DDS and attach file ask asked for - security shield ?

N0ISV · January 28, 2012

Hope I did this right?

Wayne-N0ISV

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by N0ISV_NZXT at 14:38:31 on 2012-01-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6534 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files (x86)\MSN\MSNCoreFiles\msn.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

uRun: [googletalk] C:\Users\N0ISV_NZXT\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRunOnce: [dfqoxtgnvs] C:\Users\N0ISV_NZXT\AppData\Local\dfqoxtgnvs.exe

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{0A002D6D-8962-4E5D-BA52-25163F6E29F8} : DhcpNameServer = 192.168.0.1 205.171.3.25

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File

mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\N0ISV_NZXT\AppData\Roaming\Mozilla\Firefox\Profiles\o0cktieo.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-29 652872]

S2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\CA\PCPitstopScheduleService.exe [2011-5-13 90864]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-28 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-28 136176]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 MOTMHVService;Motorola MotoHomeViewer Service;C:\Program Files (x86)\MOTNetMap\MHVSvc.exe [2011-7-4 233472]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-01-28 17:56:02 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{A5D8B995-CAEB-4082-B7AD-FCBE62E99D68}

2012-01-28 17:55:50 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{9E25484B-3329-47B8-AB21-6E362B384390}

2012-01-28 16:02:54 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5AAE5269-B2AE-4963-9A9E-22850C992BC8}\mpengine.dll

2012-01-28 14:12:28 -------- d-----w- C:\4700a8e896672afad83fdc0ca60d3ccc

2012-01-28 14:07:55 334848 ----a-w- C:\Users\N0ISV_NZXT\AppData\Local\gryklup.exe

2012-01-28 14:07:53 334848 ----a-w- C:\Users\N0ISV_NZXT\AppData\Local\dfqoxtgnvs.exe

2012-01-27 21:54:49 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{B4155263-151F-4467-8492-50404F6D2330}

2012-01-27 21:54:37 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{DCC265C9-0827-4D70-B945-DB805AE06191}

2012-01-26 23:52:32 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{75223CEA-E6EC-450F-8569-12B22F4DC99E}

2012-01-26 23:52:20 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{9FD309F2-40C3-48F4-8151-9D23839E11D3}

2012-01-26 10:41:35 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{C81E61AF-4983-4514-AE0E-503C6F089EDF}

2012-01-26 10:41:23 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{B58D87C3-1AF5-429D-8BF2-202465F9E576}

2012-01-25 22:39:19 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{8AD63253-E930-42CE-9C8E-9C17AE4B5C0A}

2012-01-25 22:39:07 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{84ED47E6-7FF9-4CDD-8A68-2AF449C10F3D}

2012-01-25 10:38:41 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{6EBCDAB5-2A2C-47C0-93C1-1F1BC89D92DC}

2012-01-25 10:38:30 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{CBF8146C-C84B-4803-88CB-052C7F312115}

2012-01-24 22:33:21 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{E672514A-D3B6-4622-A807-46F5BC408B27}

2012-01-24 22:33:09 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{48610DDB-A969-4C24-ABC8-15BBC349BEE3}

2012-01-24 10:58:54 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Roaming\MSNInstaller

2012-01-24 10:32:43 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{F1ABA041-8EC7-4742-8448-EE77F9CC2DCA}

2012-01-24 10:32:32 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{868A6952-B28A-49FF-A71A-10D4F812F944}

2012-01-23 14:30:38 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{77BBB30E-2B0B-4813-8010-E29E9C84D34B}

2012-01-23 14:30:27 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{209A3533-4D89-4529-8D3F-30DF9842FE65}

2012-01-23 02:30:02 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{4F79A3BA-EECC-4977-9DC8-A039F7898899}

2012-01-23 02:29:51 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{2487E71C-6F27-4552-9115-9BCD276C81FF}

2012-01-22 14:29:38 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{13AEDECF-B5D2-420F-883F-0BC545D37C1B}

2012-01-22 14:29:26 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{B4E13AEB-B61B-4161-B14A-CDE2760173DF}

2012-01-22 02:29:01 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{C6B894A7-1912-444C-9A1E-315B69960D62}

2012-01-22 02:28:49 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{50C8BECA-4711-4528-9467-AB3AD5BBE08F}

2012-01-21 14:28:25 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{E26AAE43-2B9E-4368-BB14-4A5CB7B8681A}

2012-01-21 14:28:13 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{55483805-7576-4C97-AEA8-F99FEB346C9B}

2012-01-21 02:27:48 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{4C9730CF-E0DE-4DB4-9512-53A6C78233BA}

2012-01-21 02:27:37 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{06DB0DF2-5A71-4947-B95E-1667F206C6A9}

2012-01-21 02:27:10 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{2FBDACCF-607B-4BC0-99B6-C5E18F6D3824}

2012-01-21 02:26:19 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{805F0382-A02E-4FF5-B3EE-8320CB7EABA7}

2012-01-21 02:26:08 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{E146C260-6CF3-4B87-B686-D9E8ED88EF9D}

2012-01-21 02:25:47 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{9163D951-6789-4C9E-8BF9-18555B8609CD}

2012-01-21 02:25:30 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{2EA0B918-7BC4-45DF-AD0E-7946C5112536}

2012-01-21 02:25:15 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{BDCED52F-0227-4801-BBC3-D6EB4EDCDA49}

2012-01-21 02:24:49 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{72C8C8DB-8F4C-484A-A7F5-4D73647CA04A}

2012-01-21 02:24:38 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{B9F28076-E537-4733-B9A7-75C2ED227079}

2012-01-20 09:44:44 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{24DDE0B6-204A-4A72-81B8-EDABA10FE1C9}

2012-01-20 09:44:33 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{C6BDE2E4-6A65-42C3-B311-0D9A14BC65AC}

2012-01-19 21:44:06 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{23BD75BF-2E6D-4EA5-A6CA-A13BC51BD811}

2012-01-19 21:43:54 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{E9486490-D5FD-495D-99F3-1E09FF28EC64}

2012-01-18 23:18:14 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{4BEEE4F1-A1CB-4069-A026-1E77B3713ED7}

2012-01-18 23:18:02 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{5CF4DFC7-0366-4E8F-B45B-6E3209FF02B8}

2012-01-18 11:17:37 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{87B67C15-2284-49B0-89FD-BD44A0E8A05F}

2012-01-18 11:17:26 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{B875508B-3336-42DC-96D4-EE6A68621709}

2012-01-17 23:17:12 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{7B81B6E5-8EC1-413E-9C89-919F13074DB3}

2012-01-17 23:17:01 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{473718BA-6D71-49D2-A180-0C96E7B8FB14}

2012-01-17 11:16:36 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{5A2FA402-5789-4FF0-876A-CB2A78E06027}

2012-01-17 11:16:25 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{4270ADBC-B66D-45F5-B8D9-67A91B435A0C}

2012-01-16 23:16:11 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{F5A27627-FA75-403F-9DC3-0B1F7C610D8F}

2012-01-16 23:15:58 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{E72BCFD0-3CF2-45DE-828B-ECCEE19FB690}

2012-01-16 00:07:29 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{142A1368-AD6B-4831-94DA-7445E7169E1C}

2012-01-16 00:07:18 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{09EB6A26-376B-4BA1-AE42-8C9FAB2F7DC2}

2012-01-16 00:06:59 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{3D834C53-50BB-4662-9F1D-09C657BE60A3}

2012-01-16 00:06:48 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{2D49644F-424F-4DE2-9CCD-BA79E002568C}

2012-01-16 00:06:29 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{5768E315-77A6-4CF0-87AD-BA3478CB4EA7}

2012-01-15 09:40:02 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{941AC85D-F137-42C8-80D3-A9B71AD415BD}

2012-01-15 09:39:51 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{AEA0CFCF-C2F9-4671-82D1-DAD7DEE0FF8E}

2012-01-14 21:39:26 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{5815D5CA-7E38-4103-98CB-E7F47D525CB4}

2012-01-14 21:39:14 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{FD6033F1-8ACD-402A-9CDC-3F29DE5D04F2}

2012-01-13 23:51:22 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{E89157AD-6851-4FEB-A281-E7A7D4D96E00}

2012-01-13 23:51:11 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{D4A1E357-DFC8-4468-8757-5BFD04E22830}

2012-01-13 11:50:46 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{E5AA5E37-FD14-4B43-B81F-F84A50622455}

2012-01-13 11:50:35 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{7B3CB185-71BC-4CE4-979B-C72FA53EF831}

2012-01-12 22:47:36 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{77C06460-BF08-460A-B442-BF692BF7161F}

2012-01-12 22:47:22 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{095E5975-BB79-450A-8D96-2D0522C1FD1B}

2012-01-12 10:46:58 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{291E38E0-D303-49A2-80D0-CC7CE6F39AD8}

2012-01-12 10:46:46 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{DFC41AFD-6628-48E1-9215-2CAE8F272F86}

2012-01-11 22:46:20 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{4A875CC8-7C4B-4729-93D2-64F6B175349B}

2012-01-11 22:46:09 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{7010A668-75EA-45EA-B31F-06E8CB690D30}

2012-01-11 10:45:43 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{B5DA0AF5-0D67-4190-B46E-F70E2277B520}

2012-01-11 10:45:31 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{94EE91D0-993E-43C4-8239-C0CD4E46E5FC}

2012-01-10 23:35:20 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-10 23:35:20 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-10 23:35:20 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-10 23:35:20 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-10 23:35:19 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-10 23:35:19 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-10 23:35:18 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-10 23:35:18 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-10 22:45:05 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{FD3C6788-D27E-438D-913A-95C14EB2EA73}

2012-01-10 22:44:54 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{88D040A4-125D-4DB6-8FA6-C346BD3C11F3}

2012-01-10 10:35:26 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{396F4584-529C-4B76-AEC5-B2FAAFF74AA8}

2012-01-10 10:35:15 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{FBC3314D-4163-4E37-A71C-E8FD4CB057EC}

2012-01-09 22:35:01 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{FAB4CF97-8D40-4F51-83E6-07A333DBC5AF}

2012-01-09 22:34:49 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{590860C7-435D-4BCF-8DFD-03D978354F7B}

2012-01-09 00:07:41 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{EFBD6478-B0A8-424C-B399-9B8D8807C63C}

2012-01-09 00:07:30 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{E03CBCB0-7982-49F8-824B-60E56064B85E}

2012-01-08 12:07:05 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{34A4BE39-F61F-4AE0-8D67-45063E45E796}

2012-01-08 00:06:41 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{BE7D5BEB-8B98-4D00-92F6-5B830D00F406}

2012-01-08 00:06:30 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{38C75898-3355-47BF-BD70-F36BC3994E2A}

2012-01-07 12:06:06 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{6B4DDA35-A86F-4E54-AC92-AABC5185767A}

2012-01-07 12:05:55 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{11236EE8-F4A6-4FFA-BC47-E801B0926E3A}

2012-01-07 00:05:39 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{7C8E6897-AFC5-4BD5-ABDA-A4832F1D7184}

2012-01-07 00:05:27 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{5B7C5BDE-2166-45BC-BF97-EA799EEB3EFA}

2012-01-06 10:18:56 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{57353580-CC97-4CC2-9B66-C508638B2CE6}

2012-01-06 10:18:45 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{E6A4E52D-5ED5-4F3B-BF48-FE1DE1ED8D9C}

2012-01-05 22:18:31 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{B70981EA-F6C1-457F-813F-B573C7BDC8CC}

2012-01-05 22:18:20 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{C45D3145-5B7F-4319-A46F-91806549A85F}

2012-01-05 10:17:55 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{367EA23E-DDFC-4ACF-B1FA-23251220FC49}

2012-01-05 10:17:44 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{1735BCA9-F652-482D-93BF-50B6788DA2FA}

2012-01-04 22:17:31 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{C59308E7-F110-44F6-9CFF-410620ACAF6C}

2012-01-04 22:17:19 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{A9389EF3-C3D8-4745-9E1C-71A60D37DAFA}

2012-01-04 10:16:54 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{997F732E-BF2A-4DD8-AB93-DCF96BE1824F}

2012-01-04 10:16:43 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{B06B034E-393A-4FA4-A11C-15004314BEB6}

2012-01-03 22:16:29 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{55BC04A0-2D70-4E9D-9011-D5C3EA8D2542}

2012-01-03 22:16:17 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{9D31A793-C3FD-4547-864D-47B46E0E2712}

2012-01-03 15:22:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-01-03 15:22:02 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-01-03 01:45:14 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{A413ACA0-F4E1-4792-8E11-FB6767EC21F5}

2012-01-03 01:45:02 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{3AB3B8A9-9951-4DF4-8F43-4D78E2B4FADE}

2012-01-02 18:31:44 -------- d-----w- C:\Program Files (x86)\KENWOOD ARCP-2000

2012-01-02 18:31:22 303616 ----a-w- C:\Windows\IsUninst.exe

2012-01-02 18:27:27 8192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Arcp2000\disk1\_ISDEL.EXE

2012-01-02 18:27:27 59904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Arcp2000\disk1\SETUP.EXE

2012-01-02 18:27:27 11264 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Arcp2000\disk1\_setup.dll

2012-01-02 18:25:47 -------- d-----w- C:\ARCP

2012-01-02 17:11:31 -------- d-----w- C:\ARCS

2012-01-02 13:44:36 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{ED12C1A3-8BDD-4A96-A761-09CA4F1F6F28}

2012-01-02 13:44:25 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{59E72D48-CA35-423B-8B08-3CD8F29F9F9E}

2012-01-01 21:26:27 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{557DD3C9-539F-4CF1-B6BE-3E6529059F7F}

2012-01-01 21:26:16 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{83F40EB9-43F9-4C13-B8B0-47B2BC3F2B5B}

2012-01-01 18:44:49 -------- d-----w- C:\Program Files (x86)\RG100

2012-01-01 13:36:20 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-01 13:36:20 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-01 13:36:20 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-01 13:36:20 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2012-01-01 09:25:51 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{FCC4CBB8-7D26-4816-959D-557F25FC1A9D}

2012-01-01 09:25:39 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{3DEB820C-A7E7-4E33-964D-5999EA492E95}

2011-12-31 21:25:05 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{D3FF88F2-B3D5-4E1A-8714-A45039CB3C63}

2011-12-31 21:24:54 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{4A37937F-4E22-46A5-BC6C-BF95FFAD9771}

2011-12-31 09:24:29 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{0C9EE178-792C-416B-A8C8-DDEC8CC97EBB}

2011-12-30 21:24:06 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{A1121A4D-A8ED-4E7D-A76D-E60BECF7C2A8}

2011-12-30 21:23:55 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{67FF1253-D4F0-4138-ABF1-4825B6FD5C1B}

2011-12-30 09:23:30 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{1375EAB3-55A1-4152-931B-388FBCCDEB41}

2011-12-30 09:23:18 -------- d-----w- C:\Users\N0ISV_NZXT\AppData\Local\{D276FBF1-1CE9-47D2-8F83-09EED0872353}

.

==================== Find3M ====================

.

2012-01-04 09:26:37 279096 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-16 01:40:55 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2011-12-16 01:33:05 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2011-12-10 22:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-07 21:54:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 14:38:40.53 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 9/5/2010 8:21:43 AM

System Uptime: 1/28/2012 11:21:47 AM (3 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P7H55

Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz | LGA1156 | 2809/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 892.647 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\7&227CFC9E&0&4

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\7&227CFC9E&0&4

Service:

.

==== System Restore Points ===================

.

RP163: 1/22/2012 6:18:34 AM - Windows Update

RP164: 1/24/2012 4:35:05 AM - Windows Update

RP165: 1/25/2012 6:15:05 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.0

Apple Application Support

Apple Software Update

ARCS II Version 2.0

CA PC Tune-Up 3.0.0.2

D3DX10

Google Chrome

Google Earth

Google Talk (remove only)

Google Update Helper

Ham Radio Deluxe

Japanese Fonts Support For Adobe Reader 9

Java Auto Updater

Junk Mail filter update

KENWOOD ARCP-2000

Malwarebytes Anti-Malware version 1.60.0.1800

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox 7.0 (x86 en-US)

Mozilla Firefox 9.0.1 (x86 en-US)

MSN

MSVCRT

MSVCRT_amd64

Nokia Flashing Cable Driver

Nokia Internet Tablet Software Update Wizard

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

PL-2303 USB-to-Serial

Platform

QuickTime

Realtek Ethernet Controller Driver For Windows Vista and Later

RG100 Version 1.20

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Skype Click to Call

Skype™ 5.5

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

VIA Platform Device Manager

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

1/28/2012 9:03:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

1/28/2012 8:52:23 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/28/2012 11:33:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {69AD4AEE-51BE-439B-A92C-86AE490E8B30}

1/28/2012 11:23:01 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/28/2012 11:23:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/28/2012 11:23:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/28/2012 11:22:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/28/2012 11:22:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/28/2012 11:22:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

1/28/2012 11:22:17 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

1/28/2012 11:22:16 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

1/28/2012 11:22:16 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

1/28/2012 11:22:16 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

1/28/2012 11:22:16 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

1/28/2012 11:20:42 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

1/28/2012 11:17:56 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

1/28/2012 11:17:47 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/28/2012 11:10:53 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/28/2012 11:06:54 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread

1/28/2012 11:04:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/28/2012 11:02:36 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/28/2012 11:02:36 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/28/2012 11:02:36 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/28/2012 11:02:36 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/28/2012 11:02:36 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/28/2012 11:02:36 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/28/2012 11:02:36 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/28/2012 11:02:36 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/28/2012 11:02:36 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/28/2012 11:02:36 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/28/2012 10:55:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/27/2012 3:39:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/27/2012 2:41:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/26/2012 4:42:11 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/26/2012 4:40:35 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/26/2012 4:40:35 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/26/2012 4:40:35 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/26/2012 4:29:07 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

1/26/2012 4:18:26 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/26/2012 3:35:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/25/2012 3:28:11 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/25/2012 3:26:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

1/25/2012 3:15:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/24/2012 3:41:59 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

1/24/2012 3:31:37 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/24/2012 2:46:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2012 5:18:24 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2012 6:19:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

1/22/2012 6:08:11 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/21/2012 9:18:29 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

Maurice Naggar · January 29, 2012

Hello NOISV,

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member NOISV only. If you are a casual viewer, do NOT try this on your system!

If you are not NOISV and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

Click the Start button , and then click Control Panel >> Appearance and Personalization >> Folder Options.
Click the View tab.
Under Advanced settings, click Show hidden files, folders, and drives, and then click OK.
Click Apply > OK.

Step 3

First, make sure you have saved all your work before you begin, and close your open apps.

Close all open windows on the Task Bar.

Note: If using Firefox browser, right-click on any download links and choose Save As

Please download OTH to your desktop

Please download OTL to your desktop

Double click the OTH file to run it and click Kill All Processes button, your desktop will go blank. (That is normal & expected).

If running on Windows 7 or Vista, to start tools, do a RIGHT-Click and then select "Run As Administrator".

Then press Start OTL button. OTL will now run. If prompted to allow it to run, press YES.

In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

the contents of OTL.txt;
the contents of Extras.txt ; and
the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

N0ISV · January 29, 2012

OTL logfile created on: 1/29/2012 9:17:05 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\N0ISV_NZXT\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 7.23 Gb Available Physical Memory | 90.47% Memory free

15.98 Gb Paging File | 15.26 Gb Available in Paging File | 95.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 892.61 Gb Free Space | 95.83% Space Free | Partition Type: NTFS

Computer Name: N0ISV_NZXT-PC | User Name: N0ISV_NZXT | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/29 09:04:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\N0ISV_NZXT\Desktop\OTL.scr

PRC - [2012/01/29 09:04:05 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\N0ISV_NZXT\Desktop\OTH.scr

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/12/17 03:56:54 | 000,233,472 | ---- | M] (Motorola, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\MOTNetMap\MHVSvc.exe -- (MOTMHVService)

SRV - [2010/09/29 11:56:22 | 000,090,864 | ---- | M] (PC Pitstop LLC) [Auto | Stopped] -- C:\Program Files (x86)\CA\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)

SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011/08/23 20:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/07/07 21:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2011/03/18 06:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)

DRV:64bit: - [2011/03/18 06:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2009/10/20 20:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

N0ISV · January 29, 2012

OTL Extras logfile created on: 1/29/2012 9:17:05 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\N0ISV_NZXT\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 7.23 Gb Available Physical Memory | 90.47% Memory free

15.98 Gb Paging File | 15.26 Gb Available in Paging File | 95.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 892.61 Gb Free Space | 95.83% Space Free | Partition Type: NTFS

Computer Name: N0ISV_NZXT-PC | User Name: N0ISV_NZXT | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety

"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.24

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"12F527950110F3A0ED9D3C7345CA709A850925DE" = Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (07/07/2011 1.2.24.0)

"33CEECDCFEA76F3EA061C7042D43D784BC51263C" = Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (03/03/2011 1.2.22.1)

"4A38D9B38E10E18D3528EDAB22652EB131FADECB" = Windows Driver Package - Realtek (RTL8167) Net (08/23/2011 7.048.0823.2011)

"650A09C975543C782ADAC3763AF3CE1F442F8846" = Windows Driver Package - Realtek (RTL8167) Net (03/21/2011 7.043.0321.2011)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"E8B6F4E0B8C700D1208497383A56345F58165049" = Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (05/10/2011 1.2.23.3)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DF979D5-464C-4926-AF73-54C1C219F06A}" = Ham Radio Deluxe

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0

"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D198D2E7-B557-4404-A286-77F249625172}" = Nokia Internet Tablet Software Update Wizard

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"ARCS II_is1" = ARCS II Version 2.0

"CA PC Tune-Up_is1" = CA PC Tune-Up 3.0.0.2

"ERUNT_is1" = ERUNT 1.1j

"Google Chrome" = Google Chrome

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"KENWOOD ARCP-2000" = KENWOOD ARCP-2000

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Mozilla Firefox 7.0 (x86 en-US)" = Mozilla Firefox 7.0 (x86 en-US)

"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)

"MSNINST" = MSN

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"RG100_is1" = RG100 Version 1.20

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/23/2012 9:05:25 AM | Computer Name = N0ISV_NZXT-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 1/24/2012 7:55:46 PM | Computer Name = N0ISV_NZXT-PC | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.

Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 1/24/2012 7:56:04 PM | Computer Name = N0ISV_NZXT-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 1/25/2012 8:05:42 PM | Computer Name = N0ISV_NZXT-PC | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.

Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 1/25/2012 8:06:03 PM | Computer Name = N0ISV_NZXT-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 1/26/2012 7:40:29 AM | Computer Name = N0ISV_NZXT-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe_ProfSvc, version: 6.1.7600.16385,

time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17725,

time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4

Faulting

process id: 0x78 Faulting application start time: 0x01ccdc163534889d Faulting application

path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report

Id: 8b4cf545-4812-11e1-a39b-485b39aa4c51

Error - 1/26/2012 7:59:31 AM | Computer Name = N0ISV_NZXT-PC | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.

Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 1/26/2012 7:59:44 AM | Computer Name = N0ISV_NZXT-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 1/27/2012 7:53:27 PM | Computer Name = N0ISV_NZXT-PC | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.

Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 1/27/2012 7:53:43 PM | Computer Name = N0ISV_NZXT-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

[ System Events ]

Error - 1/29/2012 11:53:29 AM | Computer Name = N0ISV_NZXT-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

discache MpFilter spldr Wanarpv6

Error - 1/29/2012 11:53:47 AM | Computer Name = N0ISV_NZXT-PC | Source = DCOM | ID = 10005

Description =

Error - 1/29/2012 11:53:52 AM | Computer Name = N0ISV_NZXT-PC | Source = DCOM | ID = 10005

Description =

Error - 1/29/2012 11:53:53 AM | Computer Name = N0ISV_NZXT-PC | Source = DCOM | ID = 10005

Description =

Error - 1/29/2012 11:53:53 AM | Computer Name = N0ISV_NZXT-PC | Source = DCOM | ID = 10005

Description =

Error - 1/29/2012 11:53:54 AM | Computer Name = N0ISV_NZXT-PC | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Provider

Host service which failed to start because of the following error: %%1068

Error - 1/29/2012 12:00:28 PM | Computer Name = N0ISV_NZXT-PC | Source = DCOM | ID = 10005

Description =

Error - 1/29/2012 12:03:34 PM | Computer Name = N0ISV_NZXT-PC | Source = DCOM | ID = 10005

Description =

Error - 1/29/2012 12:03:34 PM | Computer Name = N0ISV_NZXT-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.119.872.0 Update Source: %%859 Update Stage:

%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current

Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8007043c Error

description: This service cannot be started in Safe Mode

Error - 1/29/2012 12:11:49 PM | Computer Name = N0ISV_NZXT-PC | Source = DCOM | ID = 10005

Description =

< End of report >

N0ISV · January 29, 2012

Results of screen317's Security Check version 0.99.30

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 26

Java version out of date!

Adobe Flash Player 11.1.102.55

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (9.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

Maurice Naggar · January 29, 2012

It is NOT necessary, NOR desired, to send me a PM after you reply here. I get notified automatically. And do have patience, as I have other commitments, as well as personal things to attend to. I check here often, but cannot be present all the time.

Just reply here and await responses from me. Thanks.

Let's do this next:

Please read carefully and follow these steps.

Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
Download TDSSKiller and save it to your Desktop.
RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
Then press Start Scan

When the scan is done, it will display a summary screen.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

N0ISV · January 29, 2012

10:46:06.0868 1436 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27

10:46:07.0279 1436 ============================================================

10:46:07.0279 1436 Current date / time: 2012/01/29 10:46:07.0279

10:46:07.0279 1436 SystemInfo:

10:46:07.0279 1436

10:46:07.0279 1436 OS Version: 6.1.7601 ServicePack: 1.0

10:46:07.0279 1436 Product type: Workstation

10:46:07.0279 1436 ComputerName: N0ISV_NZXT-PC

10:46:07.0279 1436 UserName: N0ISV_NZXT

10:46:07.0279 1436 Windows directory: C:\Windows

10:46:07.0279 1436 System windows directory: C:\Windows

10:46:07.0279 1436 Running under WOW64

10:46:07.0279 1436 Processor architecture: Intel x64

10:46:07.0279 1436 Number of processors: 4

10:46:07.0279 1436 Page size: 0x1000

10:46:07.0279 1436 Boot type: Safe boot with network

10:46:07.0279 1436 ============================================================

10:46:08.0183 1436 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

10:46:08.0222 1436 Initialize success

10:47:11.0813 1344 ============================================================

10:47:11.0813 1344 Scan started

10:47:11.0813 1344 Mode: Manual; SigCheck; TDLFS;

10:47:11.0813 1344 ============================================================

10:47:12.0320 1344 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:47:12.0398 1344 1394ohci - ok

10:47:12.0488 1344 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:47:12.0498 1344 ACPI - ok

10:47:12.0529 1344 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:47:12.0568 1344 AcpiPmi - ok

10:47:12.0600 1344 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:47:12.0613 1344 adp94xx - ok

10:47:12.0697 1344 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:47:12.0707 1344 adpahci - ok

10:47:12.0735 1344 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:47:12.0744 1344 adpu320 - ok

10:47:12.0801 1344 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

10:47:12.0839 1344 AFD - ok

10:47:12.0904 1344 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:47:12.0911 1344 agp440 - ok

10:47:12.0946 1344 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:47:12.0952 1344 aliide - ok

10:47:12.0966 1344 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:47:12.0972 1344 amdide - ok

10:47:13.0008 1344 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:47:13.0036 1344 AmdK8 - ok

10:47:13.0088 1344 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:47:13.0107 1344 AmdPPM - ok

10:47:13.0133 1344 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:47:13.0140 1344 amdsata - ok

10:47:13.0171 1344 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:47:13.0179 1344 amdsbs - ok

10:47:13.0225 1344 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:47:13.0231 1344 amdxata - ok

10:47:13.0257 1344 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:47:13.0332 1344 AppID - ok

10:47:13.0427 1344 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:47:13.0436 1344 arc - ok

10:47:13.0451 1344 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:47:13.0458 1344 arcsas - ok

10:47:13.0479 1344 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:47:13.0570 1344 AsyncMac - ok

10:47:13.0604 1344 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:47:13.0610 1344 atapi - ok

10:47:13.0701 1344 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:47:13.0739 1344 b06bdrv - ok

10:47:13.0777 1344 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:47:13.0798 1344 b57nd60a - ok

10:47:13.0881 1344 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:47:13.0941 1344 Beep - ok

10:47:13.0977 1344 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:47:13.0994 1344 blbdrive - ok

10:47:14.0073 1344 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:47:14.0102 1344 bowser - ok

10:47:14.0156 1344 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:47:14.0183 1344 BrFiltLo - ok

10:47:14.0195 1344 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:47:14.0204 1344 BrFiltUp - ok

10:47:14.0229 1344 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:47:14.0261 1344 Brserid - ok

10:47:14.0316 1344 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:47:14.0333 1344 BrSerWdm - ok

10:47:14.0361 1344 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:47:14.0388 1344 BrUsbMdm - ok

10:47:14.0416 1344 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:47:14.0429 1344 BrUsbSer - ok

10:47:14.0495 1344 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:47:14.0517 1344 BTHMODEM - ok

10:47:14.0556 1344 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:47:14.0590 1344 cdfs - ok

10:47:14.0653 1344 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

10:47:14.0671 1344 cdrom - ok

10:47:14.0716 1344 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:47:14.0744 1344 circlass - ok

10:47:14.0797 1344 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:47:14.0808 1344 CLFS - ok

10:47:14.0893 1344 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:47:14.0908 1344 CmBatt - ok

10:47:14.0927 1344 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:47:14.0933 1344 cmdide - ok

10:47:14.0979 1344 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:47:14.0998 1344 CNG - ok

10:47:15.0019 1344 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:47:15.0025 1344 Compbatt - ok

10:47:15.0092 1344 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:47:15.0118 1344 CompositeBus - ok

10:47:15.0148 1344 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

10:47:15.0154 1344 crcdisk - ok

10:47:15.0270 1344 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:47:15.0302 1344 DfsC - ok

10:47:15.0334 1344 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:47:15.0369 1344 discache - ok

10:47:15.0402 1344 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

10:47:15.0409 1344 Disk - ok

10:47:15.0487 1344 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:47:15.0508 1344 drmkaud - ok

10:47:15.0553 1344 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:47:15.0573 1344 DXGKrnl - ok

10:47:15.0638 1344 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

10:47:15.0689 1344 ebdrv - ok

10:47:15.0775 1344 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

10:47:15.0788 1344 elxstor - ok

10:47:15.0816 1344 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:47:15.0841 1344 ErrDev - ok

10:47:15.0882 1344 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:47:15.0920 1344 exfat - ok

10:47:16.0009 1344 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:47:16.0034 1344 fastfat - ok

10:47:16.0068 1344 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:47:16.0095 1344 fdc - ok

10:47:16.0166 1344 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:47:16.0173 1344 FileInfo - ok

10:47:16.0197 1344 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:47:16.0241 1344 Filetrace - ok

10:47:16.0277 1344 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

10:47:16.0284 1344 flpydisk - ok

10:47:16.0358 1344 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:47:16.0368 1344 FltMgr - ok

10:47:16.0416 1344 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:47:16.0422 1344 FsDepends - ok

10:47:16.0452 1344 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

10:47:16.0458 1344 fssfltr - ok

10:47:16.0496 1344 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

10:47:16.0502 1344 Fs_Rec - ok

10:47:16.0514 1344 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys

10:47:16.0520 1344 FTDIBUS - ok

10:47:16.0576 1344 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys

10:47:16.0580 1344 FTSER2K - ok

10:47:16.0607 1344 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:47:16.0618 1344 fvevol - ok

10:47:16.0645 1344 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:47:16.0652 1344 gagp30kx - ok

10:47:16.0812 1344 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:47:16.0832 1344 hcw85cir - ok

10:47:16.0863 1344 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:47:16.0885 1344 HdAudAddService - ok

10:47:16.0944 1344 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

10:47:16.0966 1344 HDAudBus - ok

10:47:16.0979 1344 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

10:47:16.0995 1344 HidBatt - ok

10:47:17.0017 1344 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

10:47:17.0041 1344 HidBth - ok

10:47:17.0098 1344 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

10:47:17.0118 1344 HidIr - ok

10:47:17.0156 1344 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

10:47:17.0193 1344 HidUsb - ok

10:47:17.0220 1344 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:47:17.0227 1344 HpSAMD - ok

10:47:17.0320 1344 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:47:17.0361 1344 HTTP - ok

10:47:17.0398 1344 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:47:17.0405 1344 hwpolicy - ok

10:47:17.0439 1344 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:47:17.0447 1344 i8042prt - ok

10:47:17.0525 1344 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:47:17.0536 1344 iaStorV - ok

10:47:17.0565 1344 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

10:47:17.0571 1344 iirsp - ok

10:47:17.0602 1344 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:47:17.0608 1344 intelide - ok

10:47:17.0675 1344 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:47:17.0697 1344 intelppm - ok

10:47:17.0727 1344 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:47:17.0758 1344 IpFilterDriver - ok

10:47:17.0785 1344 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:47:17.0810 1344 IPMIDRV - ok

10:47:17.0878 1344 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:47:17.0922 1344 IPNAT - ok

10:47:17.0953 1344 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:47:17.0964 1344 IRENUM - ok

10:47:18.0015 1344 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:47:18.0021 1344 isapnp - ok

10:47:18.0064 1344 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:47:18.0073 1344 iScsiPrt - ok

10:47:18.0122 1344 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

10:47:18.0128 1344 kbdclass - ok

10:47:18.0151 1344 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

10:47:18.0172 1344 kbdhid - ok

10:47:18.0256 1344 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:47:18.0263 1344 KSecDD - ok

10:47:18.0293 1344 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:47:18.0300 1344 KSecPkg - ok

10:47:18.0325 1344 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:47:18.0362 1344 ksthunk - ok

10:47:18.0390 1344 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:47:18.0423 1344 lltdio - ok

10:47:18.0500 1344 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:47:18.0507 1344 LSI_FC - ok

10:47:18.0531 1344 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:47:18.0538 1344 LSI_SAS - ok

10:47:18.0574 1344 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:47:18.0580 1344 LSI_SAS2 - ok

10:47:18.0598 1344 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:47:18.0606 1344 LSI_SCSI - ok

10:47:18.0715 1344 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:47:18.0757 1344 luafv - ok

10:47:18.0794 1344 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

10:47:18.0878 1344 MBAMProtector - ok

10:47:18.0938 1344 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

10:47:18.0944 1344 megasas - ok

10:47:18.0970 1344 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

10:47:18.0980 1344 MegaSR - ok

10:47:19.0010 1344 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:47:19.0052 1344 Modem - ok

10:47:19.0115 1344 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:47:19.0138 1344 monitor - ok

10:47:19.0187 1344 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

10:47:19.0193 1344 mouclass - ok

10:47:19.0212 1344 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:47:19.0236 1344 mouhid - ok

10:47:19.0312 1344 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:47:19.0319 1344 mountmgr - ok

10:47:19.0358 1344 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

10:47:19.0367 1344 MpFilter - ok

10:47:19.0398 1344 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:47:19.0405 1344 mpio - ok

10:47:19.0441 1344 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

10:47:19.0446 1344 MpNWMon - ok

10:47:19.0527 1344 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:47:19.0564 1344 mpsdrv - ok

10:47:19.0594 1344 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:47:19.0606 1344 MRxDAV - ok

10:47:19.0624 1344 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:47:19.0649 1344 mrxsmb - ok

10:47:19.0711 1344 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:47:19.0733 1344 mrxsmb10 - ok

10:47:19.0782 1344 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:47:19.0790 1344 mrxsmb20 - ok

10:47:19.0821 1344 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:47:19.0827 1344 msahci - ok

10:47:19.0887 1344 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:47:19.0895 1344 msdsm - ok

10:47:19.0964 1344 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:47:19.0998 1344 Msfs - ok

10:47:20.0038 1344 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:47:20.0078 1344 mshidkmdf - ok

10:47:20.0143 1344 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:47:20.0150 1344 msisadrv - ok

10:47:20.0192 1344 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:47:20.0227 1344 MSKSSRV - ok

10:47:20.0312 1344 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:47:20.0340 1344 MSPCLOCK - ok

10:47:20.0379 1344 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:47:20.0418 1344 MSPQM - ok

10:47:20.0485 1344 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:47:20.0496 1344 MsRPC - ok

10:47:20.0532 1344 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:47:20.0538 1344 mssmbios - ok

10:47:20.0580 1344 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:47:20.0623 1344 MSTEE - ok

10:47:20.0682 1344 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

10:47:20.0704 1344 MTConfig - ok

10:47:20.0762 1344 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

10:47:20.0766 1344 MTsensor - ok

10:47:20.0820 1344 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:47:20.0827 1344 Mup - ok

10:47:20.0844 1344 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:47:20.0869 1344 NativeWifiP - ok

10:47:20.0900 1344 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:47:20.0919 1344 NDIS - ok

10:47:20.0996 1344 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:47:21.0033 1344 NdisCap - ok

10:47:21.0061 1344 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:47:21.0097 1344 NdisTapi - ok

10:47:21.0120 1344 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:47:21.0149 1344 Ndisuio - ok

10:47:21.0207 1344 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:47:21.0244 1344 NdisWan - ok

10:47:21.0267 1344 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:47:21.0301 1344 NDProxy - ok

10:47:21.0344 1344 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:47:21.0379 1344 NetBIOS - ok

10:47:21.0468 1344 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:47:21.0506 1344 NetBT - ok

10:47:21.0555 1344 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

10:47:21.0561 1344 nfrd960 - ok

10:47:21.0599 1344 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

10:47:21.0604 1344 NisDrv - ok

10:47:21.0690 1344 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:47:21.0720 1344 Npfs - ok

10:47:21.0736 1344 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:47:21.0777 1344 nsiproxy - ok

10:47:21.0843 1344 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:47:21.0872 1344 Ntfs - ok

10:47:21.0953 1344 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:47:21.0983 1344 Null - ok

10:47:22.0022 1344 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

10:47:22.0028 1344 NVHDA - ok

10:47:22.0199 1344 nvlddmkm (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

10:47:22.0389 1344 nvlddmkm - ok

10:47:22.0454 1344 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:47:22.0462 1344 nvraid - ok

10:47:22.0478 1344 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:47:22.0486 1344 nvstor - ok

10:47:22.0504 1344 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:47:22.0511 1344 nv_agp - ok

10:47:22.0528 1344 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:47:22.0542 1344 ohci1394 - ok

10:47:22.0631 1344 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

10:47:22.0647 1344 Parport - ok

10:47:22.0682 1344 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

10:47:22.0689 1344 partmgr - ok

10:47:22.0723 1344 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:47:22.0731 1344 pci - ok

10:47:22.0779 1344 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:47:22.0785 1344 pciide - ok

10:47:22.0825 1344 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

10:47:22.0833 1344 pcmcia - ok

10:47:22.0896 1344 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:47:22.0903 1344 pcw - ok

10:47:22.0923 1344 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:47:22.0966 1344 PEAUTH - ok

10:47:23.0234 1344 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:47:23.0258 1344 PptpMiniport - ok

10:47:23.0279 1344 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

10:47:23.0295 1344 Processor - ok

10:47:23.0368 1344 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:47:23.0405 1344 Psched - ok

10:47:23.0454 1344 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

10:47:23.0481 1344 ql2300 - ok

10:47:23.0503 1344 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

10:47:23.0510 1344 ql40xx - ok

10:47:23.0562 1344 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:47:23.0573 1344 QWAVEdrv - ok

10:47:23.0587 1344 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:47:23.0619 1344 RasAcd - ok

10:47:23.0647 1344 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:47:23.0689 1344 RasAgileVpn - ok

10:47:23.0720 1344 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:47:23.0758 1344 Rasl2tp - ok

10:47:23.0811 1344 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:47:23.0853 1344 RasPppoe - ok

10:47:23.0876 1344 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:47:23.0909 1344 RasSstp - ok

10:47:23.0952 1344 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:47:23.0990 1344 rdbss - ok

10:47:24.0065 1344 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:47:24.0086 1344 rdpbus - ok

10:47:24.0111 1344 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:47:24.0150 1344 RDPCDD - ok

10:47:24.0171 1344 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:47:24.0203 1344 RDPENCDD - ok

10:47:24.0260 1344 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:47:24.0283 1344 RDPREFMP - ok

10:47:24.0312 1344 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

10:47:24.0338 1344 RDPWD - ok

10:47:24.0379 1344 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:47:24.0388 1344 rdyboost - ok

10:47:24.0498 1344 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:47:24.0530 1344 rspndr - ok

10:47:24.0567 1344 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys

10:47:24.0576 1344 RTL8167 - ok

10:47:24.0602 1344 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:47:24.0610 1344 sbp2port - ok

10:47:24.0685 1344 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:47:24.0720 1344 scfilter - ok

10:47:24.0747 1344 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:47:24.0771 1344 secdrv - ok

10:47:24.0801 1344 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

10:47:24.0814 1344 Serenum - ok

10:47:24.0900 1344 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

10:47:24.0909 1344 Serial - ok

10:47:24.0930 1344 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

10:47:24.0938 1344 sermouse - ok

10:47:24.0964 1344 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:47:24.0985 1344 sffdisk - ok

10:47:25.0003 1344 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:47:25.0025 1344 sffp_mmc - ok

10:47:25.0047 1344 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:47:25.0065 1344 sffp_sd - ok

10:47:25.0130 1344 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

10:47:25.0151 1344 sfloppy - ok

10:47:25.0203 1344 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys

10:47:25.0218 1344 Sftfs - ok

10:47:25.0300 1344 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys

10:47:25.0308 1344 Sftplay - ok

10:47:25.0331 1344 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys

10:47:25.0335 1344 Sftredir - ok

10:47:25.0354 1344 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys

10:47:25.0358 1344 Sftvol - ok

10:47:25.0389 1344 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:47:25.0395 1344 SiSRaid2 - ok

10:47:25.0421 1344 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

10:47:25.0428 1344 SiSRaid4 - ok

10:47:25.0478 1344 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:47:25.0503 1344 Smb - ok

10:47:25.0518 1344 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:47:25.0524 1344 spldr - ok

10:47:25.0568 1344 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:47:25.0596 1344 srv - ok

10:47:25.0667 1344 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:47:25.0692 1344 srv2 - ok

10:47:25.0725 1344 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:47:25.0744 1344 srvnet - ok

10:47:25.0827 1344 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

10:47:25.0833 1344 stexstor - ok

10:47:25.0852 1344 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:47:25.0858 1344 swenum - ok

10:47:25.0909 1344 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

10:47:25.0941 1344 Tcpip - ok

10:47:25.0964 1344 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

10:47:25.0989 1344 TCPIP6 - ok

10:47:26.0024 1344 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:47:26.0052 1344 tcpipreg - ok

10:47:26.0109 1344 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:47:26.0146 1344 TDPIPE - ok

10:47:26.0166 1344 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

10:47:26.0190 1344 TDTCP - ok

10:47:26.0243 1344 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:47:26.0266 1344 tdx - ok

10:47:26.0335 1344 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:47:26.0342 1344 TermDD - ok

10:47:26.0380 1344 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:47:26.0412 1344 tssecsrv - ok

10:47:26.0462 1344 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:47:26.0481 1344 TsUsbFlt - ok

10:47:26.0540 1344 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:47:26.0588 1344 tunnel - ok

10:47:26.0618 1344 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

10:47:26.0625 1344 uagp35 - ok

10:47:26.0655 1344 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:47:26.0691 1344 udfs - ok

10:47:26.0749 1344 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:47:26.0756 1344 uliagpkx - ok

10:47:26.0787 1344 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

10:47:26.0806 1344 umbus - ok

10:47:26.0843 1344 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:47:26.0861 1344 UmPass - ok

10:47:26.0927 1344 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

10:47:26.0955 1344 usbaudio - ok

10:47:26.0997 1344 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:47:27.0014 1344 usbccgp - ok

10:47:27.0075 1344 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:47:27.0100 1344 usbcir - ok

10:47:27.0132 1344 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

10:47:27.0145 1344 usbehci - ok

10:47:27.0204 1344 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:47:27.0226 1344 usbhub - ok

10:47:27.0243 1344 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

10:47:27.0259 1344 usbohci - ok

10:47:27.0289 1344 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:47:27.0314 1344 usbprint - ok

10:47:27.0372 1344 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

10:47:27.0389 1344 usbscan - ok

10:47:27.0420 1344 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:47:27.0437 1344 USBSTOR - ok

10:47:27.0493 1344 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

10:47:27.0510 1344 usbuhci - ok

10:47:27.0539 1344 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:47:27.0545 1344 vdrvroot - ok

10:47:27.0570 1344 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:47:27.0579 1344 vga - ok

10:47:27.0604 1344 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:47:27.0638 1344 VgaSave - ok

10:47:27.0710 1344 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:47:27.0719 1344 vhdmp - ok

10:47:27.0759 1344 VIAHdAudAddService (db88ca4f876c7dcaeec29bab9e31ffc1) C:\Windows\system32\drivers\viahduaa.sys

10:47:27.0796 1344 VIAHdAudAddService - ok

10:47:27.0855 1344 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:47:27.0861 1344 viaide - ok

10:47:27.0886 1344 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:47:27.0893 1344 volmgr - ok

10:47:27.0958 1344 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:47:27.0969 1344 volmgrx - ok

10:47:28.0010 1344 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:47:28.0020 1344 volsnap - ok

10:47:28.0044 1344 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

10:47:28.0052 1344 vsmraid - ok

10:47:28.0083 1344 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

10:47:28.0102 1344 vwifibus - ok

10:47:28.0181 1344 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

10:47:28.0208 1344 WacomPen - ok

10:47:28.0234 1344 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:47:28.0264 1344 WANARP - ok

10:47:28.0266 1344 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:47:28.0289 1344 Wanarpv6 - ok

10:47:28.0321 1344 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

10:47:28.0327 1344 Wd - ok

10:47:28.0385 1344 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:47:28.0400 1344 Wdf01000 - ok

10:47:28.0434 1344 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:47:28.0457 1344 WfpLwf - ok

10:47:28.0471 1344 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:47:28.0477 1344 WIMMount - ok

10:47:28.0554 1344 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:47:28.0572 1344 WmiAcpi - ok

10:47:28.0634 1344 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:47:28.0657 1344 ws2ifsl - ok

10:47:28.0689 1344 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:47:28.0712 1344 WudfPf - ok

10:47:28.0768 1344 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:47:28.0805 1344 WUDFRd - ok

10:47:28.0820 1344 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

10:47:28.0972 1344 \Device\Harddisk0\DR0 - ok

10:47:28.0974 1344 Boot (0x1200) (0ae33ec8e51cd168a6a305cd6abc2224) \Device\Harddisk0\DR0\Partition0

10:47:28.0974 1344 \Device\Harddisk0\DR0\Partition0 - ok

10:47:28.0994 1344 Boot (0x1200) (c4af33452b4a9add3bcd1d29a941ddab) \Device\Harddisk0\DR0\Partition1

10:47:28.0995 1344 \Device\Harddisk0\DR0\Partition1 - ok

10:47:28.0995 1344 ============================================================

10:47:28.0995 1344 Scan finished

10:47:28.0995 1344 ============================================================

10:47:29.0000 1768 Detected object count: 0

10:47:29.0000 1768 Actual detected object count: 0

Maurice Naggar · January 29, 2012

I'd like for you to run Tigzy's Rogue Killer utility so that a report is generated for review.

First, insure you close any programs that you have started.

Download & SAVE to your Dekstop from <<< here>>>

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

For Windows XP, double-click to start.

When prompted, type 1 and Enter.

A report will be generated named RKreport.txt next to the exe on your Desktop.

Using NOTEPAD open it, select ALL, COPY

Paste the contents into the reply box of your next response, so I can review.

N0ISV · January 30, 2012

RogueKiller V7.0.1 [01/28/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User: N0ISV_NZXT [Admin rights]

Mode: Scan -- Date : 01/29/2012 18:03:18

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 10 ¤¤¤

[sUSP PATH] HKCU\[...]\RunOnce : dfqoxtgnvs (C:\Users\N0ISV_NZXT\AppData\Local\dfqoxtgnvs.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-3523143021-2842920493-2841708058-1000[...]\RunOnce : dfqoxtgnvs (C:\Users\N0ISV_NZXT\AppData\Local\dfqoxtgnvs.exe) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 4807cd45923d3064881767827ab8d0d1

[bSP] 3a8996086261ddbf25e5256e2620e61c : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 104 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1000096 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Maurice Naggar · January 30, 2012

This has 1 or 2 rogue services. On this pass, I want to upload them for forwarding for analysis.

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for NOISV only. If you are a casual viewer, do NOT try this on your system!

If you are not NOISV and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

You will want to print out or copy these instructions to Notepad for offline reference!

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

For help reference, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

2. Open notepad and copy/paste the text in the Codebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=105382

Suspect::[4]
C:\Users\N0ISV_NZXT\AppData\Local\dfqoxtgnvs.exe
C:\Users\N0ISV_NZXT\AppData\Local\gryklup.exe

Quitt::

Save this as CFScript.txt, in the same location as ComboFix.exe

3. Close any (all) open browsers.

4:

Refering to the picture above, drag CFScript into ComboFix.exe

When CF finishes running, it pops out with the CF log and this message box:

Clicking OK will begin the auto-upload of the zipped file.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Click the Browse button and then navigate to C:\Users\N0ISV_NZXT\AppData\Local\dfqoxtgnvs.exe, then click the Submit button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

Repeat the same steps for C:\Users\N0ISV_NZXT\AppData\Local\gryklup.exe

Save the results, and post back here in a reply.

N0ISV · January 30, 2012

Tom from Malwarebytes sent me a email over night. He had me go to the 'Malwarebytes Anti-Malware Chameleon'.

After this scan and reboot, the security shield stuff was removed. Far as I can tell its all fixed, again.

Maurice Naggar · January 30, 2012

That is good. Please get a copy of that last MBAM scan log and Paste it into a reply here so I can review.

Thanks in advance.

N0ISV · January 30, 2012

Malwarebytes Anti-Malware (PRO) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.30.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

N0ISV_NZXT :: N0ISV_NZXT-PC [administrator]

Protection: Enabled

1/30/2012 3:13:29 PM

mbam-log-2012-01-30 (15-13-29).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 186270

Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Maurice Naggar · January 31, 2012

Print this out for offline reference.

This system should have the latest Java runtime, an up-to-date Adobe Reader.

Step 1

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Windows 7/XP/Vista/2000/2003/2008 Offline and save it to your desktop.
Given you have 64-bit Windows 7, you should both the 32-bit & 64-bit files.
Close any programs you may have running - especially your web browser.
Click the Start button , click Control Panel, next select Programs, and then select Programs and Features and remove all prior versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u30-windows-i586-s.exe to install the newest version.
Do the same fo jre-6u30-windows-x64.exe if this is a 64-bit Windows o.s.

After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
  [*]Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 30 from Sun Microsystems Inc.

Step 2

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader:

Click the Start button , click Control Panel, next select Programs : Remove Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Step 3

Please RIGHT-click OTL.exe & select Run As Administrator to start it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
*****************************************************************
:processes
killallprocesses
:files
recycler /alldrives
C:\Users\N0ISV_NZXT\AppData\Local\dfqoxtgnvs.exe
C:\Users\N0ISV_NZXT\AppData\Local\gryklup.exe
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
*****************************************************************
Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
Close any browser(s) windows that may be open.
Using your mouse, click on the red-lettered button Run Fix.
Once you see a message box "Fix complete! Click OK to open the fix log."
Click the OK button
The log will open in Notepad (your default text editor).
Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

and also advise me, as to how your system is now?

Maurice Naggar · February 2, 2012

Please provide an update on your pc status.

Maurice Naggar · February 6, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

DDS and attach file ask asked for - security shield ?

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information