589 3600 msahci - ok 14:38:32.0616 3600 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 14:38:32.0688 3600 msdsm - ok 14:38:32.0730 3600 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 14:38:32.0863 3600 Msfs - ok 14:38:32.0911 3600 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 14:38:32.0989 3600 mshidkmdf - ok 14:38:33.0030 3600 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 14:38:33.0081 3600 msisadrv - ok 14:38:33.0139 3600 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 14:38:33.0268 3600 MSKSSRV - ok 14:38:33.0317 3600 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 14:38:33.0443 3600 MSPCLOCK - ok 14:38:33.0491 3600 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 14:38:33.0601 3600 MSPQM - ok 14:38:33.0768 3600 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 14:38:33.0805 3600 MsRPC - ok 14:38:33.0872 3600 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 14:38:33.0891 3600 mssmbios - ok 14:38:33.0952 3600 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 14:38:34.0117 3600 MSTEE - ok 14:38:34.0188 3600 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 14:38:34.0256 3600 MTConfig - ok 14:38:34.0301 3600 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 14:38:34.0345 3600 Mup - ok 14:38:34.0396 3600 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 14:38:35.0215 3600 NativeWifiP - ok 14:38:35.0307 3600 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 14:38:35.0340 3600 NDIS - ok 14:38:35.0371 3600 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 14:38:35.0788 3600 NdisCap - ok 14:38:35.0815 3600 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 14:38:35.0933 3600 NdisTapi - ok 14:38:35.0999 3600 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 14:38:36.0308 3600 Ndisuio - ok 14:38:36.0333 3600 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 14:38:36.0561 3600 NdisWan - ok 14:38:36.0583 3600 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 14:38:36.0745 3600 NDProxy - ok 14:38:36.0782 3600 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 14:38:36.0935 3600 NetBIOS - ok 14:38:36.0959 3600 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 14:38:37.0497 3600 NetBT - ok 14:38:37.0580 3600 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 14:38:37.0636 3600 nfrd960 - ok 14:38:37.0676 3600 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 14:38:37.0714 3600 NisDrv - ok 14:38:37.0749 3600 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 14:38:38.0037 3600 Npfs - ok 14:38:38.0071 3600 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 14:38:38.0234 3600 nsiproxy - ok 14:38:38.0516 3600 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 14:38:38.0694 3600 Ntfs - ok 14:38:38.0825 3600 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 14:38:39.0076 3600 Null - ok 14:38:39.0470 3600 nvlddmkm (181b6e6f49f9f3ad05589b48e29ba167) C:\Windows\system32\DRIVERS\nvlddmkm.sys 14:38:39.0964 3600 nvlddmkm - ok 14:38:40.0034 3600 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys 14:38:40.0099 3600 NVNET - ok 14:38:40.0151 3600 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 14:38:40.0221 3600 nvraid - ok 14:38:40.0258 3600 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 14:38:40.0306 3600 nvstor - ok 14:38:40.0355 3600 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys 14:38:40.0388 3600 nvstor64 - ok 14:38:40.0443 3600 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 14:38:40.0486 3600 nv_agp - ok 14:38:40.0512 3600 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 14:38:40.0605 3600 ohci1394 - ok 14:38:40.0676 3600 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 14:38:40.0748 3600 Parport - ok 14:38:40.0778 3600 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 14:38:40.0880 3600 partmgr - ok 14:38:40.0911 3600 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 14:38:41.0049 3600 pci - ok 14:38:41.0088 3600 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 14:38:41.0173 3600 pciide - ok 14:38:41.0271 3600 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 14:38:41.0378 3600 pcmcia - ok 14:38:41.0400 3600 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 14:38:41.0453 3600 pcw - ok 14:38:41.0502 3600 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 14:38:41.0670 3600 PEAUTH - ok 14:38:41.0869 3600 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 14:38:42.0061 3600 PptpMiniport - ok 14:38:42.0088 3600 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 14:38:42.0199 3600 Processor - ok 14:38:42.0260 3600 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 14:38:42.0441 3600 Psched - ok 14:38:42.0581 3600 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 14:38:42.0665 3600 ql2300 - ok 14:38:42.0703 3600 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 14:38:42.0737 3600 ql40xx - ok 14:38:42.0826 3600 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 14:38:42.0929 3600 QWAVEdrv - ok 14:38:42.0977 3600 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 14:38:43.0056 3600 RasAcd - ok 14:38:43.0138 3600 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:38:43.0249 3600 RasAgileVpn - ok 14:38:43.0301 3600 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:38:43.0390 3600 Rasl2tp - ok 14:38:43.0420 3600 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 14:38:43.0513 3600 RasPppoe - ok 14:38:43.0548 3600 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 14:38:43.0678 3600 RasSstp - ok 14:38:43.0720 3600 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 14:38:43.0944 3600 rdbss - ok 14:38:44.0114 3600 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 14:38:44.0240 3600 rdpbus - ok 14:38:44.0281 3600 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:38:44.0374 3600 RDPCDD - ok 14:38:44.0411 3600 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 14:38:44.0561 3600 RDPENCDD - ok 14:38:44.0615 3600 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 14:38:44.0720 3600 RDPREFMP - ok 14:38:44.0796 3600 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 14:38:44.0989 3600 RDPWD - ok 14:38:45.0080 3600 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 14:38:45.0230 3600 rdyboost - ok 14:38:45.0339 3600 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 14:38:45.0419 3600 rspndr - ok 14:38:45.0465 3600 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 14:38:45.0529 3600 sbp2port - ok 14:38:45.0564 3600 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 14:38:45.0672 3600 scfilter - ok 14:38:45.0766 3600 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 14:38:45.0860 3600 secdrv - ok 14:38:45.0951 3600 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 14:38:46.0000 3600 Serenum - ok 14:38:46.0037 3600 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 14:38:46.0214 3600 Serial - ok 14:38:46.0233 3600 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 14:38:46.0319 3600 sermouse - ok 14:38:46.0367 3600 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 14:38:46.0490 3600 sffdisk - ok 14:38:46.0556 3600 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 14:38:46.0703 3600 sffp_mmc - ok 14:38:46.0724 3600 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 14:38:46.0788 3600 sffp_sd - ok 14:38:46.0828 3600 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 14:38:46.0893 3600 sfloppy - ok 14:38:46.0961 3600 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:38:47.0018 3600 SiSRaid2 - ok 14:38:47.0046 3600 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 14:38:47.0095 3600 SiSRaid4 - ok 14:38:47.0138 3600 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 14:38:47.0253 3600 Smb - ok 14:38:47.0312 3600 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 14:38:47.0363 3600 spldr - ok 14:38:47.0455 3600 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 14:38:47.0579 3600 srv - ok 14:38:47.0619 3600 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 14:38:47.0718 3600 srv2 - ok 14:38:47.0780 3600 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 14:38:47.0828 3600 srvnet - ok 14:38:47.0900 3600 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 14:38:47.0927 3600 stexstor - ok 14:38:47.0975 3600 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 14:38:48.0031 3600 swenum - ok 14:38:48.0199 3600 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys 14:38:48.0303 3600 Tcpip - ok 14:38:48.0383 3600 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys 14:38:48.0476 3600 TCPIP6 - ok 14:38:48.0610 3600 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 14:38:48.0735 3600 tcpipreg - ok 14:38:48.0889 3600 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 14:38:49.0006 3600 TDPIPE - ok 14:38:49.0044 3600 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 14:38:49.0137 3600 TDTCP - ok 14:38:49.0175 3600 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 14:38:49.0351 3600 tdx - ok 14:38:49.0438 3600 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 14:38:49.0468 3600 TermDD - ok 14:38:49.0609 3600 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:38:49.0695 3600 tssecsrv - ok 14:38:49.0753 3600 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 14:38:49.0855 3600 tunnel - ok 14:38:49.0920 3600 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 14:38:49.0958 3600 uagp35 - ok 14:38:50.0021 3600 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 14:38:50.0111 3600 udfs - ok 14:38:50.0316 3600 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 14:38:50.0413 3600 uliagpkx - ok 14:38:50.0461 3600 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 14:38:50.0566 3600 umbus - ok 14:38:50.0588 3600 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 14:38:50.0650 3600 UmPass - ok 14:38:50.0746 3600 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys 14:38:50.0911 3600 usbccgp - ok 14:38:50.0965 3600 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 14:38:51.0007 3600 usbcir - ok 14:38:51.0057 3600 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys 14:38:51.0112 3600 usbehci - ok 14:38:51.0263 3600 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 14:38:51.0456 3600 usbhub - ok 14:38:51.0511 3600 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys 14:38:52.0057 3600 usbohci - ok 14:38:52.0140 3600 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 14:38:52.0206 3600 usbprint - ok 14:38:52.0264 3600 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS 14:38:52.0366 3600 USBSTOR - ok 14:38:52.0438 3600 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 14:38:52.0488 3600 usbuhci - ok 14:38:52.0580 3600 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 14:38:52.0673 3600 vdrvroot - ok 14:38:52.0749 3600 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 14:38:52.0777 3600 vga - ok 14:38:52.0822 3600 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 14:38:52.0924 3600 VgaSave - ok 14:38:52.0976 3600 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 14:38:53.0048 3600 vhdmp - ok 14:38:53.0153 3600 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 14:38:53.0427 3600 viaide - ok 14:38:53.0480 3600 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 14:38:53.0554 3600 volmgr - ok 14:38:53.0603 3600 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 14:38:53.0649 3600 volmgrx - ok 14:38:53.0688 3600 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 14:38:53.0890 3600 volsnap - ok 14:38:54.0042 3600 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 14:38:54.0126 3600 vsmraid - ok 14:38:54.0418 3600 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 14:38:55.0100 3600 vwifibus - ok 14:38:55.0442 3600 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 14:38:55.0990 3600 WacomPen - ok 14:38:56.0558 3600 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 14:38:57.0041 3600 WANARP - ok 14:38:57.0090 3600 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 14:38:57.0178 3600 Wanarpv6 - ok 14:38:57.0704 3600 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 14:38:57.0754 3600 Wd - ok 14:38:58.0006 3600 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 14:38:58.0050 3600 Wdf01000 - ok 14:38:58.0520 3600 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 14:38:58.0595 3600 WfpLwf - ok 14:38:58.0702 3600 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 14:38:58.0775 3600 WIMMount - ok 14:38:58.0996 3600 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 14:38:59.0066 3600 WmiAcpi - ok 14:38:59.0168 3600 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 14:38:59.0270 3600 ws2ifsl - ok 14:38:59.0422 3600 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 14:38:59.0499 3600 WudfPf - ok 14:38:59.0524 3600 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:38:59.0624 3600 WUDFRd - ok 14:38:59.0685 3600 MBR (0x1B8) (bd85578ed40a5b15d5d665eecbdf254e) \Device\Harddisk0\DR0 14:38:59.0806 3600 \Device\Harddisk0\DR0 - ok 14:38:59.0888 3600 Boot (0x1200) (061ab3bb7ce4fd46765194f221867f50) \Device\Harddisk0\DR0\Partition0 14:38:59.0888 3600 \Device\Harddisk0\DR0\Partition0 - ok 14:38:59.0908 3600 Boot (0x1200) (c41e248259529766ea267e13c75126bc) \Device\Harddisk0\DR0\Partition1 14:38:59.0908 3600 \Device\Harddisk0\DR0\Partition1 - ok 14:38:59.0948 3600 Boot (0x1200) (7a4a912355ee8433b96875cc5bec9f1e) \Device\Harddisk0\DR0\Partition2 14:38:59.0948 3600 \Device\Harddisk0\DR0\Partition2 - ok 14:38:59.0958 3600 ============================================================ 14:38:59.0958 3600 Scan finished 14:38:59.0958 3600 ============================================================ 14:39:00.0008 3168 Detected object count: 0 14:39:00.0008 3168 Actual detected object count: 0
  12. mrtwallz
    ESET Smart Security 5 detected a "Win32/Olmarik.TDL4 trojan" in the operating memory and is unable to clean it. I tried the recovery disc to clean it but for some reason the recovery disc doesn't detect it. Here is the DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by Jazzarah at 20:59:32 on 2011-10-30 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.646 [GMT -4:00] . AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll uRun: [spyware Doctor] C:\Users\Jazzarah\Desktop\sdsetup_revwire207.exe -min mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{909799A3-85C7-4137-9C82-28400D4D7FCC} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jazzarah\AppData\Roaming\Mozilla\Firefox\Profiles\wx917g4m.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?] R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-8-9 974944] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-28 366152] R3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== File Associations =============== . inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %* VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2011-10-30 23:51:23 -------- d-sh--w- C:\$RECYCLE.BIN 2011-10-30 22:54:08 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CCC43AC-641B-4114-84BB-ECF3373D396F}\offreg.dll 2011-10-30 22:12:05 98816 ----a-w- C:\Windows\sed.exe 2011-10-30 22:12:05 518144 ----a-w- C:\Windows\SWREG.exe 2011-10-30 22:12:05 256000 ----a-w- C:\Windows\PEV.exe 2011-10-30 22:12:05 208896 ----a-w- C:\Windows\MBR.exe 2011-10-30 22:10:54 -------- d-----w- C:\commy.exe 2011-10-30 22:01:53 -------- d-----w- C:\ComboFix 2011-10-30 21:27:24 -------- d-----w- C:\ProgramData\PC Tools 2011-10-30 19:50:07 -------- d-----w- C:\Program Files\Windows Imaging 2011-10-30 19:48:52 -------- d-----w- C:\Program Files\Windows AIK 2011-10-30 17:56:13 -------- d-----w- C:\Users\Jazzarah\AppData\Local\Diagnostics 2011-10-30 17:20:14 -------- d-----w- C:\Diskeeper2011Patch 2011-10-30 17:19:27 44624 ----a-w- C:\Windows\System32\drivers\DKRtWrt.sys 2011-10-30 17:19:16 -------- d-----w- C:\ProgramData\Diskeeper Corporation 2011-10-30 17:19:16 -------- d-----w- C:\Program Files\Common Files\Diskeeper Corporation 2011-10-30 17:19:12 -------- d-----w- C:\Program Files\Diskeeper Corporation 2011-10-30 15:03:33 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CCC43AC-641B-4114-84BB-ECF3373D396F}\mpengine.dll 2011-10-30 14:57:00 -------- d-----w- C:\Users\Jazzarah\AppData\Roaming\ESET 2011-10-30 14:57:00 -------- d-----w- C:\Users\Jazzarah\AppData\Local\ESET 2011-10-30 14:53:11 -------- d-----w- C:\Program Files\ESET 2011-10-30 08:21:25 -------- d-----w- C:\Windows\SysWow64\Wat 2011-10-30 08:21:25 -------- d-----w- C:\Windows\System32\Wat 2011-10-30 07:56:05 367104 ----a-w- C:\Windows\System32\wcncsvc.dll 2011-10-30 07:56:05 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll 2011-10-30 07:21:46 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll 2011-10-30 07:21:46 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll 2011-10-30 07:21:46 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll 2011-10-30 07:21:46 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe 2011-10-30 07:21:46 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2011-10-30 07:21:46 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll 2011-10-30 07:21:45 48960 ----a-w- C:\Windows\System32\netfxperf.dll 2011-10-30 07:21:45 444752 ----a-w- C:\Windows\System32\mscoree.dll 2011-10-30 07:21:45 320352 ----a-w- C:\Windows\System32\PresentationHost.exe 2011-10-30 07:21:45 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2011-10-30 07:00:46 243712 ----a-w- C:\Windows\System32\drivers\ks.sys 2011-10-29 22:09:59 -------- d-----w- C:\Users\Jazzarah\AppData\Local\ElevatedDiagnostics 2011-10-29 14:09:04 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-10-29 14:09:04 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-10-29 14:04:55 714752 ----a-w- C:\Windows\System32\kerberos.dll 2011-10-29 14:04:54 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll 2011-10-29 14:01:59 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll 2011-10-29 14:00:53 2228224 ----a-w- C:\Windows\System32\mssrch.dll 2011-10-29 13:59:47 422912 ----a-w- C:\Windows\System32\secproc_isv.dll 2011-10-29 13:58:59 1739176 ----a-w- C:\Windows\System32\ntdll.dll 2011-10-29 13:58:57 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll 2011-10-29 13:58:42 552960 ----a-w- C:\Windows\System32\msdri.dll 2011-10-29 13:58:28 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll 2011-10-29 13:58:28 1024512 ----a-w- C:\Windows\System32\wmpmde.dll 2011-10-29 13:58:06 3134976 ----a-w- C:\Windows\System32\win32k.sys 2011-10-29 13:56:20 461312 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-10-29 13:55:55 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll 2011-10-29 13:54:20 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2011-10-29 13:53:59 389632 ----a-w- C:\Windows\System32\winlogon.exe 2011-10-29 13:52:45 52224 ----a-w- C:\Windows\System32\rtutils.dll 2011-10-29 13:52:45 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll 2011-10-29 13:52:40 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2011-10-29 13:52:39 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2011-10-29 13:52:39 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2011-10-29 13:52:38 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll 2011-10-29 13:49:13 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll 2011-10-29 13:48:16 395776 ----a-w- C:\Windows\System32\webio.dll 2011-10-29 13:48:16 314368 ----a-w- C:\Windows\SysWow64\webio.dll 2011-10-29 13:45:49 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2011-10-29 13:45:49 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2011-10-29 13:45:46 12625920 ----a-w- C:\Windows\System32\wmploc.DLL 2011-10-29 13:45:46 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2011-10-29 13:45:40 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe 2011-10-29 13:45:40 31232 ----a-w- C:\Windows\System32\prevhost.exe 2011-10-29 13:45:31 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe 2011-10-29 13:45:23 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-10-29 13:45:22 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-10-29 13:40:24 112000 ----a-w- C:\Windows\System32\consent.exe 2011-10-29 13:39:57 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys 2011-10-29 13:34:45 861184 ----a-w- C:\Windows\System32\oleaut32.dll 2011-10-29 13:34:45 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-10-29 13:34:44 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-10-29 13:34:43 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-10-29 13:33:43 720896 ----a-w- C:\Windows\System32\odbc32.dll 2011-10-29 13:33:43 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll 2011-10-29 13:33:42 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2011-10-29 13:33:41 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2011-10-29 13:33:40 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2011-10-29 13:33:40 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2011-10-29 13:33:39 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2011-10-29 13:33:39 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2011-10-29 13:33:38 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2011-10-29 13:33:38 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2011-10-29 13:13:00 9728 ----a-w- C:\Windows\SysWow64\sscore.dll 2011-10-29 13:13:00 236032 ----a-w- C:\Windows\System32\srvsvc.dll 2011-10-29 13:12:35 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-10-29 13:12:32 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-10-29 13:12:32 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-10-29 05:07:35 -------- d-----w- C:\ProgramData\Recovery 2011-10-29 03:58:39 -------- d-----w- C:\ProgramData\Kaspersky Lab 2011-10-29 03:42:42 -------- d-----w- C:\Users\Jazzarah\AppData\Roaming\Malwarebytes 2011-10-29 03:41:57 -------- d-----w- C:\ProgramData\Malwarebytes 2011-10-29 03:41:52 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-10-29 03:41:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-10-29 02:19:16 -------- d-----w- C:\Users\Jazzarah\AppData\Local\Adobe 2011-10-29 02:13:05 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-10-29 02:09:53 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F27C297-953F-4CA0-A9B0-8A8FA371B6A8}\gapaengine.dll 2011-10-29 01:54:29 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2011-10-29 01:53:44 -------- d-----w- C:\Program Files\Microsoft Security Client 2011-10-29 01:53:30 374664 ----a-w- C:\Windows\System32\drivers\netio.sys 2011-10-29 01:42:17 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2011-10-29 01:41:09 -------- d-----w- C:\Users\Jazzarah\AppData\Local\Microsoft Help 2011-10-29 01:39:23 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F440A80E-0CEC-44D6-8E1F-7F8CBB78624C}\mpengine.dll 2011-10-29 01:39:21 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-10-29 01:26:19 -------- d-----w- C:\Users\Jazzarah\AppData\Roaming\HpUpdate 2011-10-29 01:25:31 220672 ----a-w- C:\Windows\System32\wintrust.dll 2011-10-29 01:25:30 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll 2011-10-29 01:25:29 139264 ----a-w- C:\Windows\System32\cabview.dll 2011-10-29 01:25:29 132608 ----a-w- C:\Windows\SysWow64\cabview.dll 2011-10-29 01:21:08 -------- d-----w- C:\Users\Jazzarah\AppData\Roaming\PictureMover 2011-10-29 01:20:19 -------- d-----w- C:\Users\Jazzarah\AppData\Local\Hewlett-Packard . ==================== Find3M ==================== . 2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll 2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec 2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax 2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax 2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax 2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax 2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax 2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax 2011-08-09 17:57:12 202576 ----a-w- C:\Windows\System32\drivers\eamonm.sys 2011-08-04 13:20:38 62496 ----a-w- C:\Windows\System32\drivers\epfwwfp.sys 2011-08-04 13:20:38 38288 ----a-w- C:\Windows\System32\drivers\EpfwLWF.sys 2011-08-04 13:20:38 187632 ----a-w- C:\Windows\System32\drivers\epfw.sys 2011-08-04 13:20:38 146432 ----a-w- C:\Windows\System32\drivers\ehdrv.sys . ============= FINISH: 21:07:38.63 =============== Here is the Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 10/28/2011 9:17:23 PM System Uptime: 10/30/2011 8:05:47 PM (1 hours ago) . Motherboard: PEGATRON CORPORATION | | NARRA5 Processor: AMD Sempron Processor LE-1300 | Socket AM2 | 2300/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 287 GiB total, 247.194 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.343 GiB free. E: is CDROM (UDF) F: is Removable G: is FIXED (NTFS) - 466 GiB total, 46.31 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: Description: Photosmart Prem C310 series Device ID: USB\VID_03F0&PID_8F11&MI_00\6&9712CBA&0&0000 Manufacturer: Name: Photosmart Prem C310 series PNP Device ID: USB\VID_03F0&PID_8F11&MI_00\6&9712CBA&0&0000 Service: . Class GUID: Description: Photosmart Prem C310 series Device ID: USB\VID_03F0&PID_8F11&MI_02\6&9712CBA&0&0002 Manufacturer: Name: Photosmart Prem C310 series PNP Device ID: USB\VID_03F0&PID_8F11&MI_02\6&9712CBA&0&0002 Service: . ==== System Restore Points =================== . RP1: 10/28/2011 9:19:31 PM - Scripted restore RP2: 10/28/2011 9:25:33 PM - Windows Update RP3: 10/28/2011 9:36:56 PM - Installed Microsoft Office Enterprise 2007 RP4: 10/28/2011 9:38:01 PM - Windows Update RP5: 10/28/2011 9:53:05 PM - Windows Update RP6: 10/28/2011 10:07:18 PM - Windows Update RP7: 10/28/2011 10:35:32 PM - Installed Adobe Reader X (10.1.0). RP8: 10/30/2011 1:40:48 AM - Windows Update RP9: 10/30/2011 3:00:29 AM - Windows Update RP10: 10/30/2011 10:51:12 AM - Installed ESET Smart Security RP11: 10/30/2011 1:18:49 PM - Installed Diskeeper 2011. RP12: 10/30/2011 3:46:53 PM - Installed Windows Automated Installation Kit . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader X (10.1.1) Compatibility Pack for the 2007 Office system CyberLink DVD Suite Deluxe DirectX for Managed Code Update (Summer 2004) DVD Menu Pack for HP MediaSmart Video HP Advisor HP Customer Experience Enhancements HP Games HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP MediaSmart/TouchSmart Netflix HP Odometer HP Remote Solution HP Setup HP Support Assistant HP Support Information HP Update HPAsset component for HP Active Support Library Junk Mail filter update LabelPrint LightScribe System Software Malwarebytes' Anti-Malware version 1.51.2.1300 Microsoft Choice Guard Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 7.0.1 (x86 en-US) MSVCRT Norton Online Backup PictureMover Power2Go PowerDirector Realtek High Definition Audio Driver Recovery Manager Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2596560) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 10/30/2011 7:07:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2. 10/30/2011 6:52:48 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 10/30/2011 6:48:42 PM, Error: Application Popup [1060] - \??\C:\commy.exe\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 10/30/2011 5:53:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 10/30/2011 5:35:25 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 10/30/2011 5:26:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/30/2011 5:26:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/30/2011 5:26:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/30/2011 5:26:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/30/2011 5:26:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/30/2011 5:25:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv MpFilter spldr Wanarpv6 10/30/2011 4:28:41 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting. 10/30/2011 4:24:41 AM, Error: Service Control Manager [7023] - 10/30/2011 4:23:53 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 10/30/2011 4:22:26 AM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s). 10/30/2011 4:22:26 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). 10/30/2011 4:19:09 AM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control. 10/30/2011 3:48:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243). 10/30/2011 3:33:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688). 10/30/2011 3:27:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430). 10/30/2011 3:00:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 10/30/2011 1:30:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.