Jump to content

HDD Scan Trojan Keeps Coming Back


Recommended Posts

Hello. Recently my computer was hit with what seems to be HDD scan trojan. I used the instruction on beepingcomputer.com. I safe-started the computer, used Rkill. Then used Malwarebyte which found 5 problems.

Then it prompted for a re-start, which I did. That led to Chkdsk scan which fixed hard drive problems and then when the computer re-booted, I got the umpteen HDD scan errors again!

So I repeated the procedure (I just did the quick scan the second time instead of the full scan I did the first time). Found 2 problems with malwarebyte and then re-started the computer fine, but then again, HDD scan errors!

I can see where all the start files are hidden (in a folder with smtmp in a temp folder), so I think this is a HDD scan trojan. Please help! I am totally confused now and don't know how to remove this problem (I haven't tried using unhide.exe since the trojan seems to be still active).

I tried to use DSS.com to get the logs, but it keeps failing. Pleae help! Thank you.

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps

Security Check

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s


  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTListIt.txt in your next reply.

information and logs:

  • In your next post I need the following
  1. .logs from OTL
  2. let me know of any problems you may have had

Gringo

Link to post
Share on other sites

Thank you VERY much for helping me! I don't understand most of these things, so I am just really baffled and, yes, a little panicked.

After the last scan of MALWAREBYTE, I ran UNHIDE.EXE. When it finished, the screen went black and it hung up. So I used task manager to restart the computer. The computer immediately ran CHKDSK and deleted a bunch of indexes and such (I tried to stop it and it said I can press any key in 8 seconds to stop it, but it did not let me stop).

I tried to safe start, but that hung up, so I turned the power off and re-started again.

When the computer re-booted, I was at first heartened to see all my icons back. But those umpteen error messages returned also and a final error message warning me of hard drive failure and that I should run HDD scan. So I shut the computer down and re-started in safe mode with networking and downloaded SECURITY CHECK and OTL and ran them. By the way, when running the OTL, was I supposed to paste in the Custom Scan box "

%TEMP%\smtmp\*.*/S

" or just "%TEMP%\smtmp\*.*/S"?

I did the first one (with the

boxes).

Here is the checkup.text:

Results of screen317's Security Check version 0.99.42

Windows Vista Service Pack 2 x86

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 23

Java version out of Date!

Adobe Reader 8
Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0 %

````````````````````End of Log``````````````````````

Here is the OTL.txt:

OTL logfile created on: 6/18/2012 12:59:22 AM - Run 1

OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\James\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.31% Memory free

6.19 Gb Paging File | 5.85 Gb Available in Paging File | 94.56% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 450.71 Gb Total Space | 191.73 Gb Free Space | 42.54% Space Free | Partition Type: NTFS

Drive D: | 15.00 Gb Total Space | 4.67 Gb Free Space | 31.12% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: James | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\James\Desktop\OTL.exe (OldTimer Tools)

PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\WinRAR\RarExt.dll ()

========== Win32 Services (SafeList) ==========

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()

SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)

SRV - (QualityManager) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel® Corporation)

SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)

SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)

SRV - (DHTRACE) Intel® -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel® Corporation)

SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel® Corporation)

SRV - (NMSCore) Intel® -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel® Corporation)

SRV - (M1 Server) Intel® Viiv -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()

SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)

SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()

SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (ProtexisLicensing) -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe ()

SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (NPF) -- system32\DRIVERS\npf.sys File not found

DRV - (jkjbwdig) -- System32\drivers\ioyvxene.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found

DRV - (BCMH43XX) -- system32\DRIVERS\bcmwlhigh6.sys File not found

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (LVUVC) Logitech HD Pro Webcam C910(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)

DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV - (ATIAVPCI) -- C:\Windows\System32\drivers\atinavrr.sys (ATI Technologies Inc.)

DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)

DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()

DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.)

DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.)

DRV - (NAL) -- C:\Windows\System32\drivers\iqvw32.sys (Intel Corporation )

DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)

DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
/dell?hl=en&client=dell-usuk&channel=us&ibd=2080222'>
/dell?hl=en&client=dell-usuk&channel=us&ibd=2080222

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =

IE - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =

IE - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

Hosts file not found

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)

O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001..\Run: [bSIPsmLEdWM.exe] C:\ProgramData\bSIPsmLEdWM.exe ()

O4 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O7 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool)

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6}
(WMI Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
(Java Plug-in 1.6.0_23)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
(Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
(Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
(Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.98.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE8A83A-D277-4244-8BC1-841E3B869DDC}: DhcpNameServer = 192.168.98.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77DD7A46-96F8-4842-A392-8061F3893D27}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EA1544D-0BB6-4BD8-99EC-C8187CB47DAD}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{6d9c8eab-e63e-11dc-b4e2-001d0930c71d}\Shell - "" = AutoRun

O33 - MountPoints2\{6d9c8eab-e63e-11dc-b4e2-001d0930c71d}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O33 - MountPoints2\{d5bae755-e0e6-11dc-866c-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{d5bae755-e0e6-11dc-866c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launch.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/18 00:40:59 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe

[2012/06/17 18:36:51 | 000,000,000 | -HSD | C] -- C:\found.000

[2012/06/17 18:36:51 | 000,000,000 | -HSD | C] -- \found.000

[2012/06/17 16:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/17 16:17:03 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/06/17 16:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/06/17 16:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/17 16:01:30 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\James\Desktop\unhide.exe

[2012/06/17 15:59:54 | 010,063,024 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\James\Desktop\mbam-setup.exe

[2012/06/15 15:15:16 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\James\Desktop\TDSSKiller.exe

[2012/06/12 18:29:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/06/12 18:29:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/06/12 18:29:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/06/12 18:28:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/06/12 18:28:56 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/06/12 18:28:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/06/12 18:28:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/06/12 18:09:23 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/05/20 15:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/05/20 15:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/18 00:58:17 | 000,000,680 | ---- | M] () -- C:\Users\James\AppData\Local\d3d9caps.dat

[2012/06/18 00:58:16 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2012/06/18 00:41:52 | 000,608,596 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/06/18 00:41:52 | 000,105,506 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/06/18 00:41:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe

[2012/06/18 00:40:49 | 000,881,475 | ---- | M] () -- C:\Users\James\Desktop\SecurityCheck.exe

[2012/06/18 00:37:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/18 00:35:20 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/18 00:35:20 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/18 00:35:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/06/18 00:29:50 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/17 20:15:58 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\James\Desktop\TDSSKiller.exe

[2012/06/17 16:17:04 | 000,000,926 | ---- | M] () -- C:\Users\James\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/17 16:17:04 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/17 16:01:31 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\James\Desktop\unhide.exe

[2012/06/17 16:00:30 | 010,063,024 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\James\Desktop\mbam-setup.exe

[2012/06/17 15:56:06 | 001,012,656 | ---- | M] () -- C:\Users\James\Desktop\rkill.exe

[2012/06/17 15:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/17 02:51:00 | 000,346,760 | ---- | M] () -- C:\ProgramData\bSIPsmLEdWM.exe

[2012/06/12 18:44:11 | 000,353,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/06/12 17:59:53 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/06/12 17:59:53 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/06/12 00:37:45 | 000,002,401 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/18 00:40:45 | 000,881,475 | ---- | C] () -- C:\Users\James\Desktop\SecurityCheck.exe

[2012/06/18 00:05:15 | 000,002,401 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk

[2012/06/18 00:05:15 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk

[2012/06/18 00:05:15 | 000,002,277 | ---- | C] () -- C:\Users\Public\Desktop\RTR VII Launcher.lnk

[2012/06/18 00:05:15 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Elements Studio.lnk

[2012/06/18 00:05:15 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War Britannia.lnk

[2012/06/18 00:05:15 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War Teutonic.lnk

[2012/06/18 00:05:15 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War Crusades.lnk

[2012/06/18 00:05:15 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War Americas.lnk

[2012/06/18 00:05:15 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\ExRM v3.5.3b.lnk

[2012/06/18 00:05:15 | 000,002,056 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk

[2012/06/18 00:05:15 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Mouse.lnk

[2012/06/18 00:05:15 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\Barbarian Invasion.lnk

[2012/06/18 00:05:15 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Rome - Total War.lnk

[2012/06/18 00:05:15 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk

[2012/06/18 00:05:15 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/06/18 00:05:15 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Corel GuideMenu.lnk

[2012/06/18 00:05:15 | 000,001,699 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk

[2012/06/18 00:05:15 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/06/18 00:05:15 | 000,001,666 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2012/06/18 00:05:15 | 000,001,614 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk

[2012/06/18 00:05:15 | 000,001,537 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk

[2012/06/18 00:05:15 | 000,001,475 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk

[2012/06/18 00:05:15 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk

[2012/06/18 00:05:15 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Product Documentation.lnk

[2012/06/18 00:05:15 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Music, Photos & Videos.lnk

[2012/06/18 00:05:15 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Shutterfly Express Uploader.lnk

[2012/06/18 00:05:15 | 000,000,945 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/06/18 00:05:15 | 000,000,940 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2012/06/18 00:05:15 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X3.lnk

[2012/06/18 00:05:15 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/18 00:05:15 | 000,000,258 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/06/18 00:05:15 | 000,000,240 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/06/17 19:00:45 | 000,000,926 | ---- | C] () -- C:\Users\James\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/17 15:55:51 | 001,012,656 | ---- | C] () -- C:\Users\James\Desktop\rkill.exe

[2012/06/17 02:53:14 | 000,346,760 | ---- | C] () -- C:\ProgramData\bSIPsmLEdWM.exe

[2012/04/11 17:07:56 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2012/01/30 23:23:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll

[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll

[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe

[2011/11/16 21:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

[2011/04/20 02:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

[2011/03/17 18:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2011/03/01 16:17:05 | 000,000,680 | ---- | C] () -- C:\Users\James\AppData\Local\d3d9caps.dat

[2011/02/28 22:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2010/08/05 00:39:18 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0C2B8D26D8.sys

[2010/08/05 00:39:17 | 000,003,766 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== Custom Scans ==========

<
%TEMP%\smtmp\*.* /s

>

Invalid Switch: indent]

< End of report >

Thank you very much again for your help. Last, should I just leave this infected computer on or shut it down?

Link to post
Share on other sites

<p> </p>

<div>It looks like I did the custom scan wrong with OTL, so I removed the

marker and re-ran the OTL and got the following OTL.text:</div>

<div> </div>

<div> </div>

<div>OTL logfile created on: 6/18/2012 1:29:04 AM - Run 2</div>

<div>OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\James\Desktop</div>

<div>Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation</div>

<div>Internet Explorer (Version = 9.0.8112.16421)</div>

<div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div>

<div> </div>

<div>3.00 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 63.08% Memory free</div>

<div>6.19 Gb Paging File | 5.71 Gb Available in Paging File | 92.23% Paging File free</div>

<div>Paging file location(s): ?:\pagefile.sys [binary data]</div>

<div> </div>

<div>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</div>

<div>Drive C: | 450.71 Gb Total Space | 191.73 Gb Free Space | 42.54% Space Free | Partition Type: NTFS</div>

<div>Drive D: | 15.00 Gb Total Space | 4.67 Gb Free Space | 31.12% Space Free | Partition Type: NTFS</div>

<div> </div>

<div>Computer Name: DESKTOP | User Name: James | Logged in as Administrator.</div>

<div>Boot Mode: SafeMode with Networking | Scan Mode: All users</div>

<div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div>

<div> </div>

<div>
========== Processes (SafeList) ==========
</div>

<div> </div>

<div>PRC - C:\Users\James\Desktop\OTL.exe (OldTimer Tools)</div>

<div>PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)</div>

<div>PRC - C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe (Apple Inc.)</div>

<div>PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)</div>

<div>PRC - C:\Windows\explorer.exe (Microsoft Corporation)</div>

<div> </div>

<div> </div>

<div>
========== Modules (No Company Name) ==========
</div>

<div> </div>

<div>MOD - C:\Program Files\Safari\Apple Application Support\zlib1.dll ()</div>

<div>MOD - C:\Program Files\Safari\Apple Application Support\libxml2.dll ()</div>

<div>MOD - C:\Program Files\WinRAR\RarExt.dll ()</div>

<div> </div>

<div> </div>

<div>
========== Win32 Services (SafeList) ==========
</div>

<div> </div>

<div>SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)</div>

<div>SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)</div>

<div>SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)</div>

<div>SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)</div>

<div>SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)</div>

<div>SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)</div>

<div>SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)</div>

<div>SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)</div>

<div>SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)</div>

<div>SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)</div>

<div>SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</div>

<div>SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)</div>

<div>SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()</div>

<div>SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)</div>

<div>SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)</div>

<div>SRV - (QualityManager) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel® Corporation)</div>

<div>SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)</div>

<div>SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)</div>

<div>SRV - (DHTRACE) Intel® -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel® Corporation)</div>

<div>SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel® Corporation)</div>

<div>SRV - (NMSCore) Intel® -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel® Corporation)</div>

<div>SRV - (M1 Server) Intel® Viiv -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()</div>

<div>SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)</div>

<div>SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()</div>

<div>SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)</div>

<div>SRV - (ProtexisLicensing) -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe ()</div>

<div>SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)</div>

<div> </div>

<div> </div>

<div>
========== Driver Services (SafeList) ==========
</div>

<div> </div>

<div>DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found</div>

<div>DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found</div>

<div>DRV - (NPF) -- system32\DRIVERS\npf.sys File not found</div>

<div>DRV - (jkjbwdig) -- System32\drivers\ioyvxene.sys File not found</div>

<div>DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found</div>

<div>DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found</div>

<div>DRV - (BCMH43XX) -- system32\DRIVERS\bcmwlhigh6.sys File not found</div>

<div>DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)</div>

<div>DRV - (LVUVC) Logitech HD Pro Webcam C910(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)</div>

<div>DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)</div>

<div>DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.)</div>

<div>DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)</div>

<div>DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)</div>

<div>DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)</div>

<div>DRV - (ATIAVPCI) -- C:\Windows\System32\drivers\atinavrr.sys (ATI Technologies Inc.)</div>

<div>DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)</div>

<div>DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)</div>

<div>DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)</div>

<div>DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)</div>

<div>DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)</div>

<div>DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()</div>

<div>DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.)</div>

<div>DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.)</div>

<div>DRV - (NAL) -- C:\Windows\System32\drivers\iqvw32.sys (Intel Corporation )</div>

<div>DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)</div>

<div>DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)</div>

<div>DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)</div>

<div>DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)</div>

<div> </div>

<div> </div>

<div>
========== Standard Registry (SafeList) ==========
</div>

<div> </div>

<div> </div>

<div>
========== Internet Explorer ==========
</div>

<div> </div>

<div>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

<div>IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</div>

<div>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =

<div>IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =

<div> </div>

<div> </div>

<div>IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</div>

<div>IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =

<div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div>IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</div>

<div>IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =

<div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div> </div>

<div> </div>

<div>IE - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

<div>IE - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1</div>

<div>IE - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</div>

<div>IE - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =

<div>IE - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =

<div>IE - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div>IE - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local</div>

<div> </div>

<div> </div>

<div>
========== FireFox ==========
</div>

<div> </div>

<div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</div>

<div>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)</div>

<div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)</div>

<div> </div>

<div> </div>

<div> </div>

<div>Hosts file not found</div>

<div>O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)</div>

<div>O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)</div>

<div>O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div>

<div>O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)</div>

<div>O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)</div>

<div>O3 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.</div>

<div>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</div>

<div>O4 - HKLM..\Run: [bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)</div>

<div>O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)</div>

<div>O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)</div>

<div>O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)</div>

<div>O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)</div>

<div>O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)</div>

<div>O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)</div>

<div>O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found</div>

<div>O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)</div>

<div>O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)</div>

<div>O4 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001..\Run: [bSIPsmLEdWM.exe] C:\ProgramData\bSIPsmLEdWM.exe ()</div>

<div>O4 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)</div>

<div>O7 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div>

<div>O7 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2</div>

<div>O7 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1</div>

<div>O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()</div>

<div>O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()</div>

<div>O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div>

<div>O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div>

<div>O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()</div>

<div>O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()</div>

<div>O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</div>

<div>O13 - gopher Prefix: missing</div>

<div>O15 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)</div>

<div>O15 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\..Trusted Domains: turbotax.com ([]https in Trusted sites)</div>

<div>O15 - HKU\S-1-5-21-3248508387-1688139464-2563787494-1001\..Trusted Ranges: GD ([http] in Local intranet)</div>

<div>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool)</div>

<div>O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6}
(WMI Class)</div>

<div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
(Java Plug-in 1.6.0_23)</div>

<div>O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
(Reg Error: Key error.)</div>

<div>O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
(Java Plug-in 1.6.0_23)</div>

<div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
(Java Plug-in 1.6.0_23)</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.98.1</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE8A83A-D277-4244-8BC1-841E3B869DDC}: DhcpNameServer = 192.168.98.1</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77DD7A46-96F8-4842-A392-8061F3893D27}: DhcpNameServer = 192.168.1.1</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EA1544D-0BB6-4BD8-99EC-C8187CB47DAD}: DhcpNameServer = 192.168.1.1</div>

<div>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)</div>

<div>O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div>

<div>O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)</div>

<div>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</div>

<div>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</div>

<div>O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg</div>

<div>O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg</div>

<div>O32 - HKLM CDRom: AutoRun - 1</div>

<div>O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</div>

<div>O33 - MountPoints2\{6d9c8eab-e63e-11dc-b4e2-001d0930c71d}\Shell - "" = AutoRun</div>

<div>O33 - MountPoints2\{6d9c8eab-e63e-11dc-b4e2-001d0930c71d}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a</div>

<div>O33 - MountPoints2\{d5bae755-e0e6-11dc-866c-806e6f6e6963}\Shell - "" = AutoRun</div>

<div>O33 - MountPoints2\{d5bae755-e0e6-11dc-866c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launch.exe</div>

<div>O34 - HKLM BootExecute: (autocheck autochk *)</div>

<div>O35 - HKLM\..comfile [open] -- "%1" %*</div>

<div>O35 - HKLM\..exefile [open] -- "%1" %*</div>

<div>O37 - HKLM\...com [@ = comfile] -- "%1" %*</div>

<div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div>

<div> </div>

<div>
========== Files/Folders - Created Within 30 Days ==========
</div>

<div> </div>

<div>[2012/06/18 00:40:59 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe</div>

<div>[2012/06/17 18:36:51 | 000,000,000 | -HSD | C] -- C:\found.000</div>

<div>[2012/06/17 18:36:51 | 000,000,000 | -HSD | C] -- \found.000</div>

<div>[2012/06/17 16:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware</div>

<div>[2012/06/17 16:17:03 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys</div>

<div>[2012/06/17 16:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware</div>

<div>[2012/06/17 16:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes</div>

<div>[2012/06/17 16:01:30 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\James\Desktop\unhide.exe</div>

<div>[2012/06/17 15:59:54 | 010,063,024 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\James\Desktop\mbam-setup.exe</div>

<div>[2012/06/15 15:15:16 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\James\Desktop\TDSSKiller.exe</div>

<div>[2012/06/12 18:29:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb</div>

<div>[2012/06/12 18:29:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll</div>

<div>[2012/06/12 18:29:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe</div>

<div>[2012/06/12 18:28:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll</div>

<div>[2012/06/12 18:28:56 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll</div>

<div>[2012/06/12 18:28:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll</div>

<div>[2012/06/12 18:28:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl</div>

<div>[2012/06/12 18:09:23 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys</div>

<div>[2012/05/20 15:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime</div>

<div>[2012/05/20 15:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime</div>

<div>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</div>

<div> </div>

<div>
========== Files - Modified Within 30 Days ==========
</div>

<div> </div>

<div>[2012/06/18 01:28:03 | 000,000,680 | ---- | M] () -- C:\Users\James\AppData\Local\d3d9caps.dat</div>

<div>[2012/06/18 01:28:02 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk</div>

<div>[2012/06/18 00:41:52 | 000,608,596 | ---- | M] () -- C:\Windows\System32\perfh009.dat</div>

<div>[2012/06/18 00:41:52 | 000,105,506 | ---- | M] () -- C:\Windows\System32\perfc009.dat</div>

<div>[2012/06/18 00:41:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe</div>

<div>[2012/06/18 00:40:49 | 000,881,475 | ---- | M] () -- C:\Users\James\Desktop\SecurityCheck.exe</div>

<div>[2012/06/18 00:37:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</div>

<div>[2012/06/18 00:35:20 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0</div>

<div>[2012/06/18 00:35:20 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0</div>

<div>[2012/06/18 00:35:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat</div>

<div>[2012/06/18 00:29:50 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</div>

<div>[2012/06/17 20:15:58 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\James\Desktop\TDSSKiller.exe</div>

<div>[2012/06/17 16:17:04 | 000,000,926 | ---- | M] () -- C:\Users\James\Desktop\Malwarebytes Anti-Malware.lnk</div>

<div>[2012/06/17 16:17:04 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</div>

<div>[2012/06/17 16:01:31 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\James\Desktop\unhide.exe</div>

<div>[2012/06/17 16:00:30 | 010,063,024 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\James\Desktop\mbam-setup.exe</div>

<div>[2012/06/17 15:56:06 | 001,012,656 | ---- | M] () -- C:\Users\James\Desktop\rkill.exe</div>

<div>[2012/06/17 15:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</div>

<div>[2012/06/17 02:51:00 | 000,346,760 | ---- | M] () -- C:\ProgramData\bSIPsmLEdWM.exe</div>

<div>[2012/06/12 18:44:11 | 000,353,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT</div>

<div>[2012/06/12 17:59:53 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe</div>

<div>[2012/06/12 17:59:53 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl</div>

<div>[2012/06/12 00:37:45 | 000,002,401 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk</div>

<div>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</div>

<div> </div>

<div>
========== Files Created - No Company Name ==========
</div>

<div> </div>

<div>[2012/06/18 00:40:45 | 000,881,475 | ---- | C] () -- C:\Users\James\Desktop\SecurityCheck.exe</div>

<div>[2012/06/18 00:05:15 | 000,002,401 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk</div>

<div>[2012/06/18 00:05:15 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk</div>

<div>[2012/06/18 00:05:15 | 000,002,277 | ---- | C] () -- C:\Users\Public\Desktop\RTR VII Launcher.lnk</div>

<div>[2012/06/18 00:05:15 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Elements Studio.lnk</div>

<div>[2012/06/18 00:05:15 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War Britannia.lnk</div>

<div>[2012/06/18 00:05:15 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War Teutonic.lnk</div>

<div>[2012/06/18 00:05:15 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War Crusades.lnk</div>

<div>[2012/06/18 00:05:15 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War Americas.lnk</div>

<div>[2012/06/18 00:05:15 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\ExRM v3.5.3b.lnk</div>

<div>[2012/06/18 00:05:15 | 000,002,056 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk</div>

<div>[2012/06/18 00:05:15 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Mouse.lnk</div>

<div>[2012/06/18 00:05:15 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\Barbarian Invasion.lnk</div>

<div>[2012/06/18 00:05:15 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Rome - Total War.lnk</div>

<div>[2012/06/18 00:05:15 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk</div>

<div>[2012/06/18 00:05:15 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk</div>

<div>[2012/06/18 00:05:15 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Corel GuideMenu.lnk</div>

<div>[2012/06/18 00:05:15 | 000,001,699 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk</div>

<div>[2012/06/18 00:05:15 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk</div>

<div>[2012/06/18 00:05:15 | 000,001,666 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk</div>

<div>[2012/06/18 00:05:15 | 000,001,614 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk</div>

<div>[2012/06/18 00:05:15 | 000,001,537 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk</div>

<div>[2012/06/18 00:05:15 | 000,001,475 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk</div>

<div>[2012/06/18 00:05:15 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk</div>

<div>[2012/06/18 00:05:15 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Product Documentation.lnk</div>

<div>[2012/06/18 00:05:15 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Music, Photos & Videos.lnk</div>

<div>[2012/06/18 00:05:15 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Shutterfly Express Uploader.lnk</div>

<div>[2012/06/18 00:05:15 | 000,000,945 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk</div>

<div>[2012/06/18 00:05:15 | 000,000,940 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk</div>

<div>[2012/06/18 00:05:15 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X3.lnk</div>

<div>[2012/06/18 00:05:15 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</div>

<div>[2012/06/18 00:05:15 | 000,000,258 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk</div>

<div>[2012/06/18 00:05:15 | 000,000,240 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk</div>

<div>[2012/06/17 19:00:45 | 000,000,926 | ---- | C] () -- C:\Users\James\Desktop\Malwarebytes Anti-Malware.lnk</div>

<div>[2012/06/17 15:55:51 | 001,012,656 | ---- | C] () -- C:\Users\James\Desktop\rkill.exe</div>

<div>[2012/06/17 02:53:14 | 000,346,760 | ---- | C] () -- C:\ProgramData\bSIPsmLEdWM.exe</div>

<div>[2012/04/11 17:07:56 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc</div>

<div>[2012/01/30 23:23:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin</div>

<div>[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll</div>

<div>[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll</div>

<div>[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe</div>

<div>[2011/11/16 21:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini</div>

<div>[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll</div>

<div>[2011/04/20 02:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll</div>

<div>[2011/03/17 18:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat</div>

<div>[2011/03/01 16:17:05 | 000,000,680 | ---- | C] () -- C:\Users\James\AppData\Local\d3d9caps.dat</div>

<div>[2011/02/28 22:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat</div>

<div>[2010/08/05 00:39:18 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0C2B8D26D8.sys</div>

<div>[2010/08/05 00:39:17 | 000,003,766 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys</div>

<div> </div>

<div>
========== Custom Scans ==========
</div>

<div> </div>

<div>
< %TEMP%\smtmp\*.* /s  >
</div>

<div>[2008/02/27 05:46:21 | 000,001,614 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\2\Calculator.lnk</div>

<div>[2011/04/11 21:43:09 | 000,000,928 | -HS- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\2\desktop.ini</div>

<div>[2012/04/14 02:31:12 | 000,001,666 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\2\iTunes.lnk</div>

<div>[2011/04/11 21:43:09 | 000,000,945 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\2\Launch Internet Explorer Browser.lnk</div>

<div>[2011/10/30 00:39:40 | 000,000,940 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\2\Microsoft Office Outlook.lnk</div>

<div>[2008/02/27 05:46:05 | 000,001,699 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\2\Notepad.lnk</div>

<div>[2008/02/21 21:43:51 | 000,000,258 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\2\Shows Desktop.lnk</div>

<div>[2012/06/12 00:37:45 | 000,002,401 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\2\Skype.lnk</div>

<div>[2008/02/21 21:43:51 | 000,000,240 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\2\Window Switcher.lnk</div>

<div>[2008/03/04 13:14:53 | 000,001,537 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\2\Windows Explorer.lnk</div>

<div>[2008/02/21 22:40:08 | 000,002,131 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Adobe Elements Studio.lnk</div>

<div>[2010/04/27 14:17:02 | 000,002,013 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Barbarian Invasion.lnk</div>

<div>[2008/08/02 23:46:25 | 000,001,858 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Corel GuideMenu.lnk</div>

<div>[2010/08/05 00:18:54 | 000,000,917 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Corel VideoStudio Pro X3.lnk</div>

<div>[2008/09/12 00:10:41 | 000,000,174 | -HS- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\desktop.ini</div>

<div>[2011/02/04 15:24:08 | 000,002,085 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\ExRM v3.5.3b.lnk</div>

<div>[2012/04/01 18:29:11 | 000,001,666 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\iTunes.lnk</div>

<div>[2012/02/23 16:40:55 | 000,001,475 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Logitech Webcam Software  .lnk</div>

<div>[2012/06/17 16:17:04 | 000,000,908 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Malwarebytes Anti-Malware.lnk</div>

<div>[2009/10/14 23:19:03 | 000,002,109 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Medieval II Total War Americas.lnk</div>

<div>[2009/10/14 23:25:28 | 000,002,119 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Medieval II Total War Britannia.lnk</div>

<div>[2009/10/14 23:31:07 | 000,002,109 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Medieval II Total War Crusades.lnk</div>

<div>[2009/10/14 23:46:33 | 000,002,109 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Medieval II Total War Teutonic.lnk</div>

<div>[2009/12/11 01:41:09 | 000,002,056 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Medieval II Total War.lnk</div>

<div>[2010/07/27 15:32:19 | 000,002,030 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Microsoft Mouse.lnk</div>

<div>[2008/02/21 22:39:31 | 000,001,089 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Music, Photos & Videos.lnk</div>

<div>[2008/02/21 22:39:28 | 000,001,101 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Product Documentation.lnk</div>

<div>[2010/04/27 14:08:28 | 000,001,990 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Rome - Total War.lnk</div>

<div>[2010/11/30 17:15:19 | 000,002,277 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\RTR VII Launcher.lnk</div>

<div>[2012/05/13 16:55:00 | 000,001,854 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Safari.lnk</div>

<div>[2011/12/14 19:38:51 | 000,001,063 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Shutterfly Express Uploader.lnk</div>

<div>[2012/03/20 20:51:12 | 000,001,878 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\Skype.lnk</div>

<div>[2012/04/13 17:27:07 | 000,001,908 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\TurboTax 2011.lnk</div>

<div>[2008/08/02 23:22:18 | 000,001,131 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\smtmp\4\ZoomBrowser EX.lnk</div>

<div> </div>

<div>< End of report ></div>

<div> </div>
Link to post
Share on other sites

  • Staff

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code

    :files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Link to post
Share on other sites

Thank you again for your help. I ran OTL with the custom fix as you instructed. Here is the log output:

========== FILES ==========

< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >

0 File(s) copied

C:\Users\James\Desktop\cmd.bat deleted successfully.

C:\Users\James\Desktop\cmd.txt deleted successfully.

< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >

C:\Users\James\AppData\Local\Temp\smtmp\2\Calculator.lnk

C:\Users\James\AppData\Local\Temp\smtmp\2\desktop.ini

C:\Users\James\AppData\Local\Temp\smtmp\2\iTunes.lnk

C:\Users\James\AppData\Local\Temp\smtmp\2\Launch Internet Explorer Browser.lnk

C:\Users\James\AppData\Local\Temp\smtmp\2\Microsoft Office Outlook.lnk

C:\Users\James\AppData\Local\Temp\smtmp\2\Notepad.lnk

C:\Users\James\AppData\Local\Temp\smtmp\2\Shows Desktop.lnk

C:\Users\James\AppData\Local\Temp\smtmp\2\Skype.lnk

C:\Users\James\AppData\Local\Temp\smtmp\2\Window Switcher.lnk

C:\Users\James\AppData\Local\Temp\smtmp\2\Windows Explorer.lnk

10 File(s) copied

C:\Users\James\Desktop\cmd.bat deleted successfully.

C:\Users\James\Desktop\cmd.txt deleted successfully.

< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >

0 File(s) copied

C:\Users\James\Desktop\cmd.bat deleted successfully.

C:\Users\James\Desktop\cmd.txt deleted successfully.

< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >

0 File(s) copied

C:\Users\James\Desktop\cmd.bat deleted successfully.

C:\Users\James\Desktop\cmd.txt deleted successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\James\Desktop\cmd.bat deleted successfully.

C:\Users\James\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: IUSR_NMPR

User: James

->Java cache emptied: 7557884 bytes

User: Kimberly

->Java cache emptied: 1523001 bytes

User: Public

Total Java Files Cleaned = 9.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: IUSR_NMPR

User: James

User: Kimberly

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.49.0 log created on 06182012_102129

It did NOT ask me to reboot the computer. Should I go ahead and reboot the computer and see if everything is ok? I did the fix in safe mode with networking.

Link to post
Share on other sites

So I rebooted the computer to see if it's fixed and, sadly, it's not. I still get dozens of system error and a single "hard drive failure detected... run HDD scan..."

I still have all my icons back though (since I ran unhide.exe).

Earlier (before I sought help here) I did run MALWAREBYTE and found problems. They are quarantined. Should I have deleted the quarantined files?

Link to post
Share on other sites

Also, there is still a red circle with X in it on the right lower corner of the computer when these errors show up (different from the red shield with the X in it I get in safe mode -- which I think is simply Microsoft Security Essential being turned off).

The last time I rebooted, and I got all these errors, MSE kicked in and automatically cleaned the problems. The error messages disappeared, but the red circle with X stayed. Then when I rebooted again, the same error messages came back, but this time the MSE did not automatically cleaned them. So I shut the computer down, rebooted in the safe mode with networking and am writing back to you.

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Again, thank you so much for the help. I did as you instructed. The only thing I ran were Windows Firewall (I disabled it) and Microsoft Security Essentials (which were turned off in Safe Mode). When I tried to download Combofix, suddently the computer lost internet connection (actually my other computer also lost connection, so I think it was just a short glitch with my ISP). After a while, my internet connection came back and I was able to download Combofix.

One problem when I tried to run it was that it detected MSE even though it was off. So I manually opened MSE and unclicked realtime scanning (I think Combofix still "sensed" MSE though). I ran Combofix (while I ran off to soothe my crying baby daughter). When I came back, it was back to the login screen. I typed in my password and logged in. It finished up and generated a log report. But then I couldn't open any executable files (it said the "key marked for deletion" thing). So I tried to reboot, but the computer hung up on closing down. So I manually powered off and rebooted. Now the computer seems to be working normally! Yay! Thank you so very much! I will go ahead and donate as soon as I finished typing this message.

Oh, ONE THING is not back to normal. I have all my icons back, but when I click on the window icon (lower left corner), I can see all my programs if I click on "All Programs" but everything above that is missing (the big icons). How do I get those back?

So, should I be able to run my computer normally otherwise? I did quick scans with MSE and Malwarebyte and nothing came up!

Here is the log from Combofix:

ComboFix 12-06-16.02 - James 06/19/2012 1:11.1.4 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2391 [GMT -4:00]

Running from: c:\users\James\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\0C2B8D26D8.sys

c:\programdata\bSIPsmLEdWM.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

.

2012-06-19 05:28 . 2012-06-19 05:33 -------- d-----w- c:\users\James\AppData\Local\temp

2012-06-19 05:28 . 2012-06-19 05:28 -------- d-----w- c:\users\Kimberly\AppData\Local\temp

2012-06-19 05:28 . 2012-06-19 05:28 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2012-06-19 05:28 . 2012-06-19 05:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-18 14:21 . 2012-06-18 14:21 -------- d-----w- C:\_OTL

2012-06-17 22:36 . 2012-06-17 22:36 -------- d-----w- C:\found.000

2012-06-17 20:17 . 2012-06-17 20:17 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes

2012-06-17 20:17 . 2012-06-17 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-17 20:17 . 2012-06-17 20:17 -------- d-----w- c:\programdata\Malwarebytes

2012-06-17 20:17 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-17 06:08 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE1E3A8A-D8A7-4642-A61F-F89C7DDD9863}\mpengine.dll

2012-06-13 08:27 . 2012-05-08 16:40 6737808 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-12 22:29 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-06-12 22:29 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2012-06-12 22:29 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-12 22:29 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-06-12 22:29 . 2012-05-17 22:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-12 22:28 . 2012-05-17 22:35 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-12 22:28 . 2012-05-17 23:21 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2012-06-12 22:28 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-12 22:28 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-06-12 22:28 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-06-12 22:28 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-12 22:15 . 2012-02-10 09:45 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D147F1FD-FDB8-4B26-B48F-BDAAE975954C}\gapaengine.dll

2012-06-12 22:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-12 22:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-12 22:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-12 22:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-12 22:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-05-20 19:24 . 2012-05-20 19:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2012-05-20 19:24 . 2012-05-20 19:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2012-05-20 19:24 . 2012-05-20 19:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2012-05-20 19:24 . 2012-05-20 19:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2012-05-20 19:24 . 2012-05-20 19:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2012-05-20 19:24 . 2012-05-20 19:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2012-05-20 19:24 . 2012-05-20 19:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2012-05-20 19:23 . 2012-05-20 19:24 -------- d-----w- c:\program files\QuickTime

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-12 21:59 . 2012-04-05 16:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-12 21:59 . 2011-05-18 19:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-03 08:16 . 2012-05-10 05:45 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-10 05:45 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39 . 2012-05-10 05:45 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-29 13:39 . 2012-05-10 05:45 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]

"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

.

c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-21 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]

2009-04-06 20:35 247296 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

2007-05-25 06:03 17920 ---ha-w- c:\dell\E-Center\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2008-02-22 02:15 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GuideMenu]

2007-08-07 21:01 1282048 ----a-w- c:\program files\Corel\Corel GuideMenu\GuideMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2007-09-17 13:07 81920 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]

2007-09-17 13:07 86016 ----a-w- c:\windows\System32\nvsvc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-06-05 20:04 17345712 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]

2009-12-17 10:42 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 17:42]

.

2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 17:42]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.98.1

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-bSIPsmLEdWM.exe - c:\programdata\bSIPsmLEdWM.exe

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

MSConfigStartUp-nxymuyvt - c:\users\James\AppData\Local\Temp\chsmuufpf\ghpmmxhhmof.exe

.

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,2a,4e,f8,87,89,6c,4f,a4,fe,ae,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,2a,4e,f8,87,89,6c,4f,a4,fe,ae,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4184)

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\atiesrxx.exe

c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\atieclxx.exe

c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

c:\program files\Intel\IntelDH\CCU\AlertService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

c:\program files\Common Files\Protexis\License Service\PSIService.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\system32\STacSV.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

c:\windows\system32\conime.exe

c:\program files\XPSMiniViewGadget\XPSMiniViewGadget.exe

c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Intel\IntelDH\CCU\CCU_Engine.exe

c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

c:\windows\ehome\mcupdate.EXE

c:\program files\Microsoft Security Client\MpCmdRun.exe

c:\program files\Microsoft Security Client\MpCmdRun.exe

c:\windows\System32\wsqmcons.exe

.

**************************************************************************

.

Completion time: 2012-06-19 01:43:17 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-19 05:41

.

Pre-Run: 205,684,785,152 bytes free

Post-Run: 204,312,571,904 bytes free

.

- - End Of File - - 796A5B0FAA3C5ECFC3BE847C32BF14F1

Thank you so very much again!

Link to post
Share on other sites

  • Staff

Greetings

thank you it was very nice!!

see if this works for your problem - http://www.vistax64.com/tutorials/89631-recent-programs-not-being-remembered.html

I am going to do some more checking to make sure there is nothing still on the computer

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

Again, thank you so much for the help. Actually I was really stupid. All I had to get my recent items back was to click on the options for that after right clicking the startup button. So I have it back.

I downloaded DSSKiller yesterday. I will run it now along with the other program you mention. Do I need to set myself back into safe mode with networking or could I just use the normal setup to run those? Do I need to turn off MS firewall and MSE to run them?

Link to post
Share on other sites

I ran the TDSSKiller and am attaching the log below. I tried to run aswMBR. It downloaded and updated fine enough, but then after running for about 1 hour or so, the computer was rebooted on its own. I'll try again.

TDSSKiller report:

03:32:33.0749 5788 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

03:32:34.0030 5788 ============================================================

03:32:34.0030 5788 Current date / time: 2012/06/19 03:32:34.0030

03:32:34.0030 5788 SystemInfo:

03:32:34.0030 5788

03:32:34.0030 5788 OS Version: 6.0.6002 ServicePack: 2.0

03:32:34.0030 5788 Product type: Workstation

03:32:34.0030 5788 ComputerName: DESKTOP

03:32:34.0030 5788 UserName: James

03:32:34.0030 5788 Windows directory: C:\Windows

03:32:34.0030 5788 System windows directory: C:\Windows

03:32:34.0030 5788 Processor architecture: Intel x86

03:32:34.0030 5788 Number of processors: 4

03:32:34.0030 5788 Page size: 0x1000

03:32:34.0030 5788 Boot type: Normal boot

03:32:34.0030 5788 ============================================================

03:32:35.0013 5788 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

03:32:35.0075 5788 ============================================================

03:32:35.0075 5788 \Device\Harddisk0\DR0:

03:32:35.0091 5788 MBR partitions:

03:32:35.0091 5788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000

03:32:35.0091 5788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x3856A000

03:32:35.0091 5788 ============================================================

03:32:35.0449 5788 C: <-> \Device\Harddisk0\DR0\Partition1

03:32:35.0527 5788 D: <-> \Device\Harddisk0\DR0\Partition0

03:32:35.0527 5788 ============================================================

03:32:35.0527 5788 Initialize success

03:32:35.0527 5788 ============================================================

03:32:47.0493 5864 ============================================================

03:32:47.0493 5864 Scan started

03:32:47.0493 5864 Mode: Manual; SigCheck; TDLFS;

03:32:47.0493 5864 ============================================================

03:32:53.0842 5864 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

03:32:53.0951 5864 ACPI - ok

03:32:54.0981 5864 AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

03:32:54.0996 5864 AdobeActiveFileMonitor6.0 - ok

03:32:55.0043 5864 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

03:32:55.0074 5864 adp94xx - ok

03:32:55.0105 5864 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

03:32:55.0137 5864 adpahci - ok

03:32:55.0168 5864 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

03:32:55.0183 5864 adpu160m - ok

03:32:55.0215 5864 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

03:32:55.0246 5864 adpu320 - ok

03:32:55.0277 5864 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

03:32:55.0371 5864 AeLookupSvc - ok

03:32:55.0620 5864 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

03:32:55.0776 5864 AFD - ok

03:32:55.0823 5864 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

03:32:55.0839 5864 agp440 - ok

03:32:55.0932 5864 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

03:32:55.0963 5864 aic78xx - ok

03:32:56.0135 5864 AlertService (cf86f64a1aea27e5fa97e697bf70346d) C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

03:32:56.0135 5864 AlertService - ok

03:32:56.0166 5864 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

03:32:56.0291 5864 ALG - ok

03:32:56.0494 5864 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys

03:32:56.0603 5864 aliide - ok

03:32:57.0601 5864 Amazon Download Agent (5ca3715b17b7d919412e20c4bef71ea6) C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

03:32:57.0945 5864 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - warning

03:32:57.0945 5864 Amazon Download Agent - detected UnsignedFile.Multi.Generic (1)

03:32:58.0335 5864 AMD External Events Utility (ebccbcbf1df132e4775e5d6e6dea3ed0) C:\Windows\system32\atiesrxx.exe

03:32:58.0397 5864 AMD External Events Utility - ok

03:32:58.0678 5864 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

03:32:58.0709 5864 amdagp - ok

03:32:58.0740 5864 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys

03:32:58.0771 5864 amdide - ok

03:32:58.0959 5864 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

03:33:02.0157 5864 AmdK7 - ok

03:33:03.0077 5864 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

03:33:03.0202 5864 AmdK8 - ok

03:33:06.0275 5864 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys

03:33:07.0039 5864 amdkmdag - ok

03:33:07.0429 5864 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys

03:33:07.0445 5864 amdkmdap - ok

03:33:07.0570 5864 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

03:33:07.0632 5864 Appinfo - ok

03:33:07.0960 5864 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

03:33:07.0975 5864 Apple Mobile Device - ok

03:33:08.0069 5864 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

03:33:08.0085 5864 arc - ok

03:33:08.0272 5864 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

03:33:08.0287 5864 arcsas - ok

03:33:08.0365 5864 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

03:33:08.0412 5864 AsyncMac - ok

03:33:08.0475 5864 atapi (61ca2c1e145809813c28752298cf9843) C:\Windows\system32\drivers\atapi.sys

03:33:08.0490 5864 atapi - ok

03:33:08.0787 5864 ATIAVPCI (99001de5a38db425ae186ab021914540) C:\Windows\system32\DRIVERS\atinavrr.sys

03:33:08.0896 5864 ATIAVPCI - ok

03:33:09.0255 5864 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

03:33:09.0613 5864 AudioEndpointBuilder - ok

03:33:09.0613 5864 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

03:33:09.0645 5864 Audiosrv - ok

03:33:10.0019 5864 BCMH43XX - ok

03:33:10.0128 5864 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

03:33:10.0206 5864 Beep - ok

03:33:10.0378 5864 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

03:33:10.0549 5864 BFE - ok

03:33:10.0877 5864 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll

03:33:11.0017 5864 BITS - ok

03:33:11.0017 5864 blbdrive - ok

03:33:11.0298 5864 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

03:33:11.0423 5864 Bonjour Service - ok

03:33:11.0517 5864 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

03:33:11.0579 5864 bowser - ok

03:33:11.0657 5864 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

03:33:11.0673 5864 BrFiltLo - ok

03:33:11.0688 5864 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

03:33:11.0735 5864 BrFiltUp - ok

03:33:11.0953 5864 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

03:33:11.0985 5864 Browser - ok

03:33:12.0094 5864 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\DRIVERS\BrSerId.sys

03:33:12.0156 5864 Brserid - ok

03:33:12.0172 5864 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

03:33:12.0234 5864 BrSerWdm - ok

03:33:12.0297 5864 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

03:33:12.0359 5864 BrUsbMdm - ok

03:33:12.0375 5864 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys

03:33:12.0421 5864 BrUsbSer - ok

03:33:12.0562 5864 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

03:33:12.0609 5864 BthEnum - ok

03:33:12.0765 5864 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

03:33:12.0858 5864 BTHMODEM - ok

03:33:12.0952 5864 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

03:33:13.0014 5864 BthPan - ok

03:33:13.0217 5864 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys

03:33:13.0264 5864 BTHPORT - ok

03:33:13.0373 5864 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll

03:33:13.0404 5864 BthServ - ok

03:33:13.0498 5864 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys

03:33:13.0529 5864 BTHUSB - ok

03:33:13.0732 5864 btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys

03:33:13.0747 5864 btwaudio - ok

03:33:13.0841 5864 btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys

03:33:13.0841 5864 btwavdt - ok

03:33:13.0950 5864 btwdins (cb3eba480beb1855fb63cdba5e406712) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

03:33:13.0997 5864 btwdins - ok

03:33:14.0028 5864 btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys

03:33:14.0028 5864 btwrchid - ok

03:33:14.0262 5864 catchme - ok

03:33:14.0309 5864 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

03:33:14.0340 5864 cdfs - ok

03:33:14.0403 5864 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

03:33:14.0465 5864 cdrom - ok

03:33:14.0543 5864 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

03:33:14.0621 5864 CertPropSvc - ok

03:33:14.0637 5864 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

03:33:14.0699 5864 circlass - ok

03:33:14.0855 5864 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

03:33:14.0886 5864 CLFS - ok

03:33:15.0307 5864 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

03:33:15.0307 5864 clr_optimization_v2.0.50727_32 - ok

03:33:15.0401 5864 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

03:33:15.0526 5864 clr_optimization_v4.0.30319_32 - ok

03:33:15.0557 5864 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys

03:33:15.0557 5864 cmdide - ok

03:33:15.0729 5864 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys

03:33:15.0760 5864 Compbatt - ok

03:33:15.0838 5864 CompFilter (9704b9c442e3ef2989746d08f80a3743) C:\Windows\system32\DRIVERS\lvbusflt.sys

03:33:15.0838 5864 CompFilter - ok

03:33:15.0838 5864 COMSysApp - ok

03:33:15.0853 5864 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

03:33:15.0869 5864 crcdisk - ok

03:33:16.0087 5864 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

03:33:16.0165 5864 Crusoe - ok

03:33:16.0212 5864 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll

03:33:16.0259 5864 CryptSvc - ok

03:33:16.0337 5864 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

03:33:16.0384 5864 DcomLaunch - ok

03:33:16.0618 5864 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

03:33:16.0727 5864 DfsC - ok

03:33:17.0398 5864 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

03:33:17.0819 5864 DFSR - ok

03:33:22.0281 5864 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

03:33:22.0327 5864 Dhcp - ok

03:33:22.0686 5864 DHTRACE (2c56880d37785cf2c07b0309cebb0a7d) C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe

03:33:22.0733 5864 DHTRACE - ok

03:33:24.0309 5864 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

03:33:24.0340 5864 disk - ok

03:33:24.0433 5864 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

03:33:24.0465 5864 Dnscache - ok

03:33:24.0605 5864 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

03:33:24.0652 5864 dot3svc - ok

03:33:24.0683 5864 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

03:33:24.0714 5864 DPS - ok

03:33:25.0026 5864 DQLWinService (28b42d80ce943a98c6bcea67263cbdff) C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

03:33:25.0042 5864 DQLWinService ( UnsignedFile.Multi.Generic ) - warning

03:33:25.0042 5864 DQLWinService - detected UnsignedFile.Multi.Generic (1)

03:33:25.0073 5864 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

03:33:25.0104 5864 drmkaud - ok

03:33:25.0401 5864 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

03:33:25.0416 5864 DXGKrnl - ok

03:33:25.0494 5864 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys

03:33:25.0510 5864 e1express - ok

03:33:25.0557 5864 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

03:33:25.0650 5864 E1G60 - ok

03:33:25.0681 5864 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

03:33:25.0713 5864 EapHost - ok

03:33:26.0196 5864 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

03:33:26.0212 5864 Ecache - ok

03:33:26.0415 5864 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

03:33:26.0493 5864 ehRecvr - ok

03:33:26.0571 5864 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

03:33:26.0602 5864 ehSched - ok

03:33:26.0617 5864 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

03:33:26.0649 5864 ehstart - ok

03:33:26.0711 5864 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

03:33:26.0742 5864 elxstor - ok

03:33:27.0101 5864 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

03:33:27.0210 5864 EMDMgmt - ok

03:33:27.0273 5864 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

03:33:27.0335 5864 EventSystem - ok

03:33:27.0413 5864 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

03:33:27.0475 5864 exfat - ok

03:33:27.0538 5864 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

03:33:27.0585 5864 fastfat - ok

03:33:27.0694 5864 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

03:33:27.0756 5864 fdc - ok

03:33:27.0912 5864 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

03:33:27.0943 5864 fdPHost - ok

03:33:28.0053 5864 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

03:33:28.0131 5864 FDResPub - ok

03:33:28.0522 5864 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

03:33:28.0584 5864 FileInfo - ok

03:33:28.0693 5864 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

03:33:28.0756 5864 Filetrace - ok

03:33:29.0333 5864 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

03:33:29.0395 5864 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

03:33:29.0395 5864 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

03:33:29.0426 5864 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

03:33:29.0473 5864 flpydisk - ok

03:33:29.0520 5864 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

03:33:29.0551 5864 FltMgr - ok

03:33:29.0660 5864 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

03:33:29.0754 5864 FontCache - ok

03:33:29.0941 5864 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

03:33:29.0941 5864 FontCache3.0.0.0 - ok

03:33:29.0988 5864 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

03:33:30.0035 5864 Fs_Rec - ok

03:33:30.0066 5864 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

03:33:30.0082 5864 gagp30kx - ok

03:33:30.0128 5864 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

03:33:30.0144 5864 GEARAspiWDM - ok

03:33:37.0414 5864 GoogleDesktopManager (1c23ca2beb4fa0a92b87164c35212b11) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

03:33:37.0570 5864 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning

03:33:37.0570 5864 GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1)

03:33:39.0941 5864 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

03:33:39.0988 5864 gpsvc - ok

03:33:41.0610 5864 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

03:33:41.0641 5864 gupdate - ok

03:33:41.0657 5864 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

03:33:41.0657 5864 gupdatem - ok

03:33:41.0719 5864 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

03:33:41.0750 5864 gusvc - ok

03:33:41.0828 5864 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

03:33:41.0860 5864 HdAudAddService - ok

03:33:42.0343 5864 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

03:33:42.0686 5864 HDAudBus - ok

03:33:42.0905 5864 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

03:33:43.0014 5864 HidBth - ok

03:33:43.0061 5864 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

03:33:43.0123 5864 HidIr - ok

03:33:43.0170 5864 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll

03:33:43.0201 5864 hidserv - ok

03:33:43.0295 5864 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

03:33:43.0342 5864 HidUsb - ok

03:33:43.0357 5864 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

03:33:43.0404 5864 hkmsvc - ok

03:33:43.0903 5864 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

03:33:43.0934 5864 HpCISSs - ok

03:33:45.0463 5864 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys

03:33:45.0635 5864 HSF_DPV - ok

03:33:45.0666 5864 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys

03:33:45.0697 5864 HSXHWBS2 - ok

03:33:47.0741 5864 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

03:33:47.0788 5864 HTTP - ok

03:33:47.0819 5864 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

03:33:47.0834 5864 i2omp - ok

03:33:47.0866 5864 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

03:33:47.0897 5864 i8042prt - ok

03:33:49.0129 5864 IAANTMON (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

03:33:49.0176 5864 IAANTMON - ok

03:33:49.0207 5864 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys

03:33:49.0223 5864 iaStor - ok

03:33:49.0878 5864 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

03:33:49.0894 5864 iaStorV - ok

03:33:50.0596 5864 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

03:33:50.0627 5864 IDriverT ( UnsignedFile.Multi.Generic ) - warning

03:33:50.0627 5864 IDriverT - detected UnsignedFile.Multi.Generic (1)

03:33:52.0358 5864 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

03:33:52.0468 5864 idsvc - ok

03:33:52.0483 5864 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

03:33:52.0499 5864 iirsp - ok

03:34:00.0128 5864 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

03:34:00.0222 5864 IKEEXT - ok

03:34:00.0253 5864 IntelDH (7f440f8ced849fcdfa85bb3521b4f048) C:\Windows\system32\Drivers\IntelDH.sys

03:34:00.0269 5864 IntelDH - ok

03:34:00.0315 5864 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys

03:34:00.0331 5864 intelide - ok

03:34:00.0378 5864 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

03:34:00.0409 5864 intelppm - ok

03:34:01.0158 5864 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

03:34:01.0158 5864 IntuitUpdateService - ok

03:34:01.0251 5864 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

03:34:01.0298 5864 IntuitUpdateServiceV4 - ok

03:34:01.0329 5864 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

03:34:01.0361 5864 IPBusEnum - ok

03:34:01.0860 5864 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

03:34:02.0031 5864 IpFilterDriver - ok

03:34:03.0186 5864 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

03:34:03.0233 5864 iphlpsvc - ok

03:34:03.0233 5864 IpInIp - ok

03:34:03.0248 5864 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

03:34:03.0311 5864 IPMIDRV - ok

03:34:06.0337 5864 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

03:34:06.0399 5864 IPNAT - ok

03:34:06.0602 5864 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe

03:34:06.0649 5864 iPod Service - ok

03:34:06.0665 5864 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

03:34:06.0696 5864 IRENUM - ok

03:34:06.0727 5864 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

03:34:06.0743 5864 isapnp - ok

03:34:06.0789 5864 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

03:34:06.0805 5864 iScsiPrt - ok

03:34:07.0211 5864 ISSM (50adb2883f8874aa6632a67cd410f27f) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

03:34:07.0226 5864 ISSM - ok

03:34:08.0209 5864 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

03:34:08.0225 5864 iteatapi - ok

03:34:08.0365 5864 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

03:34:08.0427 5864 iteraid - ok

03:34:08.0505 5864 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\Windows\system32\drivers\iviaspi.sys

03:34:08.0521 5864 Iviaspi ( UnsignedFile.Multi.Generic ) - warning

03:34:08.0521 5864 Iviaspi - detected UnsignedFile.Multi.Generic (1)

03:34:08.0615 5864 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

03:34:08.0630 5864 IviRegMgr - ok

03:34:08.0630 5864 jkjbwdig - ok

03:34:08.0661 5864 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

03:34:08.0677 5864 kbdclass - ok

03:34:08.0802 5864 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

03:34:09.0005 5864 kbdhid - ok

03:34:09.0051 5864 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

03:34:09.0098 5864 KeyIso - ok

03:34:09.0207 5864 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

03:34:09.0254 5864 KSecDD - ok

03:34:09.0301 5864 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

03:34:09.0332 5864 KtmRm - ok

03:34:09.0878 5864 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll

03:34:09.0956 5864 LanmanServer - ok

03:34:10.0065 5864 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

03:34:10.0159 5864 LanmanWorkstation - ok

03:34:10.0268 5864 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

03:34:10.0315 5864 lltdio - ok

03:34:10.0533 5864 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

03:34:10.0611 5864 lltdsvc - ok

03:34:10.0643 5864 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

03:34:10.0674 5864 lmhosts - ok

03:34:10.0970 5864 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

03:34:10.0986 5864 LSI_FC - ok

03:34:11.0033 5864 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

03:34:11.0048 5864 LSI_SAS - ok

03:34:11.0064 5864 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

03:34:11.0079 5864 LSI_SCSI - ok

03:34:11.0095 5864 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

03:34:11.0142 5864 luafv - ok

03:34:11.0235 5864 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\Windows\system32\DRIVERS\lvrs.sys

03:34:11.0251 5864 LVRS - ok

03:34:17.0475 5864 LVUVC (5bc80451109a8dd7f2ddd35bce2929a3) C:\Windows\system32\DRIVERS\lvuvc.sys

03:34:17.0912 5864 LVUVC - ok

03:34:18.0536 5864 M1 Server (9a3741d5412ab81b86992915e3ecd3e9) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

03:34:18.0552 5864 M1 Server - ok

03:34:19.0987 5864 MCLServiceATL (6ad27b01272f966c9611a398961fcf15) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

03:34:20.0003 5864 MCLServiceATL - ok

03:34:20.0486 5864 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

03:34:20.0502 5864 Mcx2Svc - ok

03:34:20.0627 5864 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

03:34:20.0658 5864 mdmxsdk - ok

03:34:20.0689 5864 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

03:34:20.0705 5864 megasas - ok

03:34:20.0736 5864 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

03:34:20.0798 5864 MMCSS - ok

03:34:20.0907 5864 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

03:34:20.0939 5864 Modem - ok

03:34:21.0266 5864 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

03:34:21.0407 5864 monitor - ok

03:34:21.0453 5864 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

03:34:21.0453 5864 mouclass - ok

03:34:21.0469 5864 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

03:34:21.0516 5864 mouhid - ok

03:34:22.0405 5864 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

03:34:22.0421 5864 MountMgr - ok

03:34:22.0483 5864 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys

03:34:22.0514 5864 MpFilter - ok

03:34:22.0545 5864 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

03:34:22.0545 5864 mpio - ok

03:34:22.0670 5864 MpKsl4ecc8b9e (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F72AFF7A-B375-400B-8A5D-D9F17C59D24B}\MpKsl4ecc8b9e.sys

03:34:22.0670 5864 MpKsl4ecc8b9e - ok

03:34:22.0701 5864 MpKsld09c5a0d (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F72AFF7A-B375-400B-8A5D-D9F17C59D24B}\MpKsld09c5a0d.sys

03:34:22.0748 5864 MpKsld09c5a0d - ok

03:34:22.0779 5864 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

03:34:22.0826 5864 mpsdrv - ok

03:34:22.0873 5864 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

03:34:22.0920 5864 MpsSvc - ok

03:34:23.0216 5864 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

03:34:23.0294 5864 Mraid35x - ok

03:34:23.0325 5864 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

03:34:23.0341 5864 MRxDAV - ok

03:34:23.0403 5864 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

03:34:23.0435 5864 mrxsmb - ok

03:34:23.0715 5864 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

03:34:23.0747 5864 mrxsmb10 - ok

03:34:23.0762 5864 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

03:34:23.0778 5864 mrxsmb20 - ok

03:34:23.0809 5864 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys

03:34:23.0825 5864 msahci - ok

03:34:23.0840 5864 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

03:34:23.0856 5864 msdsm - ok

03:34:24.0527 5864 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

03:34:24.0589 5864 MSDTC - ok

03:34:24.0870 5864 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

03:34:24.0963 5864 Msfs - ok

03:34:24.0979 5864 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

03:34:24.0995 5864 msisadrv - ok

03:34:25.0026 5864 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

03:34:25.0057 5864 MSiSCSI - ok

03:34:25.0073 5864 msiserver - ok

03:34:25.0088 5864 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

03:34:25.0135 5864 MSKSSRV - ok

03:34:25.0416 5864 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe

03:34:25.0478 5864 MsMpSvc - ok

03:34:25.0541 5864 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

03:34:25.0572 5864 MSPCLOCK - ok

03:34:25.0572 5864 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

03:34:25.0603 5864 MSPQM - ok

03:34:26.0055 5864 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

03:34:26.0149 5864 MsRPC - ok

03:34:26.0165 5864 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

03:34:26.0180 5864 mssmbios - ok

03:34:26.0227 5864 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

03:34:26.0258 5864 MSTEE - ok

03:34:26.0960 5864 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

03:34:27.0023 5864 Mup - ok

03:34:27.0085 5864 NAL (8e7726ba6e6c4cd81baa6c8d8c0099f3) C:\Windows\system32\Drivers\iqvw32.sys

03:34:27.0085 5864 NAL - ok

03:34:27.0522 5864 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

03:34:27.0631 5864 napagent - ok

03:34:27.0693 5864 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

03:34:27.0725 5864 NativeWifiP - ok

03:34:27.0787 5864 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

03:34:27.0849 5864 NDIS - ok

03:34:27.0881 5864 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

03:34:27.0896 5864 NdisTapi - ok

03:34:27.0959 5864 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

03:34:27.0990 5864 Ndisuio - ok

03:34:28.0536 5864 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

03:34:28.0567 5864 NdisWan - ok

03:34:29.0019 5864 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

03:34:29.0129 5864 NDProxy - ok

03:34:29.0144 5864 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

03:34:29.0175 5864 NetBIOS - ok

03:34:30.0501 5864 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

03:34:30.0533 5864 netbt - ok

03:34:30.0579 5864 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

03:34:30.0579 5864 Netlogon - ok

03:34:31.0219 5864 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

03:34:31.0250 5864 Netman - ok

03:34:31.0547 5864 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

03:34:31.0593 5864 netprofm - ok

03:34:31.0905 5864 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

03:34:31.0921 5864 NetTcpPortSharing - ok

03:34:31.0968 5864 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

03:34:31.0983 5864 nfrd960 - ok

03:34:32.0093 5864 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

03:34:32.0108 5864 NisDrv - ok

03:34:32.0607 5864 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe

03:34:32.0639 5864 NisSrv - ok

03:34:32.0654 5864 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

03:34:32.0717 5864 NlaSvc - ok

03:34:33.0231 5864 NMSCore (5384d7a64e7b6011e98d68f69dcfc980) C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

03:34:33.0231 5864 NMSCore - ok

03:34:33.0341 5864 nmsunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys

03:34:33.0387 5864 nmsunidr - ok

03:34:33.0434 5864 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

03:34:33.0465 5864 Npfs - ok

03:34:33.0497 5864 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

03:34:33.0543 5864 nsi - ok

03:34:33.0575 5864 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

03:34:33.0621 5864 nsiproxy - ok

03:34:33.0965 5864 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

03:34:34.0027 5864 Ntfs - ok

03:34:34.0043 5864 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

03:34:34.0089 5864 ntrigdigi - ok

03:34:34.0105 5864 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

03:34:34.0121 5864 Null - ok

03:34:38.0582 5864 nvlddmkm (cfddedc1151839dd71f78472645214a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

03:34:39.0050 5864 nvlddmkm - ok

03:34:41.0094 5864 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

03:34:41.0109 5864 nvraid - ok

03:34:41.0141 5864 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

03:34:41.0141 5864 nvstor - ok

03:34:41.0172 5864 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

03:34:41.0219 5864 nv_agp - ok

03:34:41.0219 5864 NwlnkFlt - ok

03:34:41.0234 5864 NwlnkFwd - ok

03:34:41.0936 5864 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

03:34:42.0092 5864 odserv - ok

03:34:42.0123 5864 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

03:34:42.0155 5864 ohci1394 - ok

03:34:42.0872 5864 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

03:34:42.0950 5864 ose - ok

03:34:43.0668 5864 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

03:34:43.0886 5864 p2pimsvc - ok

03:34:43.0886 5864 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

03:34:43.0949 5864 p2psvc - ok

03:34:44.0619 5864 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

03:34:44.0666 5864 Parport - ok

03:34:44.0838 5864 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys

03:34:44.0853 5864 partmgr - ok

03:34:44.0853 5864 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

03:34:44.0900 5864 Parvdm - ok

03:34:45.0041 5864 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

03:34:45.0337 5864 PcaSvc - ok

03:34:45.0587 5864 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

03:34:45.0680 5864 pci - ok

03:34:45.0821 5864 pciide (eb03c52c1cc6ffc31757e0a69fffd5b6) C:\Windows\system32\drivers\pciide.sys

03:34:45.0821 5864 pciide - ok

03:34:46.0850 5864 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

03:34:47.0069 5864 pcmcia - ok

03:34:49.0362 5864 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

03:34:49.0814 5864 PEAUTH - ok

03:34:52.0373 5864 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

03:34:52.0482 5864 pla - ok

03:34:54.0869 5864 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

03:34:54.0915 5864 PlugPlay - ok

03:34:55.0071 5864 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\Windows\system32\DRIVERS\pmxmouse.sys

03:34:55.0149 5864 pmxmouse - ok

03:34:55.0165 5864 pmxusblf (020eae9dfe3cd277994ce60e4c2c71cf) C:\Windows\system32\DRIVERS\pmxusblf.sys

03:34:55.0181 5864 pmxusblf - ok

03:34:55.0914 5864 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

03:34:55.0945 5864 PNRPAutoReg - ok

03:34:55.0961 5864 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

03:34:56.0023 5864 PNRPsvc - ok

03:34:56.0054 5864 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\Windows\system32\DRIVERS\point32k.sys

03:34:56.0054 5864 Point32 - ok

03:34:56.0117 5864 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

03:34:56.0163 5864 PolicyAgent - ok

03:34:56.0179 5864 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

03:34:56.0226 5864 PptpMiniport - ok

03:34:56.0631 5864 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

03:34:56.0694 5864 Processor - ok

03:34:57.0458 5864 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

03:34:57.0474 5864 ProfSvc - ok

03:34:57.0583 5864 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

03:34:57.0583 5864 ProtectedStorage - ok

03:34:58.0269 5864 ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

03:34:58.0301 5864 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning

03:34:58.0301 5864 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)

03:34:58.0332 5864 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

03:34:58.0347 5864 PSched - ok

03:34:58.0519 5864 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

03:34:58.0519 5864 PSI_SVC_2 - ok

03:34:58.0815 5864 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

03:34:58.0831 5864 PxHelp20 - ok

03:34:58.0940 5864 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

03:34:58.0987 5864 ql2300 - ok

03:34:59.0143 5864 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

03:34:59.0159 5864 ql40xx - ok

03:34:59.0814 5864 QualityManager (938a882b718866e24ca5f71dfc925866) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

03:34:59.0829 5864 QualityManager - ok

03:34:59.0876 5864 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

03:34:59.0892 5864 QWAVE - ok

03:34:59.0923 5864 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

03:34:59.0939 5864 QWAVEdrv - ok

03:35:02.0762 5864 R300 (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys

03:35:03.0215 5864 R300 - ok

03:35:03.0480 5864 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

03:35:03.0511 5864 RasAcd - ok

03:35:03.0605 5864 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

03:35:03.0651 5864 RasAuto - ok

03:35:03.0807 5864 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

03:35:03.0839 5864 Rasl2tp - ok

03:35:03.0901 5864 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

03:35:04.0010 5864 RasMan - ok

03:35:04.0057 5864 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

03:35:04.0088 5864 RasPppoe - ok

03:35:04.0197 5864 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

03:35:04.0229 5864 RasSstp - ok

03:35:04.0291 5864 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

03:35:04.0400 5864 rdbss - ok

03:35:04.0416 5864 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

03:35:04.0447 5864 RDPCDD - ok

03:35:04.0650 5864 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys

03:35:04.0806 5864 rdpdr - ok

03:35:04.0806 5864 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

03:35:04.0853 5864 RDPENCDD - ok

03:35:04.0993 5864 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys

03:35:05.0024 5864 RDPWD - ok

03:35:05.0274 5864 Remote UI Service (a8430231e1a06828210248c79755bf9c) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

03:35:05.0321 5864 Remote UI Service - ok

03:35:05.0367 5864 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

03:35:05.0399 5864 RemoteAccess - ok

03:35:05.0664 5864 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

03:35:05.0711 5864 RemoteRegistry - ok

03:35:05.0773 5864 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

03:35:05.0820 5864 RFCOMM - ok

03:35:05.0960 5864 RoxMediaDB9 (a03855ecbea2268a447d4df1caa064f5) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

03:35:06.0101 5864 RoxMediaDB9 - ok

03:35:06.0132 5864 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

03:35:06.0210 5864 RpcLocator - ok

03:35:06.0350 5864 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll

03:35:06.0381 5864 RpcSs - ok

03:35:06.0444 5864 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

03:35:06.0475 5864 rspndr - ok

03:35:06.0584 5864 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

03:35:06.0600 5864 SamSs - ok

03:35:07.0926 5864 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

03:35:08.0004 5864 sbp2port - ok

03:35:08.0035 5864 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

03:35:08.0066 5864 SCardSvr - ok

03:35:08.0519 5864 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

03:35:08.0581 5864 Schedule - ok

03:35:08.0909 5864 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

03:35:08.0924 5864 SCPolicySvc - ok

03:35:09.0236 5864 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

03:35:09.0299 5864 SDRSVC - ok

03:35:09.0314 5864 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

03:35:09.0361 5864 secdrv - ok

03:35:09.0439 5864 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

03:35:09.0455 5864 seclogon - ok

03:35:09.0486 5864 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll

03:35:09.0501 5864 SENS - ok

03:35:09.0533 5864 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

03:35:09.0579 5864 Serenum - ok

03:35:09.0657 5864 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

03:35:09.0689 5864 Serial - ok

03:35:09.0782 5864 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

03:35:09.0798 5864 sermouse - ok

03:35:09.0829 5864 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

03:35:09.0860 5864 SessionEnv - ok

03:35:09.0923 5864 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

03:35:10.0001 5864 sffdisk - ok

03:35:10.0016 5864 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

03:35:10.0047 5864 sffp_mmc - ok

03:35:10.0063 5864 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

03:35:10.0079 5864 sffp_sd - ok

03:35:10.0094 5864 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

03:35:10.0141 5864 sfloppy - ok

03:35:10.0250 5864 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

03:35:10.0297 5864 SharedAccess - ok

03:35:10.0625 5864 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

03:35:10.0656 5864 ShellHWDetection - ok

03:35:10.0687 5864 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

03:35:10.0687 5864 sisagp - ok

03:35:10.0749 5864 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

03:35:10.0765 5864 SiSRaid2 - ok

03:35:11.0233 5864 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

03:35:11.0249 5864 SiSRaid4 - ok

03:35:11.0732 5864 SkypeUpdate (b78408ba56fa554e96128d4934ab7561) C:\Program Files\Skype\Updater\Updater.exe

03:35:11.0748 5864 SkypeUpdate - ok

03:35:13.0620 5864 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

03:35:13.0963 5864 slsvc - ok

03:35:14.0119 5864 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

03:35:14.0150 5864 SLUINotify - ok

03:35:14.0275 5864 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

03:35:14.0306 5864 Smb - ok

03:35:14.0400 5864 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

03:35:14.0400 5864 SNMPTRAP - ok

03:35:14.0431 5864 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

03:35:14.0447 5864 spldr - ok

03:35:14.0509 5864 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

03:35:14.0540 5864 Spooler - ok

03:35:14.0571 5864 sprtsvc_dellsupportcenter - ok

03:35:14.0649 5864 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

03:35:14.0712 5864 srv - ok

03:35:14.0727 5864 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

03:35:14.0759 5864 srv2 - ok

03:35:14.0805 5864 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

03:35:14.0837 5864 srvnet - ok

03:35:14.0868 5864 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

03:35:14.0899 5864 SSDPSRV - ok

03:35:14.0946 5864 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

03:35:14.0961 5864 SstpSvc - ok

03:35:15.0149 5864 STacSV (b218068eba6f46f102b4218bdb81be0b) C:\Windows\system32\STacSV.exe

03:35:15.0195 5864 STacSV - ok

03:35:15.0242 5864 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys

03:35:15.0273 5864 STHDA - ok

03:35:15.0367 5864 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

03:35:15.0414 5864 stisvc - ok

03:35:15.0975 5864 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

03:35:16.0053 5864 stllssvr ( UnsignedFile.Multi.Generic ) - warning

03:35:16.0053 5864 stllssvr - detected UnsignedFile.Multi.Generic (1)

03:35:16.0069 5864 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

03:35:16.0085 5864 swenum - ok

03:35:16.0131 5864 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

03:35:16.0178 5864 swprv - ok

03:35:16.0209 5864 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

03:35:16.0209 5864 Symc8xx - ok

03:35:16.0241 5864 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

03:35:16.0256 5864 Sym_hi - ok

03:35:16.0506 5864 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

03:35:16.0553 5864 Sym_u3 - ok

03:35:16.0755 5864 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

03:35:16.0802 5864 SysMain - ok

03:35:17.0364 5864 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

03:35:17.0442 5864 TabletInputService - ok

03:35:17.0613 5864 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

03:35:17.0660 5864 TapiSrv - ok

03:35:18.0003 5864 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

03:35:18.0050 5864 TBS - ok

03:35:18.0549 5864 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys

03:35:18.0612 5864 Tcpip - ok

03:35:18.0612 5864 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys

03:35:18.0643 5864 Tcpip6 - ok

03:35:18.0846 5864 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys

03:35:18.0955 5864 tcpipreg - ok

03:35:19.0002 5864 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

03:35:19.0033 5864 TDPIPE - ok

03:35:19.0548 5864 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

03:35:19.0626 5864 TDTCP - ok

03:35:19.0704 5864 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

03:35:19.0735 5864 tdx - ok

03:35:20.0172 5864 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

03:35:20.0203 5864 TermDD - ok

03:35:21.0513 5864 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

03:35:21.0545 5864 TermService - ok

03:35:21.0857 5864 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

03:35:21.0872 5864 Themes - ok

03:35:22.0106 5864 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

03:35:22.0137 5864 THREADORDER - ok

03:35:22.0527 5864 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

03:35:22.0543 5864 TrkWks - ok

03:35:22.0949 5864 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

03:35:23.0011 5864 TrustedInstaller - ok

03:35:23.0261 5864 TSHWMDTCP (b56368b25a51cebda77e6b20764f07f2) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys

03:35:23.0276 5864 TSHWMDTCP - ok

03:35:23.0307 5864 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

03:35:23.0323 5864 tssecsrv - ok

03:35:23.0370 5864 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

03:35:23.0385 5864 tunmp - ok

03:35:23.0557 5864 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

03:35:23.0573 5864 tunnel - ok

03:35:23.0604 5864 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

03:35:23.0619 5864 uagp35 - ok

03:35:24.0805 5864 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

03:35:24.0883 5864 udfs - ok

03:35:25.0226 5864 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

03:35:25.0367 5864 UI0Detect - ok

03:35:25.0819 5864 UleadBurningHelper (be788a747457e6916586c410ec0111e7) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

03:35:25.0835 5864 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning

03:35:25.0835 5864 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)

03:35:25.0850 5864 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

03:35:25.0866 5864 uliagpkx - ok

03:35:25.0897 5864 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

03:35:25.0928 5864 uliahci - ok

03:35:25.0944 5864 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

03:35:25.0975 5864 UlSata - ok

03:35:25.0991 5864 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

03:35:26.0022 5864 ulsata2 - ok

03:35:26.0271 5864 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

03:35:26.0365 5864 umbus - ok

03:35:27.0254 5864 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

03:35:27.0285 5864 UMVPFSrv - ok

03:35:27.0379 5864 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

03:35:27.0426 5864 upnphost - ok

03:35:27.0566 5864 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys

03:35:27.0582 5864 USBAAPL - ok

03:35:27.0753 5864 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

03:35:27.0800 5864 usbaudio - ok

03:35:27.0816 5864 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

03:35:27.0831 5864 usbccgp - ok

03:35:27.0909 5864 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

03:35:27.0972 5864 usbcir - ok

03:35:28.0019 5864 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

03:35:28.0050 5864 usbehci - ok

03:35:28.0081 5864 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

03:35:28.0128 5864 usbhub - ok

03:35:28.0268 5864 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

03:35:28.0315 5864 usbohci - ok

03:35:28.0565 5864 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

03:35:28.0643 5864 usbprint - ok

03:35:28.0674 5864 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

03:35:28.0689 5864 usbscan - ok

03:35:28.0721 5864 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

03:35:28.0752 5864 USBSTOR - ok

03:35:28.0830 5864 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

03:35:28.0892 5864 usbuhci - ok

03:35:29.0048 5864 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

03:35:29.0095 5864 usbvideo - ok

03:35:29.0220 5864 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

03:35:29.0267 5864 UxSms - ok

03:35:29.0329 5864 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

03:35:29.0376 5864 vds - ok

03:35:29.0563 5864 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

03:35:29.0594 5864 vga - ok

03:35:29.0688 5864 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

03:35:29.0719 5864 VgaSave - ok

03:35:29.0844 5864 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

03:35:29.0859 5864 viaagp - ok

03:35:29.0891 5864 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

03:35:29.0937 5864 ViaC7 - ok

03:35:29.0953 5864 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys

03:35:29.0969 5864 viaide - ok

03:35:30.0015 5864 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

03:35:30.0031 5864 volmgr - ok

03:35:30.0109 5864 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

03:35:30.0140 5864 volmgrx - ok

03:35:30.0156 5864 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

03:35:30.0171 5864 volsnap - ok

03:35:30.0218 5864 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

03:35:30.0234 5864 vsmraid - ok

03:35:30.0421 5864 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

03:35:30.0483 5864 VSS - ok

03:35:30.0546 5864 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

03:35:30.0561 5864 W32Time - ok

03:35:30.0608 5864 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

03:35:30.0671 5864 WacomPen - ok

03:35:30.0749 5864 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

03:35:30.0780 5864 Wanarp - ok

03:35:30.0780 5864 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

03:35:30.0795 5864 Wanarpv6 - ok

03:35:31.0107 5864 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

03:35:31.0139 5864 wcncsvc - ok

03:35:31.0154 5864 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

03:35:31.0170 5864 WcsPlugInService - ok

03:35:31.0201 5864 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

03:35:31.0217 5864 Wd - ok

03:35:31.0388 5864 Wdf01000 (6d77ff2224d2d3984760acbdf4024a7b) C:\Windows\system32\drivers\Wdf01000.sys

03:35:31.0419 5864 Wdf01000 - ok

03:35:31.0560 5864 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

03:35:31.0607 5864 WdiServiceHost - ok

03:35:31.0607 5864 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

03:35:31.0622 5864 WdiSystemHost - ok

03:35:31.0903 5864 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

03:35:31.0965 5864 WebClient - ok

03:35:32.0059 5864 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

03:35:32.0090 5864 Wecsvc - ok

03:35:32.0121 5864 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

03:35:32.0137 5864 wercplsupport - ok

03:35:32.0277 5864 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

03:35:32.0309 5864 WerSvc - ok

03:35:32.0355 5864 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

03:35:32.0449 5864 winachsf - ok

03:35:32.0605 5864 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

03:35:32.0621 5864 WinDefend - ok

03:35:32.0636 5864 WinHttpAutoProxySvc - ok

03:35:32.0808 5864 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

03:35:32.0839 5864 Winmgmt - ok

03:35:33.0276 5864 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

03:35:33.0416 5864 WinRM - ok

03:35:33.0463 5864 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS

03:35:33.0494 5864 WinUsb - ok

03:35:33.0759 5864 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

03:35:33.0993 5864 Wlansvc - ok

03:35:34.0087 5864 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe

03:35:34.0134 5864 WLSetupSvc - ok

03:35:34.0243 5864 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys

03:35:34.0321 5864 WmiAcpi - ok

03:35:35.0023 5864 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

03:35:35.0039 5864 wmiApSrv - ok

03:35:35.0538 5864 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

03:35:35.0631 5864 WMPNetworkSvc - ok

03:35:35.0741 5864 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

03:35:35.0943 5864 WPCSvc - ok

03:35:36.0053 5864 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

03:35:36.0084 5864 WPDBusEnum - ok

03:35:36.0287 5864 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

03:35:36.0302 5864 WpdUsb - ok

03:35:37.0020 5864 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

03:35:37.0082 5864 WPFFontCache_v0400 - ok

03:35:37.0113 5864 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

03:35:37.0176 5864 ws2ifsl - ok

03:35:37.0394 5864 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll

03:35:37.0457 5864 wscsvc - ok

03:35:37.0457 5864 WSearch - ok

03:35:39.0329 5864 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

03:35:39.0407 5864 wuauserv - ok

03:35:39.0594 5864 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

03:35:39.0625 5864 WUDFRd - ok

03:35:39.0641 5864 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

03:35:39.0656 5864 wudfsvc - ok

03:35:39.0672 5864 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

03:35:39.0687 5864 XAudio - ok

03:35:39.0828 5864 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe

03:35:39.0843 5864 XAudioService - ok

03:35:39.0890 5864 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

03:35:42.0698 5864 \Device\Harddisk0\DR0 - ok

03:35:42.0729 5864 Boot (0x1200) (d0d29085c473dde9834ae998bdea2ccd) \Device\Harddisk0\DR0\Partition0

03:35:42.0729 5864 \Device\Harddisk0\DR0\Partition0 - ok

03:35:42.0745 5864 Boot (0x1200) (ea07d837ea9b04a97b59cf3cef733953) \Device\Harddisk0\DR0\Partition1

03:35:42.0745 5864 \Device\Harddisk0\DR0\Partition1 - ok

03:35:42.0761 5864 ============================================================

03:35:42.0761 5864 Scan finished

03:35:42.0761 5864 ============================================================

03:35:42.0761 5856 Detected object count: 9

03:35:42.0761 5856 Actual detected object count: 9

03:36:06.0847 5856 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - skipped by user

03:36:06.0847 5856 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:36:06.0863 5856 DQLWinService ( UnsignedFile.Multi.Generic ) - skipped by user

03:36:06.0863 5856 DQLWinService ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:36:06.0863 5856 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

03:36:06.0863 5856 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:36:06.0863 5856 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user

03:36:06.0863 5856 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:36:06.0863 5856 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

03:36:06.0863 5856 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:36:06.0863 5856 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user

03:36:06.0863 5856 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:36:06.0863 5856 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user

03:36:06.0863 5856 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:36:06.0863 5856 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user

03:36:06.0863 5856 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:36:06.0863 5856 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user

03:36:06.0863 5856 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

  • Staff

Greetings

That is fine go ahead and At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

I was able to run aswMBR. I think that, before, my screen saver (or power management) was interfering with it for some reason. I turned off power management and it worked. Here is the report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-19 04:36:21

-----------------------------

04:36:21.769 OS Version: Windows 6.0.6002 Service Pack 2

04:36:21.769 Number of processors: 4 586 0xF0B

04:36:21.769 ComputerName: DESKTOP UserName: James

04:36:23.578 Initialize success

04:36:33.921 AVAST engine defs: 12061802

04:36:44.935 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"

04:37:04.381 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

04:37:04.381 Disk 0 Vendor: ST350063 3.AD Size: 476940MB BusType: 3

04:37:04.397 Disk 0 MBR read successfully

04:37:04.397 Disk 0 MBR scan

04:37:04.413 Disk 0 Windows VISTA default MBR code

04:37:04.413 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63

04:37:04.475 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640

04:37:04.491 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461524 MB offset 31569920

04:37:04.537 Disk 0 scanning sectors +976771072

04:37:04.693 Disk 0 scanning C:\Windows\system32\drivers

04:37:36.342 Service scanning

04:37:54.141 Service MpKslfbfbde8a c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F72AFF7A-B375-400B-8A5D-D9F17C59D24B}\MpKslfbfbde8a.sys **LOCKED** 32

04:38:18.493 Modules scanning

04:38:45.092 Disk 0 trace - called modules:

04:38:45.124 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll

04:38:45.124 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867dbac8]

04:38:45.124 3 CLASSPNP.SYS[8a9a98b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x85b4b028]

04:38:46.387 AVAST engine scan C:\Windows

04:39:08.664 AVAST engine scan C:\Windows\system32

04:48:24.431 AVAST engine scan C:\Windows\system32\drivers

04:49:04.445 AVAST engine scan C:\Users\James

05:47:12.502 AVAST engine scan C:\ProgramData

06:00:27.140 Scan finished successfully

06:04:26.358 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"

06:04:26.405 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"

Should I still run that CFScript you mentioned in the previous message?

Again, thank you so much for all the help!

Link to post
Share on other sites

I tried to run combofix with the script as you instructed. Combofix said that it had to update itself, then it seemed to do so and then it said "cannot find combofix on this computer" and then everything froze. So I tried to reboot the computer. The computer reboots in both safe mode with networking and normal mode, but I cannot get internet connectivity -- it's stuck at "identifying" and "local access only" in both modes.

Only that computer is having the connectivity problem so I don't think it's the ISP this time. Please help!

Link to post
Share on other sites

  • Staff

Hello

go ahead and delete the combofix you have now and download a new one from the links below - if you need to download from another computer and move it to this one

update combofix

  • Delete the version of combofix you have now on your desktop and download a new one from here
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Ok. Whew. I downloaded combofix to another computer and then brought it to the afflicted computer with a thumb drive. Everything ran fine and I have my connectivity back. Thank you!

Here is the log:

ComboFix 12-06-19.03 - James 06/19/2012 17:25:06.1.4 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2499 [GMT -4:00]

Running from: c:\users\James\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

.

2012-06-19 21:43 . 2012-06-19 21:43 -------- d-----w- c:\users\James\AppData\Local\temp

2012-06-19 21:43 . 2012-06-19 21:43 -------- d-----w- c:\users\Kimberly\AppData\Local\temp

2012-06-19 21:43 . 2012-06-19 21:43 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2012-06-19 21:43 . 2012-06-19 21:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-18 14:21 . 2012-06-18 14:21 -------- d-----w- C:\_OTL

2012-06-17 22:36 . 2012-06-17 22:36 -------- d-----w- C:\found.000

2012-06-17 20:17 . 2012-06-17 20:17 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes

2012-06-17 20:17 . 2012-06-17 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-17 20:17 . 2012-06-17 20:17 -------- d-----w- c:\programdata\Malwarebytes

2012-06-17 20:17 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-12 22:29 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-06-12 22:29 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2012-06-12 22:29 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-12 22:29 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-06-12 22:29 . 2012-05-17 22:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-12 22:28 . 2012-05-17 22:35 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-12 22:28 . 2012-05-17 23:21 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2012-06-12 22:28 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-12 22:28 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-06-12 22:28 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-06-12 22:28 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-12 22:15 . 2012-02-10 09:45 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D147F1FD-FDB8-4B26-B48F-BDAAE975954C}\gapaengine.dll

2012-06-12 22:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-12 22:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-12 22:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-12 22:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-12 22:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-12 21:59 . 2012-04-05 16:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-12 21:59 . 2011-05-18 19:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-03 08:16 . 2012-05-10 05:45 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-10 05:45 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39 . 2012-05-10 05:45 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-29 13:39 . 2012-05-10 05:45 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]

"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

.

c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-21 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]

2009-04-06 20:35 247296 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

2007-05-25 06:03 17920 ---ha-w- c:\dell\E-Center\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2008-02-22 02:15 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GuideMenu]

2007-08-07 21:01 1282048 ----a-w- c:\program files\Corel\Corel GuideMenu\GuideMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2007-09-17 13:07 81920 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]

2007-09-17 13:07 86016 ----a-w- c:\windows\System32\nvsvc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-06-05 20:04 17345712 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]

2009-12-17 10:42 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 17:42]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 17:42]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.98.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-19 17:43

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,2a,4e,f8,87,89,6c,4f,a4,fe,ae,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,2a,4e,f8,87,89,6c,4f,a4,fe,ae,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-06-19 17:46:46

ComboFix-quarantined-files.txt 2012-06-19 21:46

ComboFix2.txt 2012-06-19 05:43

.

Pre-Run: 208,600,162,304 bytes free

Post-Run: 208,665,833,472 bytes free

.

- - End Of File - - B4378B20AE616ADF4E4DA5DB955F2AB6

Should I still run the script from earlier?

Link to post
Share on other sites

I ran the script and here is the report:

ComboFix 12-06-19.03 - James 06/19/2012 19:30:28.1.4 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2420 [GMT -4:00]

Running from: c:\users\James\Desktop\ComboFix.exe

Command switches used :: c:\users\James\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

.

2012-06-19 23:44 . 2012-06-19 23:44 -------- d-----w- c:\users\James\AppData\Local\temp

2012-06-19 23:44 . 2012-06-19 23:44 -------- d-----w- c:\users\Kimberly\AppData\Local\temp

2012-06-19 23:44 . 2012-06-19 23:44 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2012-06-19 23:44 . 2012-06-19 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-19 21:49 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCB76D0-FE28-4DFC-9DAF-D538729CB2DA}\mpengine.dll

2012-06-19 05:46 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-18 14:21 . 2012-06-18 14:21 -------- d-----w- C:\_OTL

2012-06-17 22:36 . 2012-06-17 22:36 -------- d-----w- C:\found.000

2012-06-17 20:17 . 2012-06-17 20:17 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes

2012-06-17 20:17 . 2012-06-17 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-17 20:17 . 2012-06-17 20:17 -------- d-----w- c:\programdata\Malwarebytes

2012-06-17 20:17 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-12 22:29 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-06-12 22:29 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2012-06-12 22:29 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-12 22:29 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-06-12 22:29 . 2012-05-17 22:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-12 22:28 . 2012-05-17 22:35 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-12 22:28 . 2012-05-17 23:21 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2012-06-12 22:28 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-12 22:28 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-06-12 22:28 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-06-12 22:28 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-12 22:15 . 2012-02-10 09:45 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D147F1FD-FDB8-4B26-B48F-BDAAE975954C}\gapaengine.dll

2012-06-12 22:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-12 22:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-12 22:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-12 22:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-12 22:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-12 21:59 . 2012-04-05 16:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-12 21:59 . 2011-05-18 19:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-03 08:16 . 2012-05-10 05:45 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-10 05:45 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39 . 2012-05-10 05:45 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-29 13:39 . 2012-05-10 05:45 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]

"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

.

c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-21 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]

2009-04-06 20:35 247296 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

2007-05-25 06:03 17920 ---ha-w- c:\dell\E-Center\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2008-02-22 02:15 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GuideMenu]

2007-08-07 21:01 1282048 ----a-w- c:\program files\Corel\Corel GuideMenu\GuideMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2007-09-17 13:07 81920 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]

2007-09-17 13:07 86016 ----a-w- c:\windows\System32\nvsvc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-06-05 20:04 17345712 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]

2009-12-17 10:42 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 17:42]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 17:42]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.98.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-19 19:44

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,2a,4e,f8,87,89,6c,4f,a4,fe,ae,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,2a,4e,f8,87,89,6c,4f,a4,fe,ae,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-06-19 19:46:59

ComboFix-quarantined-files.txt 2012-06-19 23:46

ComboFix2.txt 2012-06-19 21:46

ComboFix3.txt 2012-06-19 05:43

.

Pre-Run: 279,714,799,616 bytes free

Post-Run: 279,655,690,240 bytes free

.

- - End Of File - - B6F2C4C89540200EECFAAC04C670D0DD

Link to post
Share on other sites

By the way, is there a reason why combofix keeps saying I have Microsoft Security Essentials active even though the realtime protection is turned off? It scares me a little each time I run combofix, because it warns of "unpredictable" results if I continue without deactivating MSE.

Also, should I update my Java and Adobe Acrobat? I think Essential Security found these to be outdated.

I thik I got this HDD Scan malware while browsing an unfamiliar site through IE. I was looking at an article on this site, ran a product review video clip on it and then IE shut down. When I restarted IE and asked it restore previously viewed sites, that's when the symptoms of the malware showed up. Would it be helpful from now on to have my IE security level at default (medium-high) AND turn Protection Mode on?

Thank you again for all your help. So far the computer seems to be working normally as far as I could tell.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.