Chinabob issues

ChinaBob · February 7, 2012

I've been running into something that sounds very similar - I had the Google redirecting - and had to reset my proxy settings each boot - and now, I can't get to my network at all, either wired or wireless. I was getting ready to go back to an image I made 6 months ago but would MUCH rather get some help to fix this. What do you suggest? Should I start another thread? What data do you need? Thanks.

Just to add to my situation - I installed BitDefender and it's saying beware of potential threat with configremote.exe and krnlhtml.exe. Searching on those indicates they don't sound healthy .. and that's how I got to this forum.

Maurice Naggar · February 7, 2012

Forum rules do NOT allow for you to tag-on your problem into another member's topic in the Malware Removal forum !

Your post has been moved here.

Print out, read and follow the directions here, skipping any steps you are unable to complete.

Copy & Paste into your reply here MBAM scan log & the DDS logs. Do not attach them.

After posting your reply make sure you click on button Follow this topic at top of forum-topic window.

ChinaBob · February 8, 2012

Thanks for the guidance ..

I ran the MBAM scan twice - The first one found 16 infections. Then I rebooted and ran again - no infections. Following are those two logs, the dss.txt and attach.txt files:

*************************************************

mbam-log-2012-02-07 (16-06-08)

*************************************************

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7035

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2/7/2012 4:06:08 PM

mbam-log-2012-02-07 (16-06-08).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 347823

Time elapsed: 34 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 6

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 10

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\configremote (Trojan.FakeMS) -> Value: configremote -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\configremote (Trojan.FakeMS) -> Value: configremote -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\configremote (Trojan.FakeMS) -> Value: configremote -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\krnlhtml (Trojan.FakeMS) -> Value: krnlhtml -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\krnlhtml (Trojan.FakeMS) -> Value: krnlhtml -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\krnlhtml (Trojan.FakeMS) -> Value: krnlhtml -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\programdata\configremote.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\krnlhtml.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Users\BobA\AppData\Roaming\krnlhtml.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\$Recycle.Bin\s-1-5-21-3432030905-1968563500-853908778-1000\$RTTDU0K\11A68.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.

c:\$Recycle.Bin\s-1-5-21-3432030905-1968563500-853908778-1000\$RTTDU0K\42666.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.

c:\$Recycle.Bin\s-1-5-21-3432030905-1968563500-853908778-1000\$RTTDU0K\8F320.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.

c:\Users\BobA\AppData\Local\Temp\wnrxsecaom.exe (Trojan.MSIL) -> Quarantined and deleted successfully.

c:\Users\BobA\AppData\Local\Temp\deviceauto.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\deviceauto.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\eprcr.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

*************************************************

mbam-log-2012-02-07 (16-43-00)

*************************************************

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7035

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2/7/2012 4:43:00 PM

mbam-log-2012-02-07 (16-43-00).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 348115

Time elapsed: 29 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*************************************************

DDS.txt

*************************************************

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Run by BobA at 16:52:14 on 2012-02-07

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3032.1508 [GMT -8:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k NetworkService

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Win7Tools\SysMgmt\Reflect\ReflectService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe

C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Lenovo\Access Connections\AcSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

C:\Windows\system32\SearchIndexer.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe

C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe

C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Bitdefender\Bitdefender 2012\pchooklaunch32.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\RotateImage\RCIMGDIR.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Win7Tools\MMedia\PShopPro\CorelIOMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\ASUS\ASUS Sync\asusUPCTLoader.exe

C:\Win7Tools\Internet\FreeDnldMgr\fdm.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Win7Tools\OpenOffice\program\soffice.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Win7Tools\OpenOffice\program\soffice.bin

C:\Windows\system32\conhost.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Lenovo\Access Connections\Access Connections.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Bitdefender\Bitdefender 2012\odscanui.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Bitdefender\Bitdefender 2012\seccenter.exe

C:\Program Files\Bitdefender\Bitdefender 2012\odscanui.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = http=127.0.0.1:52000

uURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFree.dll

mURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFree.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFree.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\win7tools\internet\freednldmgr\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

TB: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFree.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

uRun: [Free Download Manager] "c:\win7tools\internet\freednldmgr\fdm.exe" -autorun

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t

mRun: [RotateImage] c:\program files\rotateimage\RCIMGDIR.exe

mRun: [picon] "c:\program files\common files\intel\privacy icon\PIconStartup.exe"

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe

mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe

mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup

mRun: [Corel File Shell Monitor] c:\win7tools\mmedia\pshoppro\CorelIOMonitor.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\win7tools\security\mbytes\mbam.exe" /runcleanupscript

mRun: [openvpn-gui] c:\win7tools\security\openvpn\bin\openvpn-gui.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ASUS Sync Loader] "c:\program files\asus\asus sync\asusUPCTLoader.exe" -startup

mRun: [ASUSWebStorage] c:\program files\asus\asus webstorage\3.0.110.223\AsusWSPanel.exe /S

mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"

mRun: [bdinstaller] "e:\32bit\setuplauncher.exe" /run:"e:\32bit\setupdownloader.exe" /args:"/after_restart"

dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe

StartupFolder: c:\users\boba\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\win7tools\openoffice\program\quickstart.exe

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download all with Free Download Manager - file://c:\win7tools\internet\freednldmgr\dlall.htm

IE: Download selected with Free Download Manager - file://c:\win7tools\internet\freednldmgr\dlselected.htm

IE: Download video with Free Download Manager - file://c:\win7tools\internet\freednldmgr\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\win7tools\internet\freednldmgr\dllink.htm

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.109.3

TCP: Interfaces\{59ABA5F9-0A03-49D5-BEF3-6A74B3B9E887} : DhcpNameServer = 192.168.109.10

TCP: Interfaces\{97FFD44C-6249-484C-82C7-7B2C40BBC312} : DhcpNameServer = 192.168.109.3

TCP: Interfaces\{97FFD44C-6249-484C-82C7-7B2C40BBC312}\36563667D277962756C6563737 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{97FFD44C-6249-484C-82C7-7B2C40BBC312}\5374 : DhcpNameServer = 192.168.109.10

TCP: Interfaces\{97FFD44C-6249-484C-82C7-7B2C40BBC312}\84F6D656 : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{F22B4D75-D4BE-4970-A72B-321AA7DE96C9} : DhcpNameServer = 192.168.109.10 205.171.3.65

TCP: Interfaces\{F22B4D75-D4BE-4970-A72B-321AA7DE96C9}\84F6D656 : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{F22B4D75-D4BE-4970-A72B-321AA7DE96C9}\A456375737C4F667563795F657 : DhcpNameServer = 192.168.109.10 205.171.3.65

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

Notify: igfxcui - igfxdev.dll

LSA: Notification Packages = scecli ACGina

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\boba\appdata\roaming\mozilla\firefox\profiles\zzhdwo24.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.scanquery.com/?tmp=nemo_results_removelink&prt=ScnqryPB&keywords=

FF - component: c:\win7tools\internet\firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\boba\appdata\roaming\mozilla\firefox\profiles\zzhdwo24.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\win7tools\internet\firefox\plugins\npclntax_ClickPotatoLiteSA.dll

FF - plugin: c:\win7tools\internet\firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2011-5-26 577608]

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-1-20 25968]

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-7-1 16024]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-3-1 74320]

R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2011-3-1 90704]

R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-1-20 13680]

R1 SASDIFSV;SASDIFSV;c:\users\boba\appdata\local\temp\sas_selfextract\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\users\boba\appdata\local\temp\sas_selfextract\saskutil.sys [2011-7-12 67664]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-1-20 50536]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2011-1-20 74088]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-1-20 93032]

R2 ReflectService;Macrium Reflect Image Mounting Service;c:\win7tools\sysmgmt\reflect\ReflectService.exe [2011-7-1 220824]

R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-11-10 520040]

R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-11-9 370504]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-1-20 99328]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-1-20 64440]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2011-1-20 2058776]

R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2011-7-11 50128]

R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\RCUVCMNP.sys [2011-1-20 187776]

R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-5-6 238664]

R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2011-5-26 445512]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]

R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-10-18 7122944]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-27 136176]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-1-20 45496]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-6-17 63568]

S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-1-20 128360]

S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\boba\appdata\local\temp\onlinescanner\anti-virus\fsgk.sys [2011-5-14 70144]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-27 136176]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 PCDSRVC{3037D694-FD904ACA-06020101}_0;PCDSRVC{3037D694-FD904ACA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-12-9 21744]

S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-1-20 79208]

S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2004-6-23 23552]

S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-7-6 307544]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-21 1343400]

S4 ApRunSvc;Alps Application Launcher Service;c:\program files\apoint2k\aprunsvc.exe --> c:\program files\apoint2k\ApRunSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-07 22:41:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-02-07 22:41:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-07 06:02:19 22077 ----a-w- c:\programdata\1328594531.bdinstall.bin

2012-02-07 05:32:32 560315 ----a-w- c:\programdata\1328592627.bdinstall.bin

2012-02-07 05:31:40 -------- d-----w- c:\users\boba\appdata\roaming\Bitdefender

2012-02-07 05:31:35 -------- d-----w- c:\programdata\Bitdefender

2012-02-07 05:31:15 -------- d-----w- c:\program files\Bitdefender

2012-02-07 05:30:32 309320 ----a-w- c:\windows\system32\drivers\trufos.sys

2012-02-07 05:30:31 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2012-02-07 05:29:42 -------- d-----w- c:\program files\common files\Bitdefender

2012-01-30 08:41:36 -------- d-----w- c:\users\boba\appdata\local\{9EA90F61-C4BA-46D1-BDA8-6DA495856C1E}

2012-01-30 08:41:36 -------- d-----w- c:\users\boba\appdata\local\{823EB11B-C958-4633-9602-6A5835532D78}

2012-01-28 07:19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-28 07:15:09 -------- d-----w- c:\users\boba\appdata\roaming\F4A2E

2012-01-27 07:52:50 -------- d-----w- c:\program files\2EFF7

2012-01-27 06:11:38 -------- d-----w- c:\windows\Microsoft Antimalware

2012-01-27 06:11:34 -------- d-----w- c:\windows\Windows Defender Offline

2012-01-27 06:00:54 128512 ----a-w- c:\programdata\microsoft\windows\drm\ncrypt.dll

2012-01-27 06:00:42 128512 ----a-w- c:\programdata\microsoft\windows\drm\30D0.tmp

2012-01-27 05:58:35 -------- d-----w- c:\program files\LP

2012-01-27 05:55:04 -------- d-----w- c:\users\boba\appdata\local\SanctionedMedia

2012-01-25 08:28:15 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{13c599ea-5342-4d27-9570-d60d555b4415}\offreg.dll

2012-01-25 05:33:18 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{13c599ea-5342-4d27-9570-d60d555b4415}\mpengine.dll

2012-01-21 06:59:23 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2012-01-13 05:43:03 -------- d-----w- C:\temp

2012-01-13 05:37:42 -------- d-----w- c:\programdata\Splashtop

2012-01-13 05:37:24 -------- d-----w- c:\program files\Splashtop

2012-01-13 05:36:45 -------- d-----w- c:\users\boba\appdata\local\{BA5F88F1-D2F2-4E27-85A3-42F74C7F2FC2}

2012-01-13 05:36:33 -------- d-----w- c:\users\boba\appdata\roaming\ASUS WebStorage

2012-01-13 05:36:29 -------- d-----w- c:\programdata\ASUS WebStorage

2012-01-13 05:36:20 -------- d-----w- c:\users\boba\appdata\roaming\ASUS

2012-01-13 05:35:41 -------- d-----w- c:\users\boba\appdata\local\Downloaded Installations

2012-01-13 05:35:34 -------- d-----w- c:\program files\ASUS

2012-01-13 05:35:04 -------- d-----w- c:\program files\MSXML 4.0

2012-01-13 05:10:34 -------- d-----w- c:\users\boba\appdata\roaming\eCareme

2012-01-10 22:07:02 -------- d-sh--w- C:\found.000

.

==================== Find3M ====================

.

2012-01-27 05:57:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys

2011-11-19 14:06:13 67072 ----a-w- c:\windows\system32\packager.dll

2011-11-17 05:48:29 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2011-11-17 05:48:24 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2011-11-17 05:42:48 369352 ----a-w- c:\windows\system32\drivers\cng.sys

2011-11-17 05:41:38 1288984 ----a-w- c:\windows\system32\ntdll.dll

2011-11-17 05:39:28 314368 ----a-w- c:\windows\system32\webio.dll

2011-11-17 05:39:24 99840 ----a-w- c:\windows\system32\sspicli.dll

2011-11-17 05:39:24 15360 ----a-w- c:\windows\system32\sspisrv.dll

2011-11-17 05:39:21 224768 ----a-w- c:\windows\system32\schannel.dll

2011-11-17 05:39:21 22016 ----a-w- c:\windows\system32\secur32.dll

2011-11-17 05:38:39 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2011-11-17 05:36:26 22528 ----a-w- c:\windows\system32\lsass.exe

2011-11-15 22:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe

2008-03-19 23:50:26 97280 ----a-w- c:\program files\common files\pcsbClean.exe

2008-03-07 03:31:44 134656 ----a-w- c:\program files\common files\PCSBoff.exe

.

============= FINISH: 16:53:49.78 ===============

*************************************************

Attach.txt

*************************************************

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 1/15/2011 4:14:47 PM

System Uptime: 2/7/2012 4:06:58 PM (0 hours ago)

.

Motherboard: LENOVO | | 4057BP9

Processor: Intel® Core2 Duo CPU U9400 @ 1.40GHz | None | 1401/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 55 GiB total, 10.282 GiB free.

D: is FIXED (NTFS) - 184 GiB total, 111.281 GiB free.

E: is Removable

F: is Removable

R: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Fingerprint Sensor

Device ID: USB\VID_08FF&PID_2810\5&146CC813&0&2

Manufacturer:

Name: Fingerprint Sensor

PNP Device ID: USB\VID_08FF&PID_2810\5&146CC813&0&2

Service:

.

==== System Restore Points ===================

.

RP100: 1/30/2012 12:00:01 AM - Scheduled Checkpoint

RP101: 2/6/2012 9:37:22 PM - Restore Operation

.

==== Installed Programs ======================

.

Access Help

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.0

Apple Application Support

Apple Software Update

Applian FLV Player

ASUS Android USB Drivers

ASUS Sync

ASUS WebStorage

BibleWorks 8

Bitdefender Internet Security 2012

blinkx beat

Conduit Engine

Conexant 20561 SmartAudio HD

Corel Paint Shop Pro Photo X2

D3DX10

Free Download Manager 3.0

Free Sound Recorder v9.2.3

FreeSoundRecorder Toolbar

Google Chrome

Google Update Helper

ImgBurn

Integrated Camera Driver Installer Package Ver.1.32.500.0

Intel PROSet Wireless

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Interface

Intel® PROSet/Wireless WiFi Software

Intel® Active Management Technology

Japanese Fonts Support For Adobe Reader 9

Java Auto Updater

Java 6 Update 24

Lenovo Auto Scroll Utility

Lenovo Hard Drive Quick Test

Lenovo System Interface Driver

Lenovo ThinkVantage Toolbox

Macrium Reflect - Free Edition

Malwarebytes' Anti-Malware version 1.51.1.1800

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 8.0.1 (x86 en-US)

Mozilla Firefox 9.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Octoshape add-in for Adobe Flash Player

On Screen Display

OpenOffice.org 3.3

OpenVPN 2.2.1

PC Study Bible (remove only)

QuickTime

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Skype Toolbars

Skype™ 5.3

Splashtop Streamer

System Update

The Rosetta Stone

ThinkPad FullScreen Magnifier

ThinkPad Hotkey Features Integration Setup

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Access Connections

ThinkVantage Active Protection System

ThinkVantage Communications Utility

TrueCrypt

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

WinRAR archiver

WOT for Internet Explorer

Xvid 1.2.2 final uninstall

Zoner Photo Studio 13 FREE

.

==== Event Viewer Messages From Past Week ========

.

2/7/2012 4:14:20 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Tdx. This service might not be installed.

2/7/2012 4:14:20 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

2/7/2012 4:10:42 PM, Error: Service Control Manager [7016] - The BitDefender Virus Shield service has reported an invalid current state 14.

2/7/2012 4:09:35 PM, Error: Service Control Manager [7034] - The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s).

2/7/2012 4:07:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdselfpr

2/7/2012 4:07:28 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

2/7/2012 4:07:27 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

2/7/2012 4:07:25 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

2/7/2012 4:07:24 PM, Error: Service Control Manager [7003] - The DNS Client service depends the following service: Tdx. This service might not be installed.

2/6/2012 9:26:45 PM, Error: Service Control Manager [7000] - The Offline Files service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

2/6/2012 9:26:45 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

2/6/2012 8:14:08 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

2/6/2012 8:13:57 PM, Error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

2/2/2012 8:59:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xd38fc640, 0x00000002, 0x00000000, 0x82e766fd). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020212-14008-01.

2/2/2012 8:57:46 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).

2/2/2012 8:57:46 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).

2/2/2012 8:57:46 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).

2/2/2012 8:57:46 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).

2/2/2012 8:57:46 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).

2/2/2012 8:57:46 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).

2/2/2012 8:57:46 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).

2/2/2012 8:57:46 AM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).

2/2/2012 8:57:46 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/2/2012 4:51:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

2/2/2012 4:49:51 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

2/2/2012 4:49:51 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/2/2012 4:49:51 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/2/2012 4:49:51 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/2/2012 4:49:51 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/2/2012 4:49:51 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/2/2012 4:49:51 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/2/2012 4:49:51 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/2/2012 4:49:51 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/2/2012 4:49:51 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/2/2012 4:49:51 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/2/2012 2:19:07 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).

2/2/2012 2:19:07 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

2/2/2012 2:19:07 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

2/2/2012 2:19:07 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/2/2012 2:19:07 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/2/2012 2:19:07 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

2/2/2012 2:19:07 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/2/2012 2:19:07 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

2/2/2012 2:19:07 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/2/2012 12:50:54 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/1/2012 7:33:58 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

2/1/2012 7:31:58 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/1/2012 10:53:02 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.

2/1/2012 10:50:44 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service.

2/1/2012 10:50:11 PM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: A thread could not be created for the service.

.

==== End Of File ===========================

Maurice Naggar · February 8, 2012

Hello ChinaBob,

Do no websurfing, no web searches of any sort. Just only go to this forum and sites I guide you to.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

Click the Start button , and then click Control Panel >> Appearance and Personalization >> Folder Options.
Click the View tab.
Under Advanced settings, click Show hidden files, folders, and drives, and then click OK.
Click Apply > OK.

Step 3

The MBAM version you have is an older one, as also are it's definitions.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

Repeat the Check for Updates until it indicates you have the latest.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

A full scan will take an hour or more, but is well worth it to insure there are no obvious malwares.

I will need a copy of that log.

Step 4

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft...&displaylang=en

It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

If and only if your system is Windows 7 x64, Vista x64, Windows XP x64 and Windows 2003 x64 computers.

Get Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

http://www.microsoft...&displaylang=en

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.micro...om/?kbid=890830

If no infections were found, you will see in your log

Results Summary:
----------------
No infection found.

Step 5

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

This next process will require a Reboot/Restart. Allow it to do so.

Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
*****************************************************************
:processes
killallprocesses
:files
recycler /alldrives
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
*****************************************************************
Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
Close any browser(s) windows that may be open.
Using your mouse, click on the red-lettered button Run Fix.
Once you see a message box "Fix complete! Click OK to open the fix log."
Click the OK button
The log will open in Notepad (your default text editor).
Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Reply with copy of contents of the last MBAM scan log,

the MRT.log

the OTL MovedFiles log

There will be more to do after all this.

ChinaBob · February 9, 2012

Step 1: Complete

Step 2: Complete

Step 3: I have no networking on this system so was not able to update the database. I did download the latest MBAM to another machine and installed it. The database is almost a month out-of-date. For an earlier version, I was able to copy the rules.ref file from another machine .. but that didn't work for this version of MBAM. Here's the log:

#######################################

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.01.13.04

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

BobA :: KINGSPEACE [administrator]

2/8/2012 7:22:58 PM

mbam-log-2012-02-08 (19-22-58).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 344050

Time elapsed: 48 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

#######################################

Step 4: Complete - Here's the log

#######################################

Microsoft Windows Malicious Software Removal Tool v4.4, January 2012

Started On Wed Feb 08 20:17:31 2012

Extended Scan Results

----------------

->Scan ERROR: resource process://pid:5760 (code 0x00000005 (5))

->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))

->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))

->Scan ERROR: resource file://C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{46f1e63a-514c-11e1-b303-00247e11a685}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{d0cdc472-4acb-11e1-bec5-00247e11a685}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

No infection found as part of the extended scan

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 08 21:32:39 2012

Return code: 0 (0x0)

#######################################

Step 5: Completed. Here's the log ..

#######################################

All processes killed

========== PROCESSES ==========

========== FILES ==========

recycler not found in C:\

recycler not found in D:\

recycler not found in E:\

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: BobA

->Temp folder emptied: 886782596 bytes

->Temporary Internet Files folder emptied: 188656467 bytes

->Java cache emptied: 256173 bytes

->FireFox cache emptied: 145871937 bytes

->Google Chrome cache emptied: 47616207 bytes

->Flash cache emptied: 1279493 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: PSC

->Temp folder emptied: 19488997 bytes

->Temporary Internet Files folder emptied: 1524587 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 133454802 bytes

RecycleBin emptied: 667100485 bytes

Total Files Cleaned = 1,995.00 mb

[EMPTYFLASH]

User: All Users

User: BobA

->Flash cache emptied: 0 bytes

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: PSC

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02082012_214239

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#######################################

Maurice Naggar · February 9, 2012

The MS MSRT result is very good. The MBAM run (even with out of date defs) is encouraging.

Make sure that today you do a new fresh start of Windows 7.

Close all open windows on the Task Bar. RIGHT-click OTL.exe and choose Run As Administrator.
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):

the contents of OTL.txt;
the contents of Extras.txt ; and
the contents of checkup.txt

Edited February 9, 2012 by Maurice Naggar

ChinaBob · February 10, 2012

#######################################

OTL.txt

#######################################

OTL logfile created on: 2/9/2012 6:41:24 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\BobA\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 65.30% Memory free

5.92 Gb Paging File | 4.72 Gb Available in Paging File | 79.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 54.78 Gb Total Space | 11.96 Gb Free Space | 21.84% Space Free | Partition Type: NTFS

Drive D: | 183.60 Gb Total Space | 111.26 Gb Free Space | 60.60% Space Free | Partition Type: NTFS

Drive E: | 486.05 Mb Total Space | 17.82 Mb Free Space | 3.67% Space Free | Partition Type: FAT

Computer Name: KINGSPEACE | User Name: BobA | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/08 19:10:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\BobA\Desktop\OTL.exe

PRC - [2011/12/12 10:36:00 | 000,638,976 | ---- | M] (Futuredial Inc.) -- C:\Program Files\ASUS\ASUS Sync\asusUPCTLoader.exe

PRC - [2011/11/10 10:51:28 | 000,520,040 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe

PRC - [2011/11/10 10:51:26 | 002,468,200 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe

PRC - [2011/11/09 22:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe

PRC - [2011/07/15 20:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/07/11 19:42:14 | 001,381,352 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe

PRC - [2011/07/11 19:40:48 | 001,520,432 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

PRC - [2011/07/11 19:33:26 | 000,050,128 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe

PRC - [2011/07/11 19:33:04 | 000,066,072 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\pchooklaunch32.exe

PRC - [2011/07/01 03:55:20 | 000,220,824 | ---- | M] () -- C:\Win7Tools\SysMgmt\Reflect\ReflectService.exe

PRC - [2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/02/18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe

PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Win7Tools\OpenOffice\program\soffice.exe

PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Win7Tools\OpenOffice\program\soffice.bin

PRC - [2010/12/16 03:40:00 | 000,057,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE

PRC - [2010/12/03 18:19:50 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

PRC - [2010/12/03 18:19:32 | 000,258,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2010/12/03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe

PRC - [2010/12/02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2010/11/29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

PRC - [2010/10/19 14:25:18 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2010/10/19 14:02:42 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2010/09/17 17:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe

PRC - [2010/09/17 17:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe

PRC - [2010/09/17 17:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe

PRC - [2010/07/27 13:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

PRC - [2010/07/27 13:51:54 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

PRC - [2010/07/27 13:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe

PRC - [2010/04/28 21:28:18 | 003,727,411 | ---- | M] (FreeDownloadManager.ORG) -- C:\Win7Tools\Internet\FreeDnldMgr\fdm.exe

PRC - [2010/04/07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

PRC - [2010/04/01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

PRC - [2010/02/04 12:14:20 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

PRC - [2010/02/04 12:14:14 | 000,358,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe

PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2008/10/30 15:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\RotateImage\RCIMGDIR.exe

PRC - [2008/08/08 17:30:44 | 000,016,712 | R--- | M] () -- C:\Win7Tools\MMedia\PShopPro\CorelIOMonitor.exe

PRC - [2008/08/08 17:30:40 | 000,532,808 | R--- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/02 20:38:55 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a72ed18d2df70f09c57cf914ce591306\Microsoft.VisualBasic.ni.dll

MOD - [2011/12/26 11:14:00 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll

MOD - [2011/12/26 11:13:48 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll

MOD - [2011/12/26 11:12:53 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll

MOD - [2011/12/26 11:12:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll

MOD - [2011/12/26 11:12:42 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll

MOD - [2011/12/26 11:12:34 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll

MOD - [2011/12/12 10:36:00 | 000,559,244 | ---- | M] () -- C:\Program Files\ASUS\ASUS Sync\sqlite3.7.dll

MOD - [2011/12/12 10:36:00 | 000,516,599 | ---- | M] () -- C:\Program Files\ASUS\ASUS Sync\sqlite3.dll

MOD - [2011/12/12 10:36:00 | 000,352,256 | ---- | M] () -- C:\Program Files\ASUS\ASUS Sync\asusDetect.dll

MOD - [2011/12/12 10:36:00 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Sync\asusDetectLegend.dll

MOD - [2011/12/12 10:36:00 | 000,139,264 | ---- | M] () -- C:\Program Files\ASUS\ASUS Sync\asusDisk.dll

MOD - [2011/12/12 10:36:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\ASUS Sync\fdHttpd.dll

MOD - [2011/07/11 19:32:36 | 000,093,888 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\popup.dll

MOD - [2011/07/11 19:26:50 | 000,109,856 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll

MOD - [2011/07/11 19:25:58 | 000,151,592 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll

MOD - [2011/07/08 13:59:24 | 000,091,136 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\popup.ui

MOD - [2011/07/06 18:13:14 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll

MOD - [2011/01/31 23:00:47 | 000,985,088 | ---- | M] () -- C:\Win7Tools\OpenOffice\program\libxml2.dll

MOD - [2010/12/16 03:40:00 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL

MOD - [2010/09/02 03:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.110.223\AsusWSShellExt.dll

MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2010/03/05 03:56:02 | 001,720,320 | ---- | M] () -- C:\Win7Tools\Internet\FreeDnldMgr\fdmbtsupp.dll

MOD - [2008/12/30 00:03:26 | 000,098,304 | ---- | M] () -- C:\Win7Tools\Internet\FreeDnldMgr\iefdm2.dll

MOD - [2008/08/08 17:30:44 | 000,016,712 | R--- | M] () -- C:\Win7Tools\MMedia\PShopPro\CorelIOMonitor.exe

MOD - [2007/12/06 03:50:44 | 000,401,408 | ---- | M] () -- C:\Win7Tools\Internet\FreeDnldMgr\FUM\fumcore.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (ApRunSvc)

SRV - [2011/12/21 03:00:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011/11/10 10:51:28 | 000,520,040 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)

SRV - [2011/11/09 22:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)

SRV - [2011/07/11 19:40:48 | 001,520,432 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)

SRV - [2011/07/11 19:33:26 | 000,050,128 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)

SRV - [2011/07/06 17:48:02 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)

SRV - [2011/07/01 03:55:20 | 000,220,824 | ---- | M] () [Auto | Running] -- C:\Win7Tools\SysMgmt\Reflect\ReflectService.exe -- (ReflectService)

SRV - [2011/07/01 01:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Win7Tools\Security\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV - [2011/02/18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2010/12/16 03:40:00 | 000,128,360 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)

SRV - [2010/12/16 03:40:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)

SRV - [2010/12/03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)

SRV - [2010/12/02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2010/11/24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV - [2010/10/19 14:25:18 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2010/10/19 14:02:42 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2010/09/17 17:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)

SRV - [2010/09/17 17:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2010/07/27 13:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)

SRV - [2010/07/27 13:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)

SRV - [2010/04/07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)

SRV - [2010/02/04 12:14:20 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/02/04 12:14:06 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®

SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV - [2012/02/09 18:39:36 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011/07/06 17:48:00 | 000,309,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)

DRV - [2011/07/01 03:55:37 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\pssnap.sys -- (pssnap)

DRV - [2011/07/01 01:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)

DRV - [2011/06/23 14:58:32 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)

DRV - [2011/06/17 19:54:44 | 000,063,568 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdsandbox.sys -- (bdsandbox)

DRV - [2011/05/26 21:16:32 | 000,445,512 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)

DRV - [2011/05/26 21:16:30 | 000,577,608 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avc3.sys -- (avc3)

DRV - [2011/05/06 11:29:46 | 000,238,664 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avchv.sys -- (avchv)

DRV - [2011/03/24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)

DRV - [2011/03/01 17:45:36 | 000,074,320 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)

DRV - [2011/03/01 17:45:32 | 000,090,704 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)

DRV - [2011/02/27 19:12:04 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)

DRV - [2010/12/16 03:40:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)

DRV - [2010/12/16 03:40:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)

DRV - [2010/12/09 15:09:16 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020101}_0)

DRV - [2010/10/18 02:20:48 | 007,122,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®

DRV - [2010/09/07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2010/06/16 13:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)

DRV - [2010/06/16 13:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)

DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\System32\drivers\bdvedisk.sys -- (BDVEDISK)

DRV - [2009/12/09 13:54:46 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2009/10/23 13:40:30 | 000,187,776 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RCUVCMNP.sys -- (5U875UVC)

DRV - [2009/10/05 17:56:06 | 000,460,800 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2009/09/10 19:00:12 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 17:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/13 17:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/13 17:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/13 15:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/13 15:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 15:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/13 15:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2009/07/13 14:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®

DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®

DRV - [2009/06/23 12:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2007/02/18 21:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)

DRV - [2004/06/23 17:54:12 | 000,023,552 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 37 E3 3F 4B B5 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/

IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52000

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165

FF - prefs.js..keyword.URL: "http://www.scanquery.com/?tmp=nemo_results_removelink&prt=ScnqryPB&keywords="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Win7Tools\Internet\FireFox\components [2012/01/11 12:35:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Win7Tools\Internet\FireFox\plugins [2012/01/11 08:19:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/02/06 21:31:39 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Win7Tools\Internet\FireFox\components [2012/01/11 12:35:50 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Win7Tools\Internet\FireFox\plugins [2012/01/11 08:19:11 | 000,000,000 | ---D | M]

[2011/01/21 22:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BobA\AppData\Roaming\Mozilla\Extensions

[2012/02/01 19:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BobA\AppData\Roaming\Mozilla\Firefox\Profiles\zzhdwo24.default\extensions

[2011/12/26 10:19:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\BobA\AppData\Roaming\Mozilla\Firefox\Profiles\zzhdwo24.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012/02/01 19:31:12 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\BobA\AppData\Roaming\Mozilla\Firefox\Profiles\zzhdwo24.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2012/01/09 16:29:43 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\BobA\AppData\Roaming\Mozilla\Firefox\Profiles\zzhdwo24.default\extensions\foxmarks@kei.com

[2011/04/13 19:13:18 | 000,001,919 | ---- | M] () -- C:\Users\BobA\AppData\Roaming\Mozilla\Firefox\Profiles\zzhdwo24.default\searchplugins\bing-zugo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Entanglement = C:\Users\BobA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\

CHR - Extension: FreeSoundRecorder = C:\Users\BobA\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkakpihealnpggeceajhaonlmgdkaip\2.3.3.3_0\

CHR - Extension: Poppit = C:\Users\BobA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/02/08 21:42:50 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)

O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll File not found

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Win7Tools\Internet\FreeDnldMgr\iefdm2.dll ()

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()

O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (FreeSoundRecorder Toolbar) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll File not found

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ASUS Sync Loader] C:\Program Files\ASUS\ASUS Sync\asusUPCTLoader.exe (Futuredial Inc.)

O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.110.223\AsusWSPanel.exe (ecareme)

O4 - HKLM..\Run: [bDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)

O4 - HKLM..\Run: [bdinstaller] "E:\32bit\setuplauncher.exe" /run:"E:\32bit\setupdownloader.exe" /args:"/after_restart" File not found

O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Win7Tools\MMedia\PShopPro\CorelIOMonitor.exe ()

O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)

O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Win7Tools\Security\MBytes\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [openvpn-gui] C:\Win7Tools\Security\OpenVPN\bin\openvpn-gui.exe File not found

O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe ()

O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [RotateImage] C:\Program Files\RotateImage\RCIMGDIR.exe (Ricoh co.,Ltd.)

O4 - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4 - HKCU..\Run: [Free Download Manager] C:\Win7Tools\Internet\FreeDnldMgr\fdm.exe (FreeDownloadManager.ORG)

O4 - Startup: C:\Users\BobA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Win7Tools\OpenOffice\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Download all with Free Download Manager - C:\Win7Tools\Internet\FreeDnldMgr\dlall.htm ()

O8 - Extra context menu item: Download selected with Free Download Manager - C:\Win7Tools\Internet\FreeDnldMgr\dlselected.htm ()

O8 - Extra context menu item: Download video with Free Download Manager - C:\Win7Tools\Internet\FreeDnldMgr\dlfvideo.htm ()

O8 - Extra context menu item: Download with Free Download Manager - C:\Win7Tools\Internet\FreeDnldMgr\dllink.htm ()

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.109.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59ABA5F9-0A03-49D5-BEF3-6A74B3B9E887}: DhcpNameServer = 192.168.109.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97FFD44C-6249-484C-82C7-7B2C40BBC312}: DhcpNameServer = 192.168.109.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F22B4D75-D4BE-4970-A72B-321AA7DE96C9}: DhcpNameServer = 192.168.109.10 205.171.3.65

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/09 18:40:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\BobA\Desktop\OTL.exe

[2012/02/09 18:39:20 | 014,475,568 | ---- | C] (Microsoft Corporation) -- C:\Users\BobA\Desktop\MS-MaliciousSoftwareRemovalTool_windows-kb890830-v4.4.exe

[2012/02/08 20:15:25 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012/02/08 19:16:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/02/08 19:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/02/08 19:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/02/07 16:51:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\BobA\Desktop\dds.scr

[2012/02/07 14:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/07 14:41:03 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/02/06 21:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2012

[2012/02/06 21:31:40 | 000,000,000 | ---D | C] -- C:\Users\BobA\AppData\Roaming\Bitdefender

[2012/02/06 21:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender

[2012/02/06 21:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender

[2012/02/06 21:30:32 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys

[2012/02/06 21:30:31 | 000,353,096 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdfsfltr.sys

[2012/02/06 21:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender

[2012/02/02 08:59:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/01/30 00:41:36 | 000,000,000 | ---D | C] -- C:\Users\BobA\AppData\Local\{9EA90F61-C4BA-46D1-BDA8-6DA495856C1E}

[2012/01/30 00:41:36 | 000,000,000 | ---D | C] -- C:\Users\BobA\AppData\Local\{823EB11B-C958-4633-9602-6A5835532D78}

[2012/01/27 23:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/01/27 23:15:09 | 000,000,000 | ---D | C] -- C:\Users\BobA\AppData\Roaming\F4A2E

[2012/01/26 23:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\2EFF7

[2012/01/26 22:11:38 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware

[2012/01/26 22:11:34 | 000,000,000 | ---D | C] -- C:\Windows\Windows Defender Offline

[2012/01/26 21:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\LP

[2012/01/26 21:55:04 | 000,000,000 | ---D | C] -- C:\Users\BobA\AppData\Local\SanctionedMedia

[2012/01/12 21:43:03 | 000,000,000 | ---D | C] -- C:\temp

[2012/01/12 21:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop

[2012/01/12 21:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote

[2012/01/12 21:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Splashtop

[2012/01/12 21:36:45 | 000,000,000 | ---D | C] -- C:\Users\BobA\AppData\Local\{BA5F88F1-D2F2-4E27-85A3-42F74C7F2FC2}

[2012/01/12 21:36:40 | 000,000,000 | ---D | C] -- C:\Users\BobA\Documents\Asus WebStorage

[2012/01/12 21:36:33 | 000,000,000 | ---D | C] -- C:\Users\BobA\AppData\Roaming\ASUS WebStorage

[2012/01/12 21:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS WebStorage

[2012/01/12 21:36:20 | 000,000,000 | ---D | C] -- C:\Users\BobA\AppData\Roaming\ASUS

[2012/01/12 21:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS

[2012/01/12 21:35:41 | 000,000,000 | ---D | C] -- C:\Users\BobA\AppData\Local\Downloaded Installations

[2012/01/12 21:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS

[2012/01/12 21:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2012/01/12 21:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2012/01/12 21:10:34 | 000,000,000 | ---D | C] -- C:\Users\BobA\AppData\Roaming\eCareme

[2012/01/12 21:10:20 | 000,000,000 | ---D | C] -- C:\Users\BobA\AppData\Roaming\WinRAR

[2012/01/12 21:09:45 | 000,000,000 | ---D | C] -- C:\Users\BobA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/01/12 21:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/01/12 21:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2012/01/12 17:39:48 | 000,000,000 | ---D | C] -- C:\Users\BobA\AppData\Roaming\Download Manager

[2011/01/20 00:58:59 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2012/02/09 18:41:08 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/02/09 18:41:08 | 000,386,040 | ---- | M] () -- C:\Windows\System32\prfh0404.dat

[2012/02/09 18:41:08 | 000,369,938 | ---- | M] () -- C:\Windows\System32\prfh0804.dat

[2012/02/09 18:41:08 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/02/09 18:41:08 | 000,104,382 | ---- | M] () -- C:\Windows\System32\prfc0804.dat

[2012/02/09 18:41:08 | 000,099,468 | ---- | M] () -- C:\Windows\System32\prfc0404.dat

[2012/02/09 18:39:36 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012/02/09 18:38:34 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012/02/09 18:38:13 | 000,013,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/09 18:38:13 | 000,013,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/09 18:36:50 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/09 18:30:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/09 18:30:42 | 2384,470,016 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/08 22:11:14 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/08 21:42:50 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2012/02/08 19:17:21 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/08 19:15:08 | 000,000,907 | ---- | M] () -- C:\Users\BobA\Desktop\NTREGOPT.lnk

[2012/02/08 19:15:08 | 000,000,888 | ---- | M] () -- C:\Users\BobA\Desktop\ERUNT.lnk

[2012/02/08 19:10:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\BobA\Desktop\OTL.exe

[2012/02/08 19:07:26 | 014,475,568 | ---- | M] (Microsoft Corporation) -- C:\Users\BobA\Desktop\MS-MaliciousSoftwareRemovalTool_windows-kb890830-v4.4.exe

[2012/02/07 15:37:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\BobA\Desktop\dds.scr

[2012/02/06 22:05:34 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml

[2012/02/06 22:02:19 | 000,022,077 | ---- | M] () -- C:\ProgramData\1328594531.bdinstall.bin

[2012/02/06 21:32:32 | 000,560,315 | ---- | M] () -- C:\ProgramData\1328592627.bdinstall.bin

[2012/02/06 21:31:59 | 000,000,254 | -H-- | M] () -- C:\bdr-conf

[2012/02/06 21:31:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf

[2012/02/06 21:31:41 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2012.lnk

[2012/01/27 23:22:44 | 000,008,020 | ---- | M] () -- C:\ProgramData\22cd857d

[2012/01/27 23:22:44 | 000,007,934 | ---- | M] () -- C:\Users\BobA\AppData\Roaming\749d7bba

[2012/01/27 23:22:44 | 000,007,916 | ---- | M] () -- C:\Users\BobA\AppData\Local\dc4ec575

[2012/01/27 00:14:54 | 000,001,095 | ---- | M] () -- C:\Users\BobA\Desktop\regedit.lnk

[2012/01/26 21:59:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job

[2012/01/26 21:57:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/01/25 18:07:25 | 000,002,299 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/01/20 22:52:42 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012/01/20 22:44:03 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat

[2012/01/20 09:22:35 | 000,000,038 | ---- | M] () -- C:\Users\BobA\Desktop\Time ended recent first.URL

[2012/01/12 21:36:30 | 000,001,217 | ---- | M] () -- C:\Users\Public\Desktop\ASUS WebStorage.lnk

[2012/01/12 21:36:11 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\ASUS Sync.lnk

[2012/01/11 12:36:02 | 000,001,829 | ---- | M] () -- C:\Users\BobA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/01/11 08:19:12 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2012/02/08 19:17:21 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/08 19:15:08 | 000,000,907 | ---- | C] () -- C:\Users\BobA\Desktop\NTREGOPT.lnk

[2012/02/08 19:15:08 | 000,000,888 | ---- | C] () -- C:\Users\BobA\Desktop\ERUNT.lnk

[2012/02/06 22:05:34 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml

[2012/02/06 22:02:19 | 000,022,077 | ---- | C] () -- C:\ProgramData\1328594531.bdinstall.bin

[2012/02/06 21:32:32 | 000,560,315 | ---- | C] () -- C:\ProgramData\1328592627.bdinstall.bin

[2012/02/06 21:31:59 | 027,856,361 | -H-- | C] () -- C:\bdrescue.gz

[2012/02/06 21:31:59 | 002,294,848 | -H-- | C] () -- C:\bdrescue.vm

[2012/02/06 21:31:59 | 000,217,769 | -H-- | C] () -- C:\bdrescue

[2012/02/06 21:31:59 | 000,009,216 | -H-- | C] () -- C:\bdrescue.mbr

[2012/02/06 21:31:59 | 000,000,254 | -H-- | C] () -- C:\bdr-conf

[2012/02/06 21:31:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf

[2012/02/06 21:31:41 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2012.lnk

[2012/01/27 00:14:57 | 000,007,934 | ---- | C] () -- C:\Users\BobA\AppData\Roaming\749d7bba

[2012/01/27 00:14:44 | 000,001,095 | ---- | C] () -- C:\Users\BobA\Desktop\regedit.lnk

[2012/01/26 21:58:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At1.job

[2012/01/26 21:55:40 | 000,008,020 | ---- | C] () -- C:\ProgramData\22cd857d

[2012/01/26 21:55:40 | 000,007,916 | ---- | C] () -- C:\Users\BobA\AppData\Local\dc4ec575

[2012/01/20 09:22:35 | 000,000,038 | ---- | C] () -- C:\Users\BobA\Desktop\Time ended recent first.URL

[2012/01/12 21:36:30 | 000,001,217 | ---- | C] () -- C:\Users\Public\Desktop\ASUS WebStorage.lnk

[2012/01/12 21:36:11 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\ASUS Sync.lnk

[2012/01/11 08:19:12 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/01/11 08:19:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012/01/04 15:53:05 | 000,386,040 | ---- | C] () -- C:\Windows\System32\prfh0404.dat

[2012/01/04 15:53:05 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat

[2012/01/04 15:53:05 | 000,099,468 | ---- | C] () -- C:\Windows\System32\prfc0404.dat

[2012/01/04 15:53:05 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat

[2012/01/04 15:40:39 | 000,369,938 | ---- | C] () -- C:\Windows\System32\prfh0804.dat

[2012/01/04 15:40:39 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat

[2012/01/04 15:40:39 | 000,104,382 | ---- | C] () -- C:\Windows\System32\prfc0804.dat

[2012/01/04 15:40:39 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat

[2011/09/23 15:10:36 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/18 13:35:45 | 000,081,920 | ---- | C] () -- C:\Windows\System32\bwplay.exe

[2011/07/18 13:35:45 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll

[2011/07/18 13:35:44 | 007,533,568 | ---- | C] () -- C:\Windows\System32\bwbits80.dll

[2011/07/18 13:35:44 | 000,181,760 | ---- | C] () -- C:\Windows\System32\patchw32.dll

[2011/07/18 13:35:44 | 000,116,736 | ---- | C] () -- C:\Windows\System32\patchw.dll

[2011/07/18 13:35:44 | 000,058,280 | ---- | C] () -- C:\Windows\System32\bwntsend.dll

[2011/07/18 13:35:44 | 000,058,280 | ---- | C] () -- C:\Windows\System32\bwnthook.dll

[2011/06/17 19:54:16 | 000,021,824 | ---- | C] () -- C:\Windows\System32\bdsandboxuh.dll

[2011/05/28 15:25:26 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat

[2011/03/24 16:47:42 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011/03/24 16:47:42 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011/02/27 16:10:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/02/03 23:13:42 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011/02/03 22:37:45 | 000,004,098 | ---- | C] () -- C:\Windows\SCU.DAT

[2011/02/03 22:27:01 | 000,097,280 | ---- | C] () -- C:\Program Files\Common Files\pcsbClean.exe

[2011/02/03 22:13:33 | 000,006,147 | ---- | C] () -- C:\Windows\PCLICSB.DAT

[2011/02/03 22:13:33 | 000,000,258 | RH-- | C] () -- C:\Windows\System32\LMF.DAT

[2011/02/03 22:12:29 | 000,134,656 | ---- | C] () -- C:\Program Files\Common Files\PCSBoff.exe

[2011/01/20 00:58:59 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2011/01/20 00:58:59 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll

[2011/01/20 00:58:59 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

[2011/01/20 00:58:59 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2011/01/20 00:58:58 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2011/01/20 00:58:57 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 20:33:53 | 000,319,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/13 18:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/13 18:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/13 16:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/07/13 14:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin

[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2009/02/25 22:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config

========== LOP Check ==========

[2012/01/12 21:36:20 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\ASUS

[2012/01/12 21:36:33 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\ASUS WebStorage

[2012/02/06 21:31:40 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\Bitdefender

[2011/03/10 13:31:16 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\CachedFiles

[2012/01/12 21:10:34 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\eCareme

[2011/05/12 22:36:38 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\f-secure

[2012/01/27 23:15:09 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\F4A2E

[2012/02/09 18:43:38 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\Free Download Manager

[2011/05/04 19:31:21 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\Free Sound Recorder

[2011/10/16 20:24:34 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\ImgBurn

[2011/01/31 23:04:20 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\OpenOffice.org

[2011/03/08 23:42:03 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\PwrMgr

[2011/09/23 22:09:02 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\QuickScan

[2011/01/31 23:12:46 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\temp

[2011/02/27 19:13:59 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\TrueCrypt

[2011/06/20 19:35:08 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\Update

[2011/12/18 19:00:22 | 000,000,000 | ---D | M] -- C:\Users\BobA\AppData\Roaming\Zoner

[2012/01/26 21:59:05 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At1.job

[2012/01/20 22:52:42 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2012/02/02 16:49:51 | 000,025,886 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/02/09 18:38:34 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

< End of report >

#######################################

I got infected sometime on 1/26 or 1/27 .. I notice that file F4A2E and several other strangers ..

Extras.txt

#######################################

OTL Extras logfile created on: 2/9/2012 6:41:24 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\BobA\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 65.30% Memory free

5.92 Gb Paging File | 4.72 Gb Available in Paging File | 79.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 54.78 Gb Total Space | 11.96 Gb Free Space | 21.84% Space Free | Partition Type: NTFS

Drive D: | 183.60 Gb Total Space | 111.26 Gb Free Space | 60.60% Space Free | Partition Type: NTFS

Drive E: | 486.05 Mb Total Space | 17.82 Mb Free Space | 3.67% Space Free | Partition Type: FAT

Computer Name: KINGSPEACE | User Name: BobA | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Win7Tools\Internet\FireFox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with Corel Paint Shop Pro Photo X2] -- "C:\Win7Tools\MMedia\PShopPro\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{08B14AF7-8C27-4D4F-A40A-1384B9E636A1}" = Macrium Reflect - Free Edition

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 24

"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Internet Security 2012

"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D289CAC-AD9F-45d9-9D36-524EB7B6C958}" = Lenovo Hard Drive Quick Test

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A89FBFB-EB8D-4612-B558-B6BD1793E243}" = WOT for Internet Explorer

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{82EB6CEA-749A-410F-8AD2-372A286BA3BE}" = Integrated Camera Driver Installer Package Ver.1.32.500.0

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver

"{A2F0A608-3DA1-43E3-A649-E78ED3A60F71}" = ASUS Sync

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0

"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9

"{B038A58E-EAF0-44CB-ADCA-3895ECD0812D}" = BibleWorks 8

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel® PROSet/Wireless WiFi Software

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FC45ED93-6E3D-46BF-B84A-5A5A5C5BEEC9}" = ASUS Android USB Drivers

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Applian FLV Player2.0.24" = Applian FLV Player

"ASUS WebStorage" = ASUS WebStorage

"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

"Bitdefender" = Bitdefender Internet Security 2012

"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD

"conduitEngine" = Conduit Engine

"ERUNT_is1" = ERUNT 1.1j

"Free Download Manager_is1" = Free Download Manager 3.0

"Free Sound Recorder_is1" = Free Sound Recorder v9.2.3

"FreeSoundRecorder Toolbar" = FreeSoundRecorder Toolbar

"Google Chrome" = Google Chrome

"HECI" = Intel® Management Engine Interface

"ImgBurn" = ImgBurn

"LENOVO.SMIIF" = Lenovo System Interface Driver

"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"MESOL" = Intel® Active Management Technology

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)

"OnScreenDisplay" = On Screen Display

"OpenVPN" = OpenVPN 2.2.1

"PC Study Bible" = PC Study Bible (remove only)

"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox

"Power Management Driver" = ThinkPad Power Management Driver

"ProInst" = Intel PROSet Wireless

"The Rosetta Stone" = The Rosetta Stone

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"TrueCrypt" = TrueCrypt

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"Xvid_is1" = Xvid 1.2.2 final uninstall

"ZonerPhotoStudio13_EN_is1" = Zoner Photo Studio 13 FREE

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"blinkx beat" = blinkx beat

"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/7/2012 2:58:29 AM | Computer Name = KingsPeace | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\ASUS\ASUS

Sync\FDAgentForOutlook64.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/7/2012 6:28:19 PM | Computer Name = KingsPeace | Source = Application Error | ID = 1000

Description = Faulting application name: LMS.exe, version: 4.2.0.1036, time stamp:

0x4b6346fc Faulting module name: LMS.exe, version: 4.2.0.1036, time stamp: 0x4b6346fc

Exception

code: 0xc0000005 Fault offset: 0x00014f5c Faulting process id: 0x1674 Faulting application

start time: 0x01cce5e7c8fdac66 Faulting application path: C:\Program Files\Intel\AMT\LMS.exe

Faulting

module path: C:\Program Files\Intel\AMT\LMS.exe Report Id: 0883e91d-51db-11e1-bbb8-00216a8f3206

Error - 2/7/2012 8:09:33 PM | Computer Name = KingsPeace | Source = Application Error | ID = 1000

Description = Faulting application name: LMS.exe, version: 4.2.0.1036, time stamp:

0x4b6346fc Faulting module name: LMS.exe, version: 4.2.0.1036, time stamp: 0x4b6346fc

Exception

code: 0xc0000005 Fault offset: 0x00014f5c Faulting process id: 0xf0c Faulting application

start time: 0x01cce5f5eeeb18d1 Faulting application path: C:\Program Files\Intel\AMT\LMS.exe

Faulting

module path: C:\Program Files\Intel\AMT\LMS.exe Report Id: 2d07845e-51e9-11e1-9c86-00216a8f3206

Error - 2/8/2012 10:58:20 PM | Computer Name = KingsPeace | Source = Application Error | ID = 1000

Description = Faulting application name: LMS.exe, version: 4.2.0.1036, time stamp:

0x4b6346fc Faulting module name: LMS.exe, version: 4.2.0.1036, time stamp: 0x4b6346fc

Exception

code: 0xc0000005 Fault offset: 0x00014f5c Faulting process id: 0x142c Faulting application

start time: 0x01cce6d6abf609ca Faulting application path: C:\Program Files\Intel\AMT\LMS.exe

Faulting

module path: C:\Program Files\Intel\AMT\LMS.exe Report Id: eb836aa2-52c9-11e1-b1c8-00216a8f3206

Error - 2/9/2012 1:38:59 AM | Computer Name = KingsPeace | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: cb0 Start Time:

01cce6ecd5eba9af Termination Time: 15 Application Path: E:\OTL.exe Report Id: 5b03de29-52e0-11e1-b1c8-00216a8f3206

Error - 2/9/2012 1:50:31 AM | Computer Name = KingsPeace | Source = Application Error | ID = 1000

Description = Faulting application name: LMS.exe, version: 4.2.0.1036, time stamp:

0x4b6346fc Faulting module name: LMS.exe, version: 4.2.0.1036, time stamp: 0x4b6346fc

Exception

code: 0xc0000005 Fault offset: 0x00014f5c Faulting process id: 0x17c0 Faulting application

start time: 0x01cce6eebb0c1bff Faulting application path: C:\Program Files\Intel\AMT\LMS.exe

Faulting

module path: C:\Program Files\Intel\AMT\LMS.exe Report Id: f9666b53-52e1-11e1-a7b6-00247e11a685

Error - 2/9/2012 2:08:22 AM | Computer Name = KingsPeace | Source = SideBySide | ID = 16842811

Description = Activation context generation failed for "C:\Program Files\Lenovo\Access

Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files\Lenovo\Access

Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax.

Error - 2/9/2012 2:08:37 AM | Computer Name = KingsPeace | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\ASUS\ASUS

Sync\FDAgentForOutlook64.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/9/2012 2:10:07 AM | Computer Name = KingsPeace | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\ASUS\asus

sync\FDAgentForOutlook64.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/9/2012 10:33:15 PM | Computer Name = KingsPeace | Source = Application Error | ID = 1000

Description = Faulting application name: LMS.exe, version: 4.2.0.1036, time stamp:

0x4b6346fc Faulting module name: LMS.exe, version: 4.2.0.1036, time stamp: 0x4b6346fc

Exception

code: 0xc0000005 Fault offset: 0x00014f5c Faulting process id: 0xf68 Faulting application

start time: 0x01cce79c557c7fcf Faulting application path: C:\Program Files\Intel\AMT\LMS.exe

Faulting

module path: C:\Program Files\Intel\AMT\LMS.exe Report Id: 94d58261-538f-11e1-899d-00216a8f3206

[ System Events ]

Error - 2/9/2012 10:37:59 PM | Computer Name = KingsPeace | Source = Service Control Manager | ID = 7003

Description = The DHCP Client service depends the following service: Tdx. This service

might not be installed.

Error - 2/9/2012 10:37:59 PM | Computer Name = KingsPeace | Source = Service Control Manager | ID = 7001

Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the

DHCP Client service which failed to start because of the following error: %%1075

Error - 2/9/2012 10:37:59 PM | Computer Name = KingsPeace | Source = Service Control Manager | ID = 7003

Description = The DHCP Client service depends the following service: Tdx. This service

might not be installed.

Error - 2/9/2012 10:37:59 PM | Computer Name = KingsPeace | Source = Service Control Manager | ID = 7001

Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the

DHCP Client service which failed to start because of the following error: %%1075

Error - 2/9/2012 10:37:59 PM | Computer Name = KingsPeace | Source = Service Control Manager | ID = 7003

Description = The DHCP Client service depends the following service: Tdx. This service

might not be installed.

Error - 2/9/2012 10:37:59 PM | Computer Name = KingsPeace | Source = Service Control Manager | ID = 7001

Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the

DHCP Client service which failed to start because of the following error: %%1075

Error - 2/9/2012 10:38:00 PM | Computer Name = KingsPeace | Source = Service Control Manager | ID = 7003

Description = The DHCP Client service depends the following service: Tdx. This service

might not be installed.

Error - 2/9/2012 10:38:00 PM | Computer Name = KingsPeace | Source = Service Control Manager | ID = 7001

Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the

DHCP Client service which failed to start because of the following error: %%1075

Error - 2/9/2012 10:38:00 PM | Computer Name = KingsPeace | Source = Service Control Manager | ID = 7003

Description = The DHCP Client service depends the following service: Tdx. This service

might not be installed.

Error - 2/9/2012 10:38:00 PM | Computer Name = KingsPeace | Source = Service Control Manager | ID = 7001

Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the

DHCP Client service which failed to start because of the following error: %%1075

< End of report >

#######################################

Those missing tdx service errors are keeping me from the internet. Whether that's a valid service to have running or not - I don't know. None of my other systems have it running.

checkup.txt

#######################################

Results of screen317's Security Check version 0.99.31

Windows 7 x86 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Bitdefender Internet Security 2012

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 24

Java version out of date!

Adobe Flash Player 11.1.102.55

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (8.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Bitdefender Bitdefender 2012 vsserv.exe

Bitdefender Bitdefender 2012 updatesrv.exe

Bitdefender Bitdefender 2012 bdagent.exe

Bitdefender Bitdefender 2012 pchooklaunch32.exe

``````````End of Log````````````

Maurice Naggar · February 11, 2012

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Hello ChinaBob,

Step 1

This step will involve a Reboot/Restart. Please allow it.

Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
*****************************************************************
:processes
killallprocesses
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HideSCAHealth"=-
:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
*****************************************************************
Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
Close any browser(s) windows that may be open.
Using your mouse, click on the red-lettered button Run Fix.
Once you see a message box "Fix complete! Click OK to open the fix log."
Click the OK button
The log will open in Notepad (your default text editor).
Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

a) Make sure if you opened any apps of yours, that you Exit them.

b) Be sure you are logged in with Admistrator rights account.

c) From Start button, select RUN (or Win-key +R) and in the run-text-box type in

msconfig

and press OK or Enter.

d) You should see the General tab. It should have Normal startup selected (in the radio-box=selection)

IF it does not, then you click on Normal startup.

e) Click on Services tab. To get it's display of services.

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

f) Look at the bottom line Hide all Microsoft services

IF and only IF its is checkmarked, then un-check it.

g) the list of servies may be shown in non-alphabetical order, so ....

Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.

You can toggle as needed to get the desired order.

IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !

h) Then using the scroll-bar scroll down the list

Look for Base filtering engine service Is it shown ? Is it checked ?

Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Security Center. Is it shown? Is it checked? If not, click on chekbox to checkmark.

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

When done, press the Apply button, and the OK button.

You're likely to be prompted to Restart Windows, do so.

If not prompted, you do a Logoff and Restart of Windows.

When finished, Exit out of the services console.

Then report back here with details.

If any of the services are not shown, just let me know which. I can guide you to getting them "corrected".

Press Windows Start-key, select Control Panel, then Action Center. Expand the Security block (click the down arrow).

What does it show for Firewall? and other security related lines ?

Please download Listparts64

RIGHT-Click on it and select Run As Administartor" to Run the tool, click Scan and Attach the log (Result.txt) it makes.

Run SecurityCheck one more time.

Attach the Checkup.txt log

I will need a Copy of the contents of OTLMOvedFiles log,

the results from MSCONFIG review,

the Result.txt log, and

the new Checkup.txt

ChinaBob · February 12, 2012

#######################################

Step 1

#######################################

All processes killed

========== PROCESSES ==========

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideSCAHealth deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: BobA

->Temp folder emptied: 239148 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: PSC

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 28640 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: BobA

->Flash cache emptied: 0 bytes

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: PSC

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02112012_211115

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#######################################

Step 2

#######################################

Look for Base filtering engine service Is it shown ? Is it checked ?

No - No

Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Yes - Yes

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Yes - Yes

Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Yes - Yes

Look for Security Center. Is it shown? Is it checked? If not, click on chekbox to checkmark.

No - No

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

No - No

---------------

After a reboot, I boot into a clean Windows (nothing on my desktop) along with the error:

---------------

Location is not available

C:\Windows\System32\config\systemprofile\desktop refers to a location that is unavailable. It could be on a hard drive ... etc.

---------------

Results from the Action Center:

Security Center Service - off

User account control - on

Network access protection - status not available

Windows Defender - status not available

---------------

When I try to run Listparts64, I get:

---------------

The version of the file is not compatible with the version of Windows you're running. etc.

---------------

I didn't go any further with step 2 ..

Maurice Naggar · February 12, 2012

Sorry, I gave you the 64-bit utility link; yours is a 32-bit Windows. Here's the correct link.

Please download Listparts

RIGHT-Click on it and select Run As Administartor" to Run the tool, click Scan and Attach the log (Result.txt) it makes.

Run SecurityCheck one more time.

Attach the Checkup.txt log

I will need the Result.txt log, and the new Checkup.txt

ChinaBob · February 13, 2012

Thanks for your help. I tried looking for ListParts32.exe - and later realized it was probably named ListParts.exe. At any rate, I ran it.

After running msconfig, it booted normally - not like I stated above. Not sure why.

About how much longer before you think I'll have my system back?

Here's the rest of Step 2:

#######################################

ListParts by Farbar

Ran by BobA on 12-02-2012 at 16:25:24

Windows 7 (X86)

Running From: E:\

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 31%

Total physical RAM: 3032.01 MB

Available physical RAM: 2082.39 MB

Total Pagefile: 6060.24 MB

Available Pagefile: 4950.35 MB

Total Virtual: 2047.88 MB

Available Virtual: 1952.81 MB

======================= Partitions =========================

1 Drive c: (Win7-Ultimate) (Fixed) (Total:54.78 GB) (Free:11.96 GB) NTFS

2 Drive d: (DDrv) (Fixed) (Total:183.6 GB) (Free:111.26 GB) NTFS

3 Drive e: (PUBLIC) (Fixed) (Total:0.47 GB) (Free:0.02 GB) FAT

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 238 GB 0 B

Disk 1 Online 493 MB 6272 KB

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 54 GB 101 MB

Partition 3 Primary 183 GB 54 GB

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C Win7-Ultima NTFS Partition 54 GB Healthy Boot

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D DDrv NTFS Partition 183 GB Healthy

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 486 MB 31 KB

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 E PUBLIC FAT Partition 486 MB Healthy

****** End Of Log ******

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-

Results of screen317's Security Check version 0.99.31

Windows 7 x86 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Bitdefender Internet Security 2012

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 24

Java version out of date!

Adobe Flash Player 11.1.102.55

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (8.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Bitdefender Bitdefender 2012 vsserv.exe

Bitdefender Bitdefender 2012 updatesrv.exe

Bitdefender Bitdefender 2012 bdagent.exe

Bitdefender Bitdefender 2012 pchooklaunch32.exe

``````````End of Log````````````

Maurice Naggar · February 13, 2012

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.co...ls/stinger.aspx

Close all browsers before starting.

Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Report only

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Re-enable your anti-virus program. Copy & Paste the contents of Stinger.txt into your next reply.

ChinaBob · February 13, 2012

Stinger report

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-

McAfee® Labs Stinger Version 10.2.0.505 built on Feb 10 2012

Virus data file v1000.0000 created on Feb 10 2012.

Ready to scan for 4046 viruses, trojans and variants.

Scan initiated on Sun Feb 12 18:58:30 2012

Rootkit scan result : Infected

Master Boot Record(s):....2

Possibly Infected:.............0

Boot Sector(s):.................3

Possibly Infected: ............0

Number of clean files: 17243

Maurice Naggar · February 13, 2012

Hello Chinabob,

The Stinger utility indiactes the possible presence of a rootkit infection.

Let's have you run these next utilities.

First, disable your anti-virus program How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan. I do not want any fixes at this point. Just a report.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2

Please read carefully and follow these steps.

Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
Download TDSSKiller and save it to your Desktop.
RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
Then press Start Scan

When the scan is done, it will display a summary screen.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and download & Save the exe file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab & then,

on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Step 4

Re-enable your anti-virus.

Copy & Paste into your next reply: contents of aswMBR log, the TDSSKILLER log, & Gmer log

ChinaBob · February 13, 2012

Step 1 - I forgot to check if 'FIX' was enabled. I ran it a second time, and it wasn't - but the second time didn't show the rootkit that this one does ..

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-

Run date: 2012-02-13 07:48:17

-----------------------------

07:48:17.188 OS Version: Windows 6.1.7600

07:48:17.188 Number of processors: 2 586 0x1706

07:48:17.204 ComputerName: KINGSPEACE UserName: BobA

07:48:17.454 Initialize success

07:48:29.600 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

07:48:29.616 Disk 0 Vendor: TOSHIBA_ CJLA Size: 244198MB BusType: 3

07:48:29.616 Disk 0 MBR read successfully

07:48:29.631 Disk 0 MBR scan

07:48:29.631 Disk 0 TDL4@MBR code has been found

07:48:29.631 Disk 0 Windows 7 default MBR code found via API

07:48:29.647 Disk 0 MBR hidden

07:48:29.647 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

07:48:29.647 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 56095 MB offset 206848

07:48:29.662 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 188002 MB offset 115089408

07:48:29.662 Disk 0 MBR [TDL4] **ROOTKIT**

07:48:29.678 Scan finished successfully

07:49:06.681 Disk 0 MBR has been saved successfully to "E:\MBR.dat"

07:49:06.728 The log file has been saved successfully to "E:\aswMBR_120213.txt"

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-

Step 2 - a reboot was required

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-

07:49:34.0287 2764 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52

07:49:34.0333 2764 ============================================================

07:49:34.0333 2764 Current date / time: 2012/02/13 07:49:34.0333

07:49:34.0333 2764 SystemInfo:

07:49:34.0333 2764

07:49:34.0333 2764 OS Version: 6.1.7600 ServicePack: 0.0

07:49:34.0333 2764 Product type: Workstation

07:49:34.0333 2764 ComputerName: KINGSPEACE

07:49:34.0333 2764 UserName: BobA

07:49:34.0333 2764 Windows directory: C:\Windows

07:49:34.0333 2764 System windows directory: C:\Windows

07:49:34.0333 2764 Processor architecture: Intel x86

07:49:34.0333 2764 Number of processors: 2

07:49:34.0333 2764 Page size: 0x1000

07:49:34.0333 2764 Boot type: Normal boot

07:49:34.0333 2764 ============================================================

07:49:34.0708 2764 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x8134, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

07:49:34.0723 2764 Drive \Device\Harddisk1\DR2 - Size: 0x1ED8C000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

07:49:34.0723 2764 \Device\Harddisk0\DR0:

07:49:34.0723 2764 MBR used

07:49:34.0723 2764 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

07:49:34.0723 2764 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6D8F800

07:49:34.0723 2764 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6DC2000, BlocksNum 0x16F31000

07:49:34.0723 2764 \Device\Harddisk1\DR2:

07:49:34.0723 2764 MBR used

07:49:34.0723 2764 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0xF327F

07:49:34.0723 2764 Initialize success

07:49:34.0723 2764 ============================================================

07:50:14.0145 4932 ============================================================

07:50:14.0145 4932 Scan started

07:50:14.0145 4932 Mode: Manual; SigCheck; TDLFS;

07:50:14.0145 4932 ============================================================

07:50:14.0332 4932 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

07:50:14.0425 4932 1394ohci - ok

07:50:14.0441 4932 5U875UVC (42b72495b6d3390ec54850d8036a7d7c) C:\Windows\system32\DRIVERS\RCUVCMNP.sys

07:50:14.0472 4932 5U875UVC - ok

07:50:14.0488 4932 ACPI (c69d550c6b3f8f32913e7e5200de8dd9) C:\Windows\system32\DRIVERS\ACPI.sys

07:50:14.0519 4932 ACPI - ok

07:50:14.0535 4932 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

07:50:14.0566 4932 AcpiPmi - ok

07:50:14.0597 4932 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

07:50:14.0613 4932 adp94xx - ok

07:50:14.0644 4932 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

07:50:14.0675 4932 adpahci - ok

07:50:14.0691 4932 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

07:50:14.0722 4932 adpu320 - ok

07:50:14.0737 4932 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

07:50:14.0769 4932 AFD - ok

07:50:14.0784 4932 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

07:50:14.0815 4932 agp440 - ok

07:50:14.0831 4932 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

07:50:14.0847 4932 aic78xx - ok

07:50:14.0878 4932 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

07:50:14.0893 4932 aliide - ok

07:50:14.0909 4932 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

07:50:14.0925 4932 amdagp - ok

07:50:14.0956 4932 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

07:50:14.0971 4932 amdide - ok

07:50:14.0987 4932 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

07:50:15.0018 4932 AmdK8 - ok

07:50:15.0034 4932 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

07:50:15.0049 4932 AmdPPM - ok

07:50:15.0065 4932 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

07:50:15.0096 4932 amdsata - ok

07:50:15.0112 4932 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

07:50:15.0143 4932 amdsbs - ok

07:50:15.0159 4932 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

07:50:15.0174 4932 amdxata - ok

07:50:15.0190 4932 ApfiltrService (baaa6516aec2622b8fba6165ff5d68c2) C:\Windows\system32\DRIVERS\Apfiltr.sys

07:50:15.0283 4932 ApfiltrService - ok

07:50:15.0299 4932 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

07:50:15.0330 4932 AppID - ok

07:50:15.0361 4932 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

07:50:15.0377 4932 arc - ok

07:50:15.0408 4932 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

07:50:15.0424 4932 arcsas - ok

07:50:15.0439 4932 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

07:50:15.0502 4932 AsyncMac - ok

07:50:15.0517 4932 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

07:50:15.0533 4932 atapi - ok

07:50:15.0564 4932 avc3 (ef5c6f2ed544e6ca09c04de97ade23bb) C:\Windows\system32\DRIVERS\avc3.sys

07:50:15.0611 4932 avc3 - ok

07:50:15.0627 4932 avchv (e830674bbba9ed0ae0ed3cab10e25a9e) C:\Windows\system32\DRIVERS\avchv.sys

07:50:15.0658 4932 avchv - ok

07:50:15.0689 4932 avckf (80977a71cc84353f9fe163f6104df296) C:\Windows\system32\DRIVERS\avckf.sys

07:50:15.0720 4932 avckf - ok

07:50:15.0751 4932 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

07:50:15.0783 4932 b06bdrv - ok

07:50:15.0798 4932 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

07:50:15.0829 4932 b57nd60x - ok

07:50:15.0845 4932 BdfNdisf (5506176f2b8322db04f802a4403436ad) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys

07:50:15.0861 4932 BdfNdisf - ok

07:50:15.0892 4932 bdfsfltr (c3e025d46368e3d18085eef26ef6f6a1) C:\Windows\system32\DRIVERS\bdfsfltr.sys

07:50:15.0923 4932 bdfsfltr - ok

07:50:15.0939 4932 bdfwfpf (cbe0d7633ac3cac98f15619a299b34d9) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys

07:50:15.0970 4932 bdfwfpf - ok

07:50:16.0001 4932 bdsandbox (08e79e1e260e223f3602292cfc73213b) C:\Windows\system32\drivers\bdsandbox.sys

07:50:16.0032 4932 bdsandbox - ok

07:50:16.0032 4932 bdselfpr (0cc5c8c4d3cf1d7a4e8d54d4969d6661) C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys

07:50:16.0063 4932 bdselfpr - ok

07:50:16.0079 4932 BDVEDISK (375cd0b9f433465ec6f50d4df44e9448) C:\Windows\system32\DRIVERS\bdvedisk.sys

07:50:16.0110 4932 BDVEDISK - ok

07:50:16.0126 4932 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

07:50:16.0173 4932 Beep - ok

07:50:16.0188 4932 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

07:50:16.0219 4932 blbdrive - ok

07:50:16.0235 4932 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

07:50:16.0266 4932 bowser - ok

07:50:16.0282 4932 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

07:50:16.0313 4932 BrFiltLo - ok

07:50:16.0329 4932 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

07:50:16.0360 4932 BrFiltUp - ok

07:50:16.0375 4932 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

07:50:16.0407 4932 Brserid - ok

07:50:16.0422 4932 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

07:50:16.0453 4932 BrSerWdm - ok

07:50:16.0469 4932 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

07:50:16.0500 4932 BrUsbMdm - ok

07:50:16.0516 4932 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

07:50:16.0531 4932 BrUsbSer - ok

07:50:16.0563 4932 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

07:50:16.0578 4932 BTHMODEM - ok

07:50:16.0609 4932 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

07:50:16.0656 4932 cdfs - ok

07:50:16.0672 4932 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

07:50:16.0703 4932 cdrom - ok

07:50:16.0719 4932 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

07:50:16.0750 4932 circlass - ok

07:50:16.0765 4932 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

07:50:16.0781 4932 CLFS - ok

07:50:16.0812 4932 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

07:50:16.0843 4932 CmBatt - ok

07:50:16.0859 4932 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

07:50:16.0875 4932 cmdide - ok

07:50:16.0906 4932 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys

07:50:16.0937 4932 CNG - ok

07:50:16.0953 4932 CnxtHdAudService (726803d911045d283509d3cdd91d8e52) C:\Windows\system32\drivers\CHDRT32.sys

07:50:16.0984 4932 CnxtHdAudService - ok

07:50:16.0999 4932 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

07:50:17.0031 4932 Compbatt - ok

07:50:17.0046 4932 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

07:50:17.0062 4932 CompositeBus - ok

07:50:17.0093 4932 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

07:50:17.0109 4932 crcdisk - ok

07:50:17.0140 4932 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

07:50:17.0171 4932 CSC - ok

07:50:17.0202 4932 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

07:50:17.0233 4932 DfsC - ok

07:50:17.0249 4932 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

07:50:17.0296 4932 discache - ok

07:50:17.0311 4932 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

07:50:17.0327 4932 Disk - ok

07:50:17.0358 4932 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys

07:50:17.0374 4932 DozeHDD - ok

07:50:17.0405 4932 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

07:50:17.0436 4932 drmkaud - ok

07:50:17.0452 4932 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

07:50:17.0483 4932 DXGKrnl - ok

07:50:17.0514 4932 e1yexpress (8eef52ad831471e323ee7364a8656d35) C:\Windows\system32\DRIVERS\e1y6032.sys

07:50:17.0530 4932 e1yexpress - ok

07:50:17.0608 4932 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

07:50:17.0670 4932 ebdrv - ok

07:50:17.0717 4932 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

07:50:17.0748 4932 elxstor - ok

07:50:17.0764 4932 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

07:50:17.0779 4932 ErrDev - ok

07:50:17.0811 4932 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

07:50:17.0857 4932 exfat - ok

07:50:17.0873 4932 F-Secure Standalone Minifilter - ok

07:50:17.0889 4932 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

07:50:17.0935 4932 fastfat - ok

07:50:17.0951 4932 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

07:50:17.0982 4932 fdc - ok

07:50:18.0013 4932 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

07:50:18.0029 4932 FileInfo - ok

07:50:18.0045 4932 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

07:50:18.0091 4932 Filetrace - ok

07:50:18.0107 4932 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

07:50:18.0123 4932 flpydisk - ok

07:50:18.0154 4932 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

07:50:18.0169 4932 FltMgr - ok

07:50:18.0201 4932 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

07:50:18.0216 4932 FsDepends - ok

07:50:18.0232 4932 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

07:50:18.0263 4932 Fs_Rec - ok

07:50:18.0279 4932 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

07:50:18.0294 4932 fvevol - ok

07:50:18.0325 4932 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

07:50:18.0341 4932 gagp30kx - ok

07:50:18.0372 4932 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

07:50:18.0388 4932 hcw85cir - ok

07:50:18.0419 4932 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

07:50:18.0450 4932 HdAudAddService - ok

07:50:18.0466 4932 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

07:50:18.0497 4932 HDAudBus - ok

07:50:18.0513 4932 HECI (30d57ee84e1e169d41a6e873b549a096) C:\Windows\system32\DRIVERS\HECI.sys

07:50:18.0528 4932 HECI - ok

07:50:18.0544 4932 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

07:50:18.0606 4932 HidBatt - ok

07:50:18.0622 4932 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

07:50:18.0653 4932 HidBth - ok

07:50:18.0669 4932 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

07:50:18.0684 4932 HidIr - ok

07:50:18.0715 4932 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

07:50:18.0731 4932 HidUsb - ok

07:50:18.0762 4932 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

07:50:18.0778 4932 HpSAMD - ok

07:50:18.0809 4932 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

07:50:18.0856 4932 HTTP - ok

07:50:18.0871 4932 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

07:50:18.0887 4932 hwpolicy - ok

07:50:18.0918 4932 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

07:50:18.0934 4932 i8042prt - ok

07:50:18.0965 4932 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys

07:50:18.0996 4932 iaStor - ok

07:50:19.0027 4932 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

07:50:19.0043 4932 iaStorV - ok

07:50:19.0074 4932 IBMPMDRV (2d46bfa8fbcdc2998b827154724bd173) C:\Windows\system32\DRIVERS\ibmpmdrv.sys

07:50:19.0090 4932 IBMPMDRV - ok

07:50:19.0246 4932 igfx (c5589781f75de0bfb26e221649c80d00) C:\Windows\system32\DRIVERS\igdkmd32.sys

07:50:19.0464 4932 igfx - ok

07:50:19.0480 4932 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

07:50:19.0511 4932 iirsp - ok

07:50:19.0527 4932 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

07:50:19.0542 4932 intelide - ok

07:50:19.0573 4932 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

07:50:19.0589 4932 intelppm - ok

07:50:19.0605 4932 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

07:50:19.0651 4932 IpFilterDriver - ok

07:50:19.0667 4932 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

07:50:19.0698 4932 IPMIDRV - ok

07:50:19.0714 4932 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

07:50:19.0761 4932 IPNAT - ok

07:50:19.0776 4932 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

07:50:19.0807 4932 IRENUM - ok

07:50:19.0823 4932 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

07:50:19.0839 4932 isapnp - ok

07:50:19.0870 4932 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

07:50:19.0885 4932 iScsiPrt - ok

07:50:19.0901 4932 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

07:50:19.0917 4932 kbdclass - ok

07:50:19.0948 4932 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

07:50:19.0963 4932 kbdhid - ok

07:50:19.0995 4932 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys

07:50:20.0010 4932 KSecDD - ok

07:50:20.0026 4932 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys

07:50:20.0041 4932 KSecPkg - ok

07:50:20.0088 4932 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys

07:50:20.0104 4932 lenovo.smi - ok

07:50:20.0135 4932 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

07:50:20.0182 4932 lltdio - ok

07:50:20.0213 4932 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

07:50:20.0244 4932 LSI_FC - ok

07:50:20.0260 4932 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

07:50:20.0275 4932 LSI_SAS - ok

07:50:20.0291 4932 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

07:50:20.0322 4932 LSI_SAS2 - ok

07:50:20.0338 4932 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

07:50:20.0353 4932 LSI_SCSI - ok

07:50:20.0369 4932 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

07:50:20.0416 4932 luafv - ok

07:50:20.0447 4932 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys

07:50:20.0463 4932 MBAMSwissArmy - ok

07:50:20.0494 4932 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

07:50:20.0509 4932 megasas - ok

07:50:20.0541 4932 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

07:50:20.0556 4932 MegaSR - ok

07:50:20.0572 4932 mfehidk - ok

07:50:20.0603 4932 mferkdet - ok

07:50:20.0634 4932 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

07:50:20.0665 4932 Modem - ok

07:50:20.0681 4932 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

07:50:20.0712 4932 monitor - ok

07:50:20.0728 4932 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

07:50:20.0743 4932 mouclass - ok

07:50:20.0775 4932 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

07:50:20.0790 4932 mouhid - ok

07:50:20.0806 4932 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

07:50:20.0837 4932 mountmgr - ok

07:50:20.0853 4932 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

07:50:20.0868 4932 mpio - ok

07:50:20.0899 4932 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

07:50:20.0946 4932 mpsdrv - ok

07:50:20.0977 4932 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

07:50:21.0009 4932 MRxDAV - ok

07:50:21.0024 4932 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

07:50:21.0040 4932 mrxsmb - ok

07:50:21.0071 4932 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

07:50:21.0087 4932 mrxsmb10 - ok

07:50:21.0118 4932 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

07:50:21.0133 4932 mrxsmb20 - ok

07:50:21.0149 4932 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

07:50:21.0180 4932 msahci - ok

07:50:21.0196 4932 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

07:50:21.0211 4932 msdsm - ok

07:50:21.0243 4932 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

07:50:21.0289 4932 Msfs - ok

07:50:21.0305 4932 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

07:50:21.0352 4932 mshidkmdf - ok

07:50:21.0367 4932 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

07:50:21.0383 4932 msisadrv - ok

07:50:21.0414 4932 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

07:50:21.0461 4932 MSKSSRV - ok

07:50:21.0477 4932 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

07:50:21.0523 4932 MSPCLOCK - ok

07:50:21.0539 4932 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

07:50:21.0586 4932 MSPQM - ok

07:50:21.0601 4932 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

07:50:21.0617 4932 MsRPC - ok

07:50:21.0648 4932 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

07:50:21.0664 4932 mssmbios - ok

07:50:21.0679 4932 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

07:50:21.0726 4932 MSTEE - ok

07:50:21.0742 4932 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

07:50:21.0757 4932 MTConfig - ok

07:50:21.0789 4932 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

07:50:21.0804 4932 Mup - ok

07:50:21.0835 4932 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

07:50:21.0867 4932 NativeWifiP - ok

07:50:21.0882 4932 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

07:50:21.0929 4932 NDIS - ok

07:50:21.0945 4932 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

07:50:21.0991 4932 NdisCap - ok

07:50:22.0007 4932 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

07:50:22.0038 4932 NdisTapi - ok

07:50:22.0069 4932 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

07:50:22.0101 4932 Ndisuio - ok

07:50:22.0132 4932 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

07:50:22.0163 4932 NdisWan - ok

07:50:22.0194 4932 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

07:50:22.0225 4932 NDProxy - ok

07:50:22.0257 4932 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

07:50:22.0288 4932 NetBIOS - ok

07:50:22.0319 4932 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

07:50:22.0366 4932 NetBT - ok

07:50:22.0444 4932 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys

07:50:22.0537 4932 netw5v32 - ok

07:50:22.0647 4932 NETwNs32 (83553135ad346d247c482f1b8aca921f) C:\Windows\system32\DRIVERS\NETwNs32.sys

07:50:22.0771 4932 NETwNs32 - ok

07:50:22.0803 4932 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

07:50:22.0818 4932 nfrd960 - ok

07:50:22.0834 4932 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

07:50:22.0881 4932 Npfs - ok

07:50:22.0896 4932 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

07:50:22.0943 4932 nsiproxy - ok

07:50:22.0959 4932 NSNDIS5 - ok

07:50:23.0005 4932 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

07:50:23.0052 4932 Ntfs - ok

07:50:23.0068 4932 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

07:50:23.0115 4932 Null - ok

07:50:23.0130 4932 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

07:50:23.0161 4932 nvraid - ok

07:50:23.0177 4932 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

07:50:23.0193 4932 nvstor - ok

07:50:23.0224 4932 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

07:50:23.0239 4932 nv_agp - ok

07:50:23.0255 4932 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

07:50:23.0286 4932 ohci1394 - ok

07:50:23.0317 4932 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

07:50:23.0333 4932 Parport - ok

07:50:23.0349 4932 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

07:50:23.0380 4932 partmgr - ok

07:50:23.0395 4932 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

07:50:23.0411 4932 Parvdm - ok

07:50:23.0427 4932 PCDSRVC{3037D694-FD904ACA-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\pc-doctor\pcdsrvc.pkms

07:50:23.0458 4932 PCDSRVC{3037D694-FD904ACA-06020101}_0 - ok

07:50:23.0473 4932 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

07:50:23.0505 4932 pci - ok

07:50:23.0520 4932 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

07:50:23.0536 4932 pciide - ok

07:50:23.0551 4932 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

07:50:23.0583 4932 pcmcia - ok

07:50:23.0598 4932 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

07:50:23.0614 4932 pcw - ok

07:50:23.0645 4932 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

07:50:23.0707 4932 PEAUTH - ok

07:50:23.0754 4932 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

07:50:23.0801 4932 PptpMiniport - ok

07:50:23.0832 4932 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

07:50:23.0848 4932 Processor - ok

07:50:23.0879 4932 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows\system32\DRIVERS\psadd.sys

07:50:23.0895 4932 psadd - ok

07:50:23.0910 4932 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

07:50:23.0957 4932 Psched - ok

07:50:23.0988 4932 pssnap (ac7bd82678401a89cc80359806c80364) C:\Windows\system32\DRIVERS\pssnap.sys

07:50:24.0019 4932 pssnap - ok

07:50:24.0051 4932 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

07:50:24.0097 4932 ql2300 - ok

07:50:24.0113 4932 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

07:50:24.0144 4932 ql40xx - ok

07:50:24.0160 4932 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

07:50:24.0191 4932 QWAVEdrv - ok

07:50:24.0207 4932 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

07:50:24.0253 4932 RasAcd - ok

07:50:24.0269 4932 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

07:50:24.0300 4932 RasAgileVpn - ok

07:50:24.0331 4932 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

07:50:24.0378 4932 Rasl2tp - ok

07:50:24.0394 4932 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

07:50:24.0441 4932 RasPppoe - ok

07:50:24.0456 4932 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

07:50:24.0503 4932 RasSstp - ok

07:50:24.0519 4932 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

07:50:24.0565 4932 rdbss - ok

07:50:24.0581 4932 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

07:50:24.0612 4932 rdpbus - ok

07:50:24.0628 4932 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

07:50:24.0675 4932 RDPCDD - ok

07:50:24.0690 4932 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

07:50:24.0721 4932 RDPDR - ok

07:50:24.0737 4932 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

07:50:24.0784 4932 RDPENCDD - ok

07:50:24.0799 4932 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

07:50:24.0846 4932 RDPREFMP - ok

07:50:24.0862 4932 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

07:50:24.0909 4932 RDPWD - ok

07:50:24.0940 4932 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

07:50:24.0955 4932 rdyboost - ok

07:50:25.0002 4932 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

07:50:25.0049 4932 rspndr - ok

07:50:25.0065 4932 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

07:50:25.0096 4932 s3cap - ok

07:50:25.0111 4932 SASDIFSV - ok

07:50:25.0111 4932 SASKUTIL - ok

07:50:25.0143 4932 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

07:50:25.0158 4932 sbp2port - ok

07:50:25.0189 4932 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

07:50:25.0221 4932 scfilter - ok

07:50:25.0252 4932 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

07:50:25.0299 4932 secdrv - ok

07:50:25.0330 4932 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

07:50:25.0361 4932 Serenum - ok

07:50:25.0377 4932 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

07:50:25.0408 4932 Serial - ok

07:50:25.0423 4932 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

07:50:25.0439 4932 sermouse - ok

07:50:25.0470 4932 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

07:50:25.0501 4932 sffdisk - ok

07:50:25.0517 4932 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

07:50:25.0548 4932 sffp_mmc - ok

07:50:25.0564 4932 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

07:50:25.0595 4932 sffp_sd - ok

07:50:25.0611 4932 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

07:50:25.0626 4932 sfloppy - ok

07:50:25.0657 4932 Shockprf (bc31655a03d9e9ed6f7116bafb9b38c7) C:\Windows\system32\DRIVERS\Apsx86.sys

07:50:25.0689 4932 Shockprf - ok

07:50:25.0704 4932 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

07:50:25.0720 4932 sisagp - ok

07:50:25.0751 4932 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

07:50:25.0767 4932 SiSRaid2 - ok

07:50:25.0782 4932 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

07:50:25.0798 4932 SiSRaid4 - ok

07:50:25.0829 4932 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

07:50:25.0876 4932 Smb - ok

07:50:25.0907 4932 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

07:50:25.0923 4932 spldr - ok

07:50:25.0954 4932 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

07:50:25.0985 4932 srv - ok

07:50:26.0016 4932 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

07:50:26.0032 4932 srv2 - ok

07:50:26.0063 4932 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

07:50:26.0079 4932 srvnet - ok

07:50:26.0110 4932 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

07:50:26.0125 4932 stexstor - ok

07:50:26.0157 4932 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

07:50:26.0172 4932 storflt - ok

07:50:26.0203 4932 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

07:50:26.0219 4932 storvsc - ok

07:50:26.0235 4932 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

07:50:26.0266 4932 swenum - ok

07:50:26.0297 4932 tap0801 (846b7c0e3f6370cdcce157a5b36e70cd) C:\Windows\system32\DRIVERS\tap0801.sys

07:50:26.0297 4932 tap0801 ( UnsignedFile.Multi.Generic ) - warning

07:50:26.0297 4932 tap0801 - detected UnsignedFile.Multi.Generic (1)

07:50:26.0328 4932 tap0901 (98a1e6bc9f766b0b0a5bf00af847ef20) C:\Windows\system32\DRIVERS\tap0901.sys

07:50:26.0359 4932 tap0901 - ok

07:50:26.0391 4932 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys

07:50:26.0437 4932 Tcpip - ok

07:50:26.0484 4932 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys

07:50:26.0531 4932 TCPIP6 - ok

07:50:26.0547 4932 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

07:50:26.0593 4932 tcpipreg - ok

07:50:26.0609 4932 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

07:50:26.0656 4932 TDPIPE - ok

07:50:26.0671 4932 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

07:50:26.0718 4932 TDTCP - ok

07:50:26.0734 4932 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

07:50:26.0749 4932 TermDD - ok

07:50:26.0781 4932 TPDIGIMN (c5dc9e462407b274b504de2aa3220c2e) C:\Windows\system32\DRIVERS\ApsHM86.sys

07:50:26.0812 4932 TPDIGIMN - ok

07:50:26.0843 4932 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys

07:50:26.0859 4932 TPM - ok

07:50:26.0890 4932 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys

07:50:26.0905 4932 TPPWRIF - ok

07:50:26.0937 4932 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys

07:50:26.0968 4932 truecrypt - ok

07:50:26.0999 4932 trufos (f291c218b4a2a14409d6bb3c973623ad) C:\Windows\system32\DRIVERS\trufos.sys

07:50:27.0030 4932 trufos - ok

07:50:27.0061 4932 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

07:50:27.0108 4932 tssecsrv - ok

07:50:27.0124 4932 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

07:50:27.0171 4932 tunnel - ok

07:50:27.0186 4932 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

07:50:27.0217 4932 uagp35 - ok

07:50:27.0233 4932 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

07:50:27.0280 4932 udfs - ok

07:50:27.0311 4932 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

07:50:27.0342 4932 uliagpkx - ok

07:50:27.0358 4932 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

07:50:27.0373 4932 umbus - ok

07:50:27.0405 4932 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

07:50:27.0420 4932 UmPass - ok

07:50:27.0467 4932 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys

07:50:27.0483 4932 usbaudio - ok

07:50:27.0514 4932 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys

07:50:27.0529 4932 usbccgp - ok

07:50:27.0561 4932 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

07:50:27.0576 4932 usbcir - ok

07:50:27.0607 4932 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys

07:50:27.0623 4932 usbehci - ok

07:50:27.0654 4932 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

07:50:27.0670 4932 usbhub - ok

07:50:27.0701 4932 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys

07:50:27.0717 4932 usbohci - ok

07:50:27.0732 4932 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

07:50:27.0763 4932 usbprint - ok

07:50:27.0779 4932 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

07:50:27.0810 4932 USBSTOR - ok

07:50:27.0826 4932 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys

07:50:27.0841 4932 usbuhci - ok

07:50:27.0873 4932 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

07:50:27.0888 4932 usbvideo - ok

07:50:27.0919 4932 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

07:50:27.0935 4932 vdrvroot - ok

07:50:27.0966 4932 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

07:50:27.0982 4932 vga - ok

07:50:28.0013 4932 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

07:50:28.0044 4932 VgaSave - ok

07:50:28.0075 4932 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

07:50:28.0107 4932 vhdmp - ok

07:50:28.0122 4932 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

07:50:28.0138 4932 viaagp - ok

07:50:28.0153 4932 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

07:50:28.0185 4932 ViaC7 - ok

07:50:28.0200 4932 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

07:50:28.0231 4932 viaide - ok

07:50:28.0247 4932 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

07:50:28.0263 4932 vmbus - ok

07:50:28.0294 4932 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

07:50:28.0309 4932 VMBusHID - ok

07:50:28.0325 4932 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

07:50:28.0356 4932 volmgr - ok

07:50:28.0372 4932 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

07:50:28.0403 4932 volmgrx - ok

07:50:28.0419 4932 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

07:50:28.0450 4932 volsnap - ok

07:50:28.0481 4932 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

07:50:28.0497 4932 vsmraid - ok

07:50:28.0528 4932 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

07:50:28.0543 4932 vwifibus - ok

07:50:28.0575 4932 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

07:50:28.0590 4932 vwififlt - ok

07:50:28.0621 4932 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

07:50:28.0637 4932 vwifimp - ok

07:50:28.0668 4932 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

07:50:28.0699 4932 WacomPen - ok

07:50:28.0715 4932 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

07:50:28.0762 4932 WANARP - ok

07:50:28.0762 4932 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

07:50:28.0809 4932 Wanarpv6 - ok

07:50:28.0855 4932 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

07:50:28.0871 4932 Wd - ok

07:50:28.0902 4932 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

07:50:28.0933 4932 Wdf01000 - ok

07:50:28.0980 4932 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

07:50:29.0027 4932 WfpLwf - ok

07:50:29.0043 4932 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

07:50:29.0058 4932 WIMMount - ok

07:50:29.0105 4932 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys

07:50:29.0121 4932 WinUsb - ok

07:50:29.0152 4932 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

07:50:29.0183 4932 WmiAcpi - ok

07:50:29.0214 4932 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

07:50:29.0261 4932 ws2ifsl - ok

07:50:29.0308 4932 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

07:50:29.0339 4932 WudfPf - ok

07:50:29.0370 4932 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

07:50:29.0417 4932 WUDFRd - ok

07:50:29.0448 4932 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

07:50:29.0448 4932 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

07:50:29.0448 4932 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

07:50:29.0464 4932 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

07:50:29.0464 4932 \Device\Harddisk0\DR0 - detected TDSS File System (1)

07:50:29.0479 4932 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk1\DR2

07:50:29.0573 4932 \Device\Harddisk1\DR2 - ok

07:50:29.0589 4932 Boot (0x1200) (cf76d8e780b63e14adf493eac923b011) \Device\Harddisk0\DR0\Partition0

07:50:29.0589 4932 \Device\Harddisk0\DR0\Partition0 - ok

07:50:29.0589 4932 Boot (0x1200) (b239f3e005c234e62d1b1ec61767b79c) \Device\Harddisk0\DR0\Partition1

07:50:29.0589 4932 \Device\Harddisk0\DR0\Partition1 - ok

07:50:29.0604 4932 Boot (0x1200) (09b508e407449e261182b4acc612da5b) \Device\Harddisk0\DR0\Partition2

07:50:29.0604 4932 \Device\Harddisk0\DR0\Partition2 - ok

07:50:29.0604 4932 Boot (0x1200) (1f201fd0be018fa3bcc36879b1d92af6) \Device\Harddisk1\DR2\Partition0

07:50:29.0604 4932 \Device\Harddisk1\DR2\Partition0 - ok

07:50:29.0604 4932 ============================================================

07:50:29.0604 4932 Scan finished

07:50:29.0604 4932 ============================================================

07:50:29.0620 4208 Detected object count: 3

07:50:29.0620 4208 Actual detected object count: 3

07:51:30.0803 4208 tap0801 ( UnsignedFile.Multi.Generic ) - skipped by user

07:51:30.0803 4208 tap0801 ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:51:30.0834 4208 \Device\Harddisk0\DR0\# - copied to quarantine

07:51:30.0834 4208 \Device\Harddisk0\DR0 - copied to quarantine

07:51:30.0866 4208 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

07:51:30.0866 4208 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

07:51:30.0866 4208 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

07:51:30.0881 4208 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

07:51:30.0881 4208 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

07:51:30.0897 4208 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

07:51:30.0897 4208 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

07:51:30.0897 4208 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

07:51:30.0912 4208 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

07:51:30.0912 4208 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

07:51:30.0912 4208 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

07:51:30.0912 4208 \Device\Harddisk0\DR0 - ok

07:51:30.0928 4208 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

07:51:30.0928 4208 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

07:51:30.0928 4208 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-

Step 3

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-02-13 11:04:53

Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.CJLA

Running: 3rgotx4e.exe; Driver: C:\Users\BobA\AppData\Local\Temp\kgdyiaob.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwAllocateVirtualMemory [0xAD4F6DE8]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwAlpcConnectPort [0xAD4F98B8]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwAlpcSendWaitReceivePort [0xAD4F9414]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwAssignProcessToJobObject [0xAD4F7868]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwClose [0xAD4F9EAE]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwConnectPort [0xAD4F87AE]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateFile [0xAD4F819C]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateKey [0xAD4F8E88]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateProcess [0xAD4F7ABE]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateProcessEx [0xAD4F7B74]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateSection [0xAD4F7D36]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateThread [0xAD4F6758]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwDeviceIoControlFile [0xAD4F8FF8]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwDuplicateObject [0xAD4FCDCC]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwFsControlFile [0xAD4F92B0]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwLoadDriver [0xAD4F725E]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwMakeTemporaryObject [0xAD4F9C86]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwOpenFile [0xAD4F8076]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwOpenProcess [0xAD4FC838]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwOpenSection [0xAD4F7C2E]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwOpenThread [0xAD4FCAD2]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwProtectVirtualMemory [0xAD4F6C6C]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwQueueApcThread [0xAD4F7990]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwReplaceKey [0xAD4F9AD4]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwRequestPort [0xAD4F891C]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwRequestWaitReplyPort [0xAD4F82CC]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwRestoreKey [0xAD4F9B5E]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSecureConnectPort [0xAD4F8D18]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSetContextThread [0xAD4F68C8]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSetSecurityObject [0xAD4F9A2E]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSetSystemInformation [0xAD4F740A]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwShutdownSystem [0xAD4F9BF0]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSuspendProcess [0xAD4F6B44]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSuspendThread [0xAD4F6A1E]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSystemDebugControl [0xAD4F779A]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwTerminateProcess [0xAD4FC730]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwTerminateThread [0xAD4FCFBE]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwUnloadDriver [0xAD4F9D1C]

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwWriteVirtualMemory [0xAD4F65DC]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C6F8A9 1 Byte [06]

.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C8F2F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntoskrnl.exe!KeRemoveQueueEx + 13B3 82C96580 4 Bytes [E8, 6D, 4F, AD]

.text ntoskrnl.exe!KeRemoveQueueEx + 13BF 82C9658C 4 Bytes [b8, 98, 4F, AD]

.text ntoskrnl.exe!KeRemoveQueueEx + 1403 82C965D0 4 Bytes [14, 94, 4F, AD] {ADC AL, 0x94; DEC EDI; LODSD }

.text ntoskrnl.exe!KeRemoveQueueEx + 1413 82C965E0 4 Bytes [68, 78, 4F, AD]

.text ntoskrnl.exe!KeRemoveQueueEx + 142F 82C965FC 4 Bytes [AE, 9E, 4F, AD] {SCASB ; SAHF ; DEC EDI; LODSD }

.text ...

PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AD5FF000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AD5FF123 629 Bytes [A5, 5F, AD, FE, 05, 34, A5, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 5329 AD5FF399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 538F AD5FF3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 543B AD5FF4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]

PAGE ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[3216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[3216] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[3216] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Bitdefender\Bitdefender 2012\pchooklaunch32.exe[3940] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Bitdefender\Bitdefender 2012\pchooklaunch32.exe[3940] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Bitdefender\Bitdefender 2012\pchooklaunch32.exe[3940] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Bitdefender\Bitdefender 2012\pchooklaunch32.exe[3940] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Lenovo\System Update\SUService.exe[4184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Lenovo\System Update\SUService.exe[4184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Lenovo\System Update\SUService.exe[4184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Lenovo\System Update\SUService.exe[4184] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Lenovo\System Update\SUService.exe[4184] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Lenovo\System Update\SUService.exe[4184] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75945E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000059 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB36771$\119973067 0 bytes

File C:\Windows\$NtUninstallKB36771$\857914497 0 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\@ 2048 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\bckfg.tmp 854 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\cfg.ini 230 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\Desktop.ini 4608 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\keywords 86 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\kwrd.dll 223744 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\L 0 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\L\xadqgnnk 74240 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\lsflt7.ver 5176 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\oemid 230 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\U 0 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\U\00000001.@ 2048 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\U\00000002.@ 224768 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\U\00000004.@ 1024 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\U\80000000.@ 11264 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\U\80000004.@ 12800 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\U\80000032.@ 73216 bytes

File C:\Windows\$NtUninstallKB36771$\857914497\version 858 bytes

---- EOF - GMER 1.0.15 ----

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-

ChinaBob · February 13, 2012

How much longer before we will be done? I appreciate all of the help. I still do not have networking .. Thanks.

ChinaBob · February 19, 2012

Just to let you know, you can close this issue out. I dropped back to an older backup - over 5 months ago. Lost a lot of stuff but it's better than waiting weeks for a reply. I appreciate the intents of this forum to help those of us who run into viruses - but this was taking far too long for me. Good luck with future cases not as difficult as mine.

Bob

Chinabob issues

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information