Controlled Remotely

[DocHappy]

Hello there!

I seem to have an issue that I am unable to resolve. I have devices installing themselves, seem to have a tunnel setup that I didnt create, and there are a lot of garbage files that just keep coming back regardless. The issue, whatever it is, uses MS files so it is hard to detect. any help would be extremely appreciated! Logs are attached.

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by Nurse at 7:51:13.24 on Fri 01/28/2011

Internet Explorer: 9.0.7930.16406

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8159.6248 [GMT -8:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\vfsFPService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe

C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\system32\mmc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

D:\Utilities\Misc\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll

EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

uRun: [Norton Download Manager{NBRT35-B23-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NBRT35-B23-4abb-B07C-C084B04B4F12}\NBRT-Retail-Downloader.exe /m

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File

mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

mRun-x64: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

mRun-x64: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2011-1-28 433200]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2011-1-28 221232]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-1-14 953904]

R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2011-1-28 615040]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110127.001\IDSviA64.sys [2011-1-28 476792]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2011-1-28 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2011-1-28 451120]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-1-28 363344]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2011-1-28 126392]

R2 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-4-27 717104]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-1-28 228408]

R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2007-4-25 36864]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-1-28 24152]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]

S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-1-28 145496]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-28 1255736]

=============== Created Last 30 ================

2011-01-28 15:14:20 53808 ----a-r- C:\Windows\System32\drivers\SymIMV.sys

2011-01-28 15:02:13 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-01-28 15:02:02 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{88B1EDC7-B6B2-44C9-9501-7EA658D0FACB}\mpengine.dll

2011-01-28 14:47:09 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtsp64.sys

2011-01-28 14:47:09 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys

2011-01-28 14:47:09 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys

2011-01-28 14:47:09 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtspx64.sys

2011-01-28 14:47:09 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys

2011-01-28 14:47:08 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys

2011-01-28 14:47:08 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys

2011-01-28 14:46:35 -------- d-----w- C:\Windows\System32\drivers\N360x64\0403000.005

2011-01-28 14:32:50 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys

2011-01-28 14:32:50 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll

2011-01-28 14:32:50 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll

2011-01-28 14:32:46 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-01-28 14:32:46 -------- d-----w- C:\Program Files\Symantec

2011-01-28 14:32:46 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2011-01-28 14:32:13 -------- d-----w- C:\Windows\System32\drivers\N360x64

2011-01-28 14:32:12 -------- d-----w- C:\Program Files (x86)\Norton 360

2011-01-28 12:41:01 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2011-01-28 12:19:01 -------- d-----w- C:\Users\Nurse\AppData\Roaming\Tific

2011-01-28 12:13:42 -------- d-----w- C:\Users\Nurse\AppData\Local\Diagnostics

2011-01-28 11:37:17 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{CDCF4D72-672E-4B77-A4AC-6B2AFB5B3FD1}\gapaengine.dll

2011-01-28 11:21:23 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-01-28 11:21:05 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-01-28 11:20:47 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-01-28 11:20:24 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2011-01-28 11:08:37 2381824 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-01-28 11:08:37 2381824 ----a-w- C:\Windows\System32\mshtml.tlb

2011-01-28 11:08:36 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-01-28 11:08:36 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-01-28 11:00:24 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2011-01-28 11:00:24 -------- d-----w- C:\PROGRA~3\NortonInstaller

2011-01-28 10:53:01 -------- d-----w- C:\Program Files\Microsoft IntelliPoint

2011-01-28 10:52:57 -------- d-----w- C:\Windows\PCHEALTH

2011-01-28 10:49:29 899072 ----a-w- C:\Windows\System32\d2d1.dll

2011-01-28 10:49:29 737280 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-01-28 10:49:29 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2011-01-28 10:49:29 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2011-01-28 10:49:29 1844224 ----a-w- C:\Windows\System32\d3d10warp.dll

2011-01-28 10:49:29 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2011-01-28 10:49:29 1137664 ----a-w- C:\Windows\System32\FntCache.dll

2011-01-28 10:49:28 1543168 ----a-w- C:\Windows\System32\DWrite.dll

2011-01-28 10:49:28 1076224 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-01-28 10:48:55 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll

2011-01-28 10:48:54 466432 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-01-28 10:48:54 279552 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-01-28 10:48:54 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2011-01-28 10:48:05 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll

2011-01-28 10:48:04 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll

2011-01-28 10:47:56 -------- d-----w- C:\Program Files (x86)\Feedback Tool

2011-01-28 10:44:58 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-01-28 10:41:16 -------- d-----w- C:\PROGRA~3\Norton

2011-01-28 10:41:13 -------- d-----w- C:\Users\Nurse\AppData\Local\NPE

2011-01-28 10:33:57 -------- d-----w- C:\Users\Nurse\AppData\Local\Windows Live

2011-01-28 10:33:52 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2011-01-28 10:32:58 206848 ----a-w- C:\Windows\System32\mfps.dll

2011-01-28 10:32:57 4068864 ----a-w- C:\Windows\System32\mf.dll

2011-01-28 10:32:57 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

2011-01-28 10:32:57 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

2011-01-28 10:32:57 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2011-01-28 10:32:57 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2011-01-28 10:32:56 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

2011-01-28 10:30:23 -------- d-----w- C:\Users\Nurse\AppData\Local\WindowsUpdate

2011-01-28 10:22:31 -------- d-----w- C:\Users\Nurse\AppData\Roaming\Malwarebytes

2011-01-28 10:22:24 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-28 10:22:24 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-01-28 10:22:21 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-01-28 10:22:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-01-28 10:15:36 -------- d-----w- C:\Users\Nurse\AppData\Roaming\hpqLog

2011-01-28 10:15:16 18432 ----a-w- C:\Windows\System32\drivers\HpqKbFiltr.sys

2011-01-28 10:15:15 1919968 ----a-w- C:\Windows\System32\drivers\wdfcoinstaller01005.dll

2011-01-28 10:15:14 1885488 ----a-w- C:\Windows\SysWow64\BttnCmns.dll

2011-01-28 10:15:14 1885488 ----a-r- C:\Windows\SysWow64\BttnCmn.dll

2011-01-28 10:11:33 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll

2011-01-28 10:11:31 -------- d-----w- C:\Program Files\Broadcom

2011-01-28 10:05:14 -------- d-----w- C:\PROGRA~3\Trend Micro

2011-01-28 09:57:18 131 ----a-w- C:\Windows\xUninstall.bat

2011-01-28 09:57:15 145496 ----a-w- C:\Windows\System32\drivers\jmcr.sys

2011-01-28 09:56:50 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2011-01-28 09:56:50 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2011-01-28 09:56:50 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2011-01-28 09:56:50 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2011-01-28 09:56:49 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2011-01-28 09:56:49 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2011-01-28 09:56:49 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2011-01-28 09:56:48 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2011-01-28 09:56:48 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2011-01-28 09:55:21 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2011-01-28 09:55:17 -------- d-----w- C:\Intel

2011-01-28 09:49:33 -------- d-----w- C:\Program Files\Validity Sensors, Inc

2011-01-28 09:22:22 -------- d-----w- C:\system.sav

2011-01-28 09:21:52 -------- d-----w- C:\Program Files\Synaptics

2011-01-28 09:19:49 -------- d-----w- C:\Program Files\IDT

2011-01-28 09:19:47 90624 ----a-w- C:\Windows\System32\AESTCo64.dll

2011-01-28 09:19:47 68608 ----a-w- C:\Windows\System32\AESTAR64.dll

2011-01-28 09:19:47 564224 ----a-w- C:\Windows\System32\idt64mp1.exe

2011-01-28 09:19:47 487424 ----a-w- C:\Windows\sttray64.exe

2011-01-28 09:19:47 442368 ----a-w- C:\Windows\System32\AESTEC64.dll

2011-01-28 09:19:47 3348480 ----a-w- C:\Windows\System32\stlang64.dll

2011-01-28 09:19:47 162816 ----a-w- C:\Windows\System32\AESTAC64.dll

2011-01-28 09:19:47 12772352 ----a-w- C:\Windows\System32\idtcpl64.cpl

2011-01-28 09:19:46 -------- d-----w- C:\Windows\System32\SRSLabs

2011-01-28 09:19:45 -------- d-----w- C:\Users\Nurse\AppData\Local\ElevatedDiagnostics

2011-01-28 09:16:36 -------- d-----w- C:\Windows\SysWow64\Wat

2011-01-28 09:16:35 -------- d-----w- C:\Windows\System32\Wat

2011-01-28 09:12:15 -------- d-----w- C:\Windows\JMCR_DIR

2011-01-28 09:12:09 109568 ----a-w- C:\Windows\SysWow64\JmCrIcon.dll

2011-01-28 09:12:09 109568 ----a-w- C:\Windows\System32\JmCrIcon.dll

2011-01-28 09:12:08 -------- d-----w- C:\Drivers

2011-01-28 08:41:19 311808 ----a-w- C:\Windows\System32\msv1_0.dll

2011-01-28 08:41:19 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2011-01-28 08:40:19 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{41B9BDB8-34AC-46D4-BC08-C40FE18C579F}\mpengine.dll

2011-01-28 08:36:37 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

2011-01-28 08:36:37 109056 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2011-01-28 08:34:58 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2011-01-28 08:34:58 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2011-01-28 08:34:58 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2011-01-28 08:34:58 444752 ----a-w- C:\Windows\System32\mscoree.dll

2011-01-28 08:34:58 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2011-01-28 08:34:58 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2011-01-28 08:34:58 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2011-01-28 08:34:58 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-01-28 08:34:58 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-01-28 08:34:58 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2011-01-28 08:29:27 -------- d-sh--w- C:\Windows\Installer

2011-01-28 08:29:23 637544 ----a-w- C:\Windows\System32\nvuninst.exe

2011-01-28 08:26:59 633856 ----a-w- C:\Windows\System32\comctl32.dll

2011-01-28 08:24:46 720896 ----a-w- C:\Windows\System32\odbc32.dll

2011-01-28 08:15:53 139264 ----a-w- C:\Windows\System32\cabview.dll

2011-01-28 08:15:53 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2011-01-28 08:15:51 220672 ----a-w- C:\Windows\System32\wintrust.dll

2011-01-28 08:15:51 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2011-01-28 04:18:04 -------- d-----w- C:\SS

2011-01-28 03:18:36 -------- d-----w- C:\Windows\System32\SPReview

2011-01-28 02:57:14 -------- d-----w- C:\Windows\System32\EventProviders

2011-01-28 02:20:31 -------- d-----w- C:\Windows\Panther

2011-01-28 02:20:23 -------- d-sh--w- C:\Boot

==================== Find3M ====================

2011-01-28 09:45:28 36864 ----a-w- C:\Windows\System32\drivers\enecir.sys

2011-01-28 03:23:52 175104 ----a-w- C:\Windows\System32\msclmd.dll

2011-01-28 03:23:52 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll

2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll

2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll

2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll

2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe

2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe

2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

============= FINISH: 7:51:59.89 ===============

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5629

Windows 6.1.7600

Internet Explorer 9.0.7930.16406

1/28/2011 8:38:45 AM

mbam-log-2011-01-28 (08-38-45).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)

Objects scanned: 233299

Time elapsed: 28 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thank you!

Attach.zip

ark.txt

[LDTate]

Please don't attach the scans / logs, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Looks like you're running 2 anti-virus programs.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove either:

Norton 360

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

[DocHappy]

As suggested....

1. I have uninstalled Norton 360

2. Reboot

3. Ran ATF

4. Ran DDS, both logs are included.

How to how the PC is running now...

When I boot normally there are several devices that install or try to install. Some I can stop and others install themselves, like tunnel adapters, several isatapi adapers, and keyboard filters. There is a device with crazy text and pipe this and that, which requires my permission so I deny it every time, that tries to install as well. The last popup message displayed:

C:\Windows\System32\NewDev.exe "000000001" \\.\pipe\pnp_device_install_pipe_1.{151c17a}"usb\vid_045e&pid_0745&mi_01\b&2f604"

If I block all access to the internet, at least that is when it seems to happen, and I boot the desktop will not load for admins. I am able to get to task manager or the command prompt, and I can see the drives using explorer, but I am unable to run anything. I get errors like remote location is unavailable, unable to access the device/path, or I dont have the appropriate permissions. Logging in with a limited user the desktop loads but I get the same messages and am unable to run anything as admin nor do any shortcuts work.

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by Nurse at 16:20:08.58 on Mon 01/31/2011

Internet Explorer: 9.0.7930.16406

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8159.6487 [GMT -8:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\mmc.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Nurse\Downloads\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File

mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

mRun-x64: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

mRun-x64: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-1-28 363344]

R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2007-4-25 36864]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-1-28 24152]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-10-2 6952960]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-1-28 228408]

S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-1-28 145496]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-28 1255736]

S4 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-4-27 717104]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-01-31 00:28:32 -------- d-----w- C:\Users\Nurse\DoctorWeb

2011-01-31 00:26:45 -------- d-sh--w- C:\$RECYCLE.BIN

2011-01-31 00:18:41 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{0A882D4D-1ABF-47C6-AF62-554787CA4809}\mpengine.dll

2011-01-31 00:08:58 98816 ----a-w- C:\Windows\sed.exe

2011-01-31 00:08:58 89088 ----a-w- C:\Windows\MBR.exe

2011-01-31 00:08:58 256512 ----a-w- C:\Windows\PEV.exe

2011-01-31 00:08:58 161792 ----a-w- C:\Windows\SWREG.exe

2011-01-30 13:37:19 -------- d-----w- C:\Users\Nurse\AppData\Roaming\iolo

2011-01-30 13:37:19 -------- d-----w- C:\PROGRA~3\iolo

2011-01-30 13:26:51 -------- d-----w- C:\Users\Nurse\AppData\Local\Symantec

2011-01-30 11:48:32 -------- d-----w- C:\Users\Nurse\AppData\Local\CrashDumps

2011-01-30 11:32:15 -------- d-----w- C:\Windows\en

2011-01-30 11:30:31 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-01-28 15:02:13 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-01-28 12:41:01 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2011-01-28 12:19:01 -------- d-----w- C:\Users\Nurse\AppData\Roaming\Tific

2011-01-28 12:13:42 -------- d-----w- C:\Users\Nurse\AppData\Local\Diagnostics

2011-01-28 11:37:17 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{CDCF4D72-672E-4B77-A4AC-6B2AFB5B3FD1}\gapaengine.dll

2011-01-28 11:21:23 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-01-28 11:21:05 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-01-28 11:20:47 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-01-28 11:20:24 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2011-01-28 11:08:37 2381824 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-01-28 11:08:37 2381824 ----a-w- C:\Windows\System32\mshtml.tlb

2011-01-28 11:08:36 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-01-28 11:08:36 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-01-28 11:00:24 -------- d-----w- C:\PROGRA~3\NortonInstaller

2011-01-28 10:53:01 -------- d-----w- C:\Program Files\Microsoft IntelliPoint

2011-01-28 10:52:57 -------- d-----w- C:\Windows\PCHEALTH

2011-01-28 10:49:29 899072 ----a-w- C:\Windows\System32\d2d1.dll

2011-01-28 10:49:29 737280 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-01-28 10:49:29 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2011-01-28 10:49:29 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2011-01-28 10:49:29 1844224 ----a-w- C:\Windows\System32\d3d10warp.dll

2011-01-28 10:49:29 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2011-01-28 10:49:29 1137664 ----a-w- C:\Windows\System32\FntCache.dll

2011-01-28 10:49:28 1543168 ----a-w- C:\Windows\System32\DWrite.dll

2011-01-28 10:49:28 1076224 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-01-28 10:48:55 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll

2011-01-28 10:48:54 466432 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-01-28 10:48:54 279552 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-01-28 10:48:54 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2011-01-28 10:48:05 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll

2011-01-28 10:48:04 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll

2011-01-28 10:47:56 -------- d-----w- C:\Program Files (x86)\Feedback Tool

2011-01-28 10:44:58 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-01-28 10:41:16 -------- d-----w- C:\PROGRA~3\Norton

2011-01-28 10:41:13 -------- d-----w- C:\Users\Nurse\AppData\Local\NPE

2011-01-28 10:33:57 -------- d-----w- C:\Users\Nurse\AppData\Local\Windows Live

2011-01-28 10:33:52 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2011-01-28 10:32:58 206848 ----a-w- C:\Windows\System32\mfps.dll

2011-01-28 10:32:57 4068864 ----a-w- C:\Windows\System32\mf.dll

2011-01-28 10:32:57 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

2011-01-28 10:32:57 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

2011-01-28 10:32:57 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2011-01-28 10:32:57 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2011-01-28 10:32:56 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

2011-01-28 10:30:23 -------- d-----w- C:\Users\Nurse\AppData\Local\WindowsUpdate

2011-01-28 10:22:31 -------- d-----w- C:\Users\Nurse\AppData\Roaming\Malwarebytes

2011-01-28 10:22:24 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-28 10:22:24 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-01-28 10:22:21 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-01-28 10:22:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-01-28 10:15:36 -------- d-----w- C:\Users\Nurse\AppData\Roaming\hpqLog

2011-01-28 10:15:16 18432 ----a-w- C:\Windows\System32\drivers\HpqKbFiltr.sys

2011-01-28 10:15:15 1919968 ----a-w- C:\Windows\System32\drivers\wdfcoinstaller01005.dll

2011-01-28 10:15:14 1885488 ----a-w- C:\Windows\SysWow64\BttnCmns.dll

2011-01-28 10:15:14 1885488 ----a-r- C:\Windows\SysWow64\BttnCmn.dll

2011-01-28 10:11:33 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll

2011-01-28 10:11:31 -------- d-----w- C:\Program Files\Broadcom

2011-01-28 10:05:14 -------- d-----w- C:\PROGRA~3\Trend Micro

2011-01-28 09:57:18 131 ----a-w- C:\Windows\xUninstall.bat

2011-01-28 09:57:15 145496 ----a-w- C:\Windows\System32\drivers\jmcr.sys

2011-01-28 09:56:50 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2011-01-28 09:56:50 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2011-01-28 09:56:50 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2011-01-28 09:56:50 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2011-01-28 09:56:49 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2011-01-28 09:56:49 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2011-01-28 09:56:49 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2011-01-28 09:56:48 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2011-01-28 09:56:48 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2011-01-28 09:55:21 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2011-01-28 09:55:17 -------- d-----w- C:\Intel

2011-01-28 09:49:33 -------- d-----w- C:\Program Files\Validity Sensors, Inc

2011-01-28 09:22:22 -------- d-----w- C:\system.sav

2011-01-28 09:21:52 -------- d-----w- C:\Program Files\Synaptics

2011-01-28 09:19:49 -------- d-----w- C:\Program Files\IDT

2011-01-28 09:19:47 90624 ----a-w- C:\Windows\System32\AESTCo64.dll

2011-01-28 09:19:47 68608 ----a-w- C:\Windows\System32\AESTAR64.dll

2011-01-28 09:19:47 564224 ----a-w- C:\Windows\System32\idt64mp1.exe

2011-01-28 09:19:47 487424 ----a-w- C:\Windows\sttray64.exe

2011-01-28 09:19:47 442368 ----a-w- C:\Windows\System32\AESTEC64.dll

2011-01-28 09:19:47 3348480 ----a-w- C:\Windows\System32\stlang64.dll

2011-01-28 09:19:47 162816 ----a-w- C:\Windows\System32\AESTAC64.dll

2011-01-28 09:19:47 12772352 ----a-w- C:\Windows\System32\idtcpl64.cpl

2011-01-28 09:19:46 -------- d-----w- C:\Windows\System32\SRSLabs

2011-01-28 09:19:45 -------- d-----w- C:\Users\Nurse\AppData\Local\ElevatedDiagnostics

2011-01-28 09:16:36 -------- d-----w- C:\Windows\SysWow64\Wat

2011-01-28 09:16:35 -------- d-----w- C:\Windows\System32\Wat

2011-01-28 09:12:15 -------- d-----w- C:\Windows\JMCR_DIR

2011-01-28 09:12:09 109568 ----a-w- C:\Windows\SysWow64\JmCrIcon.dll

2011-01-28 09:12:09 109568 ----a-w- C:\Windows\System32\JmCrIcon.dll

2011-01-28 09:12:08 -------- d-----w- C:\Drivers

2011-01-28 08:41:19 311808 ----a-w- C:\Windows\System32\msv1_0.dll

2011-01-28 08:41:19 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2011-01-28 08:40:19 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{41B9BDB8-34AC-46D4-BC08-C40FE18C579F}\mpengine.dll

2011-01-28 08:36:37 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

2011-01-28 08:36:37 109056 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2011-01-28 08:34:58 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2011-01-28 08:34:58 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2011-01-28 08:34:58 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2011-01-28 08:34:58 444752 ----a-w- C:\Windows\System32\mscoree.dll

2011-01-28 08:34:58 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2011-01-28 08:34:58 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2011-01-28 08:34:58 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2011-01-28 08:34:58 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-01-28 08:34:58 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-01-28 08:34:58 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2011-01-28 08:29:27 -------- d-sh--w- C:\Windows\Installer

2011-01-28 08:29:23 637544 ----a-w- C:\Windows\System32\nvuninst.exe

2011-01-28 08:26:59 633856 ----a-w- C:\Windows\System32\comctl32.dll

2011-01-28 08:24:46 720896 ----a-w- C:\Windows\System32\odbc32.dll

2011-01-28 08:15:53 139264 ----a-w- C:\Windows\System32\cabview.dll

2011-01-28 08:15:53 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2011-01-28 08:15:51 220672 ----a-w- C:\Windows\System32\wintrust.dll

2011-01-28 08:15:51 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2011-01-28 04:18:04 -------- d-----w- C:\SS

2011-01-28 03:18:36 -------- d-----w- C:\Windows\System32\SPReview

2011-01-28 02:57:14 -------- d-----w- C:\Windows\System32\EventProviders

2011-01-28 02:20:31 -------- d-----w- C:\Windows\Panther

2011-01-28 02:20:23 -------- d-----w- C:\Boot

==================== Find3M ====================

2011-01-28 09:45:28 36864 ----a-w- C:\Windows\System32\drivers\enecir.sys

2011-01-28 03:23:52 175104 ----a-w- C:\Windows\System32\msclmd.dll

2011-01-28 03:23:52 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll

2010-11-10 10:28:46 301936 ----a-w- C:\Windows\WLXPGSS.SCR

============= FINISH: 16:20:32.45 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 1/27/2011 6:29:37 PM

System Uptime: 1/31/2011 4:11:10 PM (0 hours ago)

Motherboard: Compal | | 30F4

Processor: Intel® Core2 Duo CPU P7450 @ 2.13GHz | CPU | 2133/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 98 GiB total, 67.94 GiB free.

D: is FIXED (NTFS) - 98 GiB total, 92.591 GiB free.

E: is FIXED (FAT32) - 24 GiB total, 24.402 GiB free.

F: is CDROM ()

G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {FC80E0C0-C54E-4ccd-8D7A-CDF5ACB65F2E}

Description: Keyboard Filter

Device ID: {A87C2E0F-9A46-46B8-8EC4-E33355FBE1F7}\KEYBOARDFILTER\5&2DFF9766&0&01

Manufacturer:

Name: Keyboard Filter

PNP Device ID: {A87C2E0F-9A46-46B8-8EC4-E33355FBE1F7}\KEYBOARDFILTER\5&2DFF9766&0&01

Service:

==== System Restore Points ===================

RP33: 1/30/2011 2:17:57 PM - Windows Update

==== Installed Programs ======================

D3DX10

Feedback Tool

HP Quick Launch Buttons

JMicron JMB38X Flash Media Controller

Junk Mail filter update

Malwarebytes' Anti-Malware

Mesh Runtime

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

MSVCRT

MSVCRT_amd64

QLBCASL

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

==== Event Viewer Messages From Past Week ========

1/30/2011 8:55:29 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

1/30/2011 8:22:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP

1/30/2011 8:22:38 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

1/30/2011 8:22:05 AM, Error: SRTSP [5] -

1/30/2011 8:10:45 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

1/30/2011 5:33:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.544.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/30/2011 5:22:51 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a00ffc500d, 0x0000000000000000, 0xfffff88009027674, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013011-26676-01.

1/30/2011 4:26:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2011 4:26:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/30/2011 4:26:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/30/2011 4:26:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

1/30/2011 4:26:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

1/30/2011 4:26:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/30/2011 4:26:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/30/2011 4:25:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP CSC DfsC discache eeCtrl IDSVia64 MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIM SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf

1/30/2011 4:25:30 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2011 4:25:30 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/30/2011 4:25:30 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

1/30/2011 4:25:30 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2011 4:25:30 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2011 4:25:30 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

1/30/2011 4:25:30 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2011 4:25:30 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2011 4:25:30 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2011 4:25:30 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/30/2011 4:25:30 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/30/2011 4:13:19 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

1/30/2011 4:04:01 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

1/30/2011 3:26:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.623.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/30/2011 3:26:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.623.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/30/2011 3:26:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.623.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/29/2011 12:39:11 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

1/29/2011 12:39:10 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

1/29/2011 12:39:10 AM, Error: Service Control Manager [7038] - The NisSrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

1/29/2011 12:39:10 AM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.

1/29/2011 12:39:10 AM, Error: Service Control Manager [7000] - The Microsoft Network Inspection service failed to start due to the following error: The service did not start due to a logon failure.

1/29/2011 12:39:10 AM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.

1/29/2011 12:39:10 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.

1/28/2011 9:29:27 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

1/28/2011 9:29:27 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.

1/28/2011 9:29:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

1/28/2011 6:26:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000000000b0, 0x0000000000000002, 0x0000000000000000, 0xfffff88009eae0bc). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012811-35755-01.

1/28/2011 6:22:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.544.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/28/2011 6:18:29 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

1/28/2011 6:17:57 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

1/28/2011 6:17:46 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

1/28/2011 3:37:08 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.544.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121...5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Nurse-HPLaptop\Nurse Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80072f76 Error description: The requested header was not found

1/28/2011 3:37:08 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.544.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121...5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Nurse-HPLaptop\Nurse Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80072f76 Error description: The requested header was not found

1/28/2011 3:37:08 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.544.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121...5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Nurse-HPLaptop\Nurse Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80072f76 Error description: The requested header was not found

1/28/2011 3:37:08 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.544.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121...5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Nurse-HPLaptop\Nurse Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80072f76 Error description: The requested header was not found

1/28/2011 3:21:47 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/28/2011 3:02:27 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/28/2011 2:41:38 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/28/2011 2:41:38 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/28/2011 2:41:38 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/28/2011 2:41:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/28/2011 2:41:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/28/2011 2:41:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/28/2011 2:40:20 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found

1/28/2011 2:40:20 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found

1/28/2011 2:40:20 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found

1/28/2011 2:40:20 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found

1/28/2011 2:40:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/28/2011 2:40:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/28/2011 2:40:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/28/2011 12:48:08 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Synaptics - Input - Synaptics PS/2 Port TouchPad.

1/28/2011 12:47:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Windows Malicious Software Removal Tool x64 - January 2011 (KB890830).

1/28/2011 12:38:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Intel driver update for Intel® WiFi Link 5100 AGN.

1/28/2011 12:38:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Hewlett-Packard Development Company, L.P. - Other hardware - HP Mobile Data Protection Sensor.

1/28/2011 12:34:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Microsoft driver update for Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20).

1/28/2011 12:32:03 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Definition Update for Windows Defender - KB915597 (Definition 1.97.544.0).

1/28/2011 12:30:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: IDT - Audio - IDT High Definition Audio CODEC.

1/28/2011 1:02:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80080005: Update for Windows 7 for x64-based Systems (KB971033).

1/27/2011 9:28:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

1/27/2011 9:11:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

1/27/2011 9:09:20 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.

1/27/2011 9:09:20 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.

1/27/2011 9:09:20 PM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

1/27/2011 9:09:20 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

1/27/2011 9:09:20 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

1/27/2011 9:08:52 PM, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v2.0.50727_X64 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/27/2011 9:08:48 PM, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/27/2011 6:58:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}

1/27/2011 6:52:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}

==== End Of File ===========================

[LDTate]

I suggest you do this through System Recovery Options at Boot for running System Restore as shown in this link http://www.sevenforums.com/tutorials/700-system-restore.html See Method #2

[LDTate]

You want to try METHOD ONE and see if you can find a good restore point

[DocHappy]

Thanks for the reply!

Let me give you a little more background on the situation, I think it may help.

This PC that I am on (HP Pavilion DV1275DX - 8G of Ram) and sending you logs from has a fresh install of Win7 so I don't have many restore points, but that is an option. Basically after the initial install I installed SP1 and then ran Windows Update. Once the updates were complete I installed Norton. So there should be a few restore points in between all that. Just FYI - I installed Fedora on another partition b/c I don't feel comfortable running Windows with a breach in security.

I have several other computers that have this same issue as we lost the whole network including the hardware. I don't know what we got but it was bad. By the time I noticed the intrusion on the logs all the computers were infected. Most of the computers wouldn't even boot after a few days and the router was not accessible. Of course, everything I had been running (Norton and Spybot) said my computers were fine up to the point hard drives crashed and nothing worked. When I ran Malwarebytes it was the only software that would not get completely consumed by whatever it was that I had infected us! A couple times Malwarebytes had found "Broken.OpenCommand" but could not get rid of it completely after reboot. I had backups so I ditched everything modem, router, hard drives, memory and Vista for new hardware Win7 for all the computers. I was provided a Netgear CGD24G wireless modem router from our cable provider, and I purchased a small business Cisco WRVS440N wireless router.

I am working with this one computer until I get a clean install of Windows. I refuse to just go by a MAC like everyone else here and forget about Windows, even though I run MAC and Linux myself, I still like Windows for certain things.

So... what do you think now? Restore to as far back as I can so you can see the system from the beginning? I can even to a fresh install if you would prefer and go from there. I have wiped and reinstalled to no avail. So I am missing something along the way or it lives in my motherboard!

Your assistance with this issue is tremendously appreciated!

I will wait to hear from you.

[LDTate]

Have you checked your config in the modem and router?

When you installed them did you create a new password?

[DocHappy]

The modem and router are setup with the default config at this point. Yes, I did create new passwords when the new routers were setup.

[LDTate]

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have SP3, use the SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[DocHappy]

ComboFix 11-01-31.02 - Nurse 02/01/2011 15:14:32.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8159.6763 [GMT -8:00]

Running from: c:\users\Nurse\Desktop\cf.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2011-01-01 to 2011-02-01 )))))))))))))))))))))))))))))))

.

2011-02-01 23:18 . 2011-02-01 23:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-01 23:12 . 2011-02-01 23:13 -------- d-----w- C:\32788R22FWJFW

2011-02-01 15:23 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8B8AE12-E701-49BD-A00E-51DEC27F898E}\mpengine.dll

2011-02-01 15:16 . 2011-02-01 15:16 -------- d-----w- c:\users\Administrator

2011-02-01 15:14 . 2011-02-01 15:14 -------- d-----w- c:\users\Tech

2011-01-30 13:37 . 2011-01-30 13:37 -------- d-----w- c:\programdata\iolo

2011-01-30 11:32 . 2011-01-30 14:12 -------- d-----w- c:\windows\en

2011-01-30 11:30 . 2011-01-30 13:46 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2011-01-30 11:28 . 2011-01-30 14:11 -------- d-----w- c:\program files (x86)\Windows Live

2011-01-30 11:27 . 2011-01-30 14:11 -------- d-----w- c:\program files\Windows Live

2011-01-30 11:26 . 2009-09-05 01:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2011-01-30 11:26 . 2009-09-05 01:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2011-01-30 11:26 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-01-30 11:26 . 2009-09-05 01:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-01-30 11:26 . 2006-11-29 21:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2011-01-30 11:26 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

2011-01-28 15:02 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-01-28 12:41 . 2011-01-31 23:58 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2011-01-28 11:37 . 2010-11-30 18:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CDCF4D72-672E-4B77-A4AC-6B2AFB5B3FD1}\gapaengine.dll

2011-01-28 11:21 . 2011-01-28 11:21 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-01-28 11:21 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-01-28 11:20 . 2011-01-28 11:21 -------- d-----w- c:\program files\Microsoft Security Client

2011-01-28 11:20 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2011-01-28 11:11 . 2011-01-31 23:57 -------- dc----w- c:\windows\system32\DRVSTORE

2011-01-28 11:08 . 2010-11-09 03:52 2381824 ----a-w- c:\windows\system32\mshtml.tlb

2011-01-28 11:08 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-01-28 11:08 . 2010-11-09 03:55 1502208 ----a-w- c:\windows\system32\inetcpl.cpl

2011-01-28 11:08 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-01-28 10:53 . 2011-01-28 10:53 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-01-28 10:52 . 2011-01-28 10:52 -------- d-----w- c:\windows\PCHEALTH

2011-01-28 10:49 . 2010-08-16 06:50 1137664 ----a-w- c:\windows\system32\FntCache.dll

2011-01-28 10:49 . 2010-08-16 06:50 899072 ----a-w- c:\windows\system32\d2d1.dll

2011-01-28 10:49 . 2010-08-16 06:50 320512 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-28 10:49 . 2010-08-16 06:50 1844224 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-28 10:49 . 2010-08-16 06:14 737280 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-01-28 10:49 . 2010-08-16 06:14 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2011-01-28 10:49 . 2010-08-16 06:14 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2011-01-28 10:49 . 2010-08-16 06:50 1543168 ----a-w- c:\windows\system32\DWrite.dll

2011-01-28 10:49 . 2010-08-16 06:14 1076224 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-01-28 10:48 . 2010-05-09 09:46 229888 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-28 10:48 . 2010-05-09 09:46 466432 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-28 10:48 . 2010-05-09 09:15 279552 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-01-28 10:48 . 2010-05-09 09:15 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll

2011-01-28 10:48 . 2010-06-26 05:31 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll

2011-01-28 10:48 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll

2011-01-28 10:47 . 2011-01-30 14:11 -------- d-----w- c:\program files (x86)\Feedback Tool

2011-01-28 10:44 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-01-28 10:41 . 2011-01-31 23:57 -------- d-----w- c:\programdata\Norton

2011-01-28 10:41 . 2011-01-28 11:23 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2011-01-28 10:33 . 2011-01-28 10:33 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2011-01-28 10:32 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll

2011-01-28 10:32 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2011-01-28 10:32 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll

2011-01-28 10:32 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL

2011-01-28 10:32 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-28 10:32 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll

2011-01-28 10:32 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll

2011-01-28 10:22 . 2011-01-28 10:22 -------- d-----w- c:\programdata\Malwarebytes

2011-01-28 10:22 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-28 10:22 . 2011-01-30 16:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-01-28 10:22 . 2010-12-21 02:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-28 10:15 . 2009-04-29 15:48 18432 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys

2011-01-28 10:15 . 2006-11-02 14:04 1919968 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll

2011-01-28 10:15 . 2011-01-28 10:15 -------- d-----w- c:\program files (x86)\Hewlett-Packard

2011-01-28 10:15 . 2008-09-08 21:31 1885488 ----a-w- c:\windows\SysWow64\BttnCmns.dll

2011-01-28 10:15 . 2008-09-08 21:31 1885488 ----a-r- c:\windows\SysWow64\BttnCmn.dll

2011-01-28 10:11 . 2011-01-28 10:11 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2011-01-28 10:11 . 2011-01-28 10:11 -------- d-----w- c:\program files\Broadcom

2011-01-28 10:05 . 2011-01-28 10:05 -------- d-----w- c:\programdata\Trend Micro

2011-01-28 09:57 . 2011-01-28 09:58 131 ----a-w- c:\windows\xUninstall.bat

2011-01-28 09:57 . 2011-01-28 10:15 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information

2011-01-28 09:57 . 2008-07-21 03:53 145496 ----a-w- c:\windows\system32\drivers\jmcr.sys

2011-01-28 09:56 . 2011-01-28 09:56 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2011-01-28 09:55 . 2011-01-28 09:55 -------- d-----w- c:\program files (x86)\Intel

2011-01-28 09:55 . 2008-07-16 09:05 53248 ----a-w- c:\windows\SysWow64\CSVer.dll

2011-01-28 09:55 . 2011-01-28 09:55 -------- d-----w- C:\Intel

2011-01-28 09:49 . 2011-01-28 09:49 -------- d-----w- c:\program files\Validity Sensors, Inc

2011-01-28 09:22 . 2011-01-28 09:22 -------- d-----w- C:\system.sav

2011-01-28 09:21 . 2011-01-28 09:21 -------- d-----w- c:\program files\Synaptics

2011-01-28 09:19 . 2011-01-28 09:19 -------- d-----w- c:\program files\IDT

2011-01-28 09:19 . 2010-03-23 22:53 564224 ----a-w- c:\windows\system32\idt64mp1.exe

2011-01-28 09:19 . 2010-03-23 22:53 487424 ----a-w- c:\windows\sttray64.exe

2011-01-28 09:19 . 2010-03-23 22:53 3348480 ----a-w- c:\windows\system32\stlang64.dll

2011-01-28 09:19 . 2010-03-23 22:53 12772352 ----a-w- c:\windows\system32\idtcpl64.cpl

2011-01-28 09:19 . 2010-01-27 02:30 162816 ----a-w- c:\windows\system32\AESTAC64.dll

2011-01-28 09:19 . 2009-10-10 00:45 442368 ----a-w- c:\windows\system32\AESTEC64.dll

2011-01-28 09:19 . 2009-03-03 01:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll

2011-01-28 09:19 . 2009-03-03 01:47 90624 ----a-w- c:\windows\system32\AESTCo64.dll

2011-01-28 09:19 . 2011-01-28 09:19 -------- d-----w- c:\windows\system32\SRSLabs

2011-01-28 09:16 . 2011-01-28 09:16 -------- d-----w- c:\windows\SysWow64\Wat

2011-01-28 09:16 . 2011-01-28 09:16 -------- d-----w- c:\windows\system32\Wat

2011-01-28 09:12 . 2011-01-28 09:58 -------- d-----w- c:\windows\JMCR_DIR

2011-01-28 09:12 . 2008-10-23 01:42 109568 ----a-w- c:\windows\SysWow64\JmCrIcon.dll

2011-01-28 09:12 . 2008-05-14 12:54 109568 ----a-w- c:\windows\system32\JmCrIcon.dll

2011-01-28 09:12 . 2011-01-28 13:27 -------- d-----w- C:\Drivers

2011-01-28 09:06 . 2011-01-28 09:06 -------- d-----w- c:\program files (x86)\Microsoft.NET

2011-01-28 08:59 . 2011-01-28 08:59 -------- d-----w- c:\programdata\NVIDIA

2011-01-28 08:41 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll

2011-01-28 08:41 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll

2011-01-28 08:40 . 2011-01-20 18:39 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41B9BDB8-34AC-46D4-BC08-C40FE18C579F}\mpengine.dll

2011-01-28 08:36 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2011-01-28 08:36 . 2009-10-10 02:41 109056 ----a-w- c:\windows\system32\drivers\sdbus.sys

2011-01-28 08:34 . 2009-11-25 20:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2011-01-28 08:34 . 2009-11-25 20:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2011-01-28 08:34 . 2009-11-25 20:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2011-01-28 08:34 . 2009-11-25 20:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2011-01-28 08:34 . 2009-11-25 20:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2011-01-28 08:34 . 2009-11-25 20:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-01-28 08:34 . 2009-11-25 20:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-01-28 08:34 . 2009-11-25 20:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2011-01-28 08:34 . 2009-11-25 20:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2011-01-28 08:34 . 2009-11-25 20:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-01-28 08:29 . 2011-01-30 14:14 -------- d-sh--w- c:\windows\Installer

2011-01-28 08:29 . 2009-10-03 14:02 637544 ----a-w- c:\windows\system32\nvuninst.exe

2011-01-28 08:26 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll

2011-01-28 08:24 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll

2011-01-28 08:15 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll

2011-01-28 08:15 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll

2011-01-28 08:15 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll

2011-01-28 08:15 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll

2011-01-28 04:18 . 2011-01-28 14:37 -------- d-----w- C:\SS

2011-01-28 03:18 . 2011-01-28 08:08 -------- d-----w- c:\windows\system32\SPReview

2011-01-28 02:57 . 2011-01-28 02:57 -------- d-----w- c:\windows\system32\EventProviders

2011-01-28 02:29 . 2011-01-31 00:28 -------- d-----w- c:\users\Nurse

2011-01-28 02:29 . 2011-01-28 02:29 -------- d-----w- C:\Recovery

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-28 09:45 . 2007-04-25 20:50 36864 ----a-w- c:\windows\system32\drivers\enecir.sys

2011-01-28 03:23 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll

2011-01-28 03:23 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll

2010-11-10 10:28 . 2010-11-10 10:28 301936 ----a-w- c:\windows\WLXPGSS.SCR

.

((((((((((((((((((((((((((((( SnapShot@2011-01-31_00.13.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-01-28 03:35 . 2011-02-01 23:11 30354 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-02-01 23:11 40322 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:30 . 2011-01-31 00:07 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2011-02-01 23:10 86016 c:\windows\system32\DriverStore\infpub.dat

- 2011-01-28 02:25 . 2011-01-31 00:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-28 02:25 . 2011-02-01 23:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-28 02:25 . 2011-02-01 23:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-01-28 02:25 . 2011-01-31 00:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-01-31 00:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-02-01 23:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2011-02-01 00:02 78992 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-01-28 08:13 . 2011-02-01 22:51 7538 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-214440522-3584700284-4228021870-1000_UserData.bin

- 2011-01-30 16:22 . 2011-01-30 16:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-02-01 23:09 . 2011-02-01 23:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-02-01 23:09 . 2011-02-01 23:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-01-30 16:22 . 2011-01-30 16:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2011-01-30 16:26 626278 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-02-01 23:14 626278 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-01-30 16:26 107522 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-02-01 23:14 107522 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:30 . 2011-02-01 23:10 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-01-31 00:07 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2011-02-01 23:10 143360 c:\windows\system32\DriverStore\infstor.dat

- 2009-07-14 05:30 . 2011-01-31 00:07 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:01 . 2011-02-01 23:08 228168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-01-30 13:44 228168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-01-28 12:45 . 2011-01-31 00:24 463684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-214440522-3584700284-4228021870-1000-12288.dat

+ 2011-02-01 17:48 . 2011-02-01 17:48 1360592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-214440522-3584700284-4228021870-1001-4096.dat

+ 2011-01-28 11:22 . 2011-02-01 23:08 1964074 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-214440522-3584700284-4228021870-1000-4096.dat

- 2009-07-14 02:34 . 2011-01-30 23:57 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2011-02-01 23:03 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-08 51600]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-21 145496]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-22 45456]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-28 1255736]

R4 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-28 717104]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2011-01-28 36864]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 24152]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-14 7675392]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 2327952]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-214440522-3584700284-4228021870-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-214440522-3584700284-4228021870-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-02-01 15:20:35

ComboFix-quarantined-files.txt 2011-02-01 23:20

ComboFix2.txt 2011-01-31 00:15

Pre-Run: 72,266,874,880 bytes free

Post-Run: 72,082,640,896 bytes free

- - End Of File - - 989D87B5FD5912C43741769BB92ABC66

[LDTate]

That doesn't show anything bad.

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

[DocHappy]

At 42% into the scan I recieved a msgbox - OnlineCmdLineScanner.exe has stopped working.

A problem caused the program to stop working correctly. Windows will close the proram and notify you if a solution is available.

[DocHappy]

I run ATF Cleaner and then ComboFix in Safemode, I can run ATF but Combo Fix errors right away with "C:\" folder is not accessible. Is this normal in safemode?

[DocHappy]

I attempted to update the BIOS since I got an error in Linux that it had issues. In safe mode still, when I run the update the msgbox says, "Please try to run EXE file as administrator by "Right Click"! The exclamation point that is next to the start of the text is upside down. Kind of odd. I'm logged in as Admin, right click run as admin etc, but I can't seem to run anything that requires admin.

[LDTate]

I don't know if you're having hardware or software issues, but nothing is showing any infections.

Can you hardwire this pc to the modem using a cat 5 cable?

[DocHappy]

I hear you! Although, I've kind of eliminated the fact that it could be a hardware issue since I have at least 6 computers sitting here with the same issues and they are all different in terms of hardware. Yes, there is a direct wire to the modem from the laptop.

More food for thought...

I have done everything from a complete wipe of the hard drive on a PC and tried to reinstall Windows XP, Vista and Windows 7 at different times, to replacing hard drives, memory, and video cards and did the same installs with and without flashing the BIOS. I have been mostly working with Windows 7 but attempted the others to see if I could get any further.

The PC starts out fine after a fresh install of Windows, install some windows updates and an antivirus install later and I can tell there are some issues already rearing thier head. There will be minor issues like Aero will not be available, certain options are inaccessable (for example some folder or system options are inaccessabile when normally there are accessible for changes), and I have not been able to turn on Windows Firewall or Defender / restore the defaut settings at times. I will be logged in as Admin but don't have Admin rights! Or can see the hard drives through taskmanager/cmd prompt/notepad but can't run anything. And several times I just don't have the ability/permissions to take ownership of certain files that have been corrupted / condemed bad.

I see networking changes that are put in place without my want, need or knowledge. VPN's /PTP configurations etc. get setup somehow and then I can't modify them or if I do it causes nothing to work or the modem and or the router becomes inaccessible. Or, I'll make property changes that may look like they were made, sometimes, but when you revisit the same properties the changes were not made. I have also seen several cryptic scheduled tasks that were setup to run and I didn't have the ability to modify and or delete them. I have to say the craziest/scariest thing I saw with networking was the remote connections and errors that remote locations were unavailable at times when the internet was not connected and I had never sent any up. Being connected to the intenet seems to feed the "bug" and allow it to take over the system that much quicker.

There are always device driver issues where some just won't install correctly, mostly graphics and audio drivers, but I have had several problems with the EIRC (infared device) and memory card readers as well. Of course any external drives, have major connection problems too. Optical drives won't read disks and memory sticks/external hard drives won't load at all or tell you they need to be formatted regardless if the device is full or not. note-- I regularlly see what seems to be an overkill of audio / video codec and at times I am unable to stop them from loading through autoruns.

Eventually everything goes down the tubes! The PC will start to have boot issues, the user logon window will appear and let you log in but there will not be a desktop, The internet connection will be unavailable even though the MAC's and other wireless devices (iPAD) are connecting fine. All restore points have suddenly disappeared and when trying a startup repair, chkdsk, or any other windows utilities it just ends up in a loop with no ending. Until eventually the PC will not boot.

So... my thought after all this is that the "bug" is somewhow holding onto the BIOS and or motherboard in some way. Since a majority of the hardware in any given PC has been replaced except for the case, motherboard, and power supply. If this is the case I am not fully getting rid of the bug before a new install I guess. And since it's part of the chipset and or bios it has control from the beginning and that is why it's hard for anything to detect it.

I know that was a lot but I am not sure what else to do and I feel it may help someone see what I am missing. The past few weeks Windows has been running much better so some of the recent updates have helped stablize the OS in some way. Now at least windows recognizes that something was installed even though it may not do anything about it. I have had Windows up for about a week now on this one PC without having to reinstall / wipe it out and do it again. This is the first week I've been able to run Windows since sometime in October. Although, for the most part the PC has been shut off so really it hasnt been running for a full week.

next steps... I am not sure. But I am open for suggestions!

[LDTate]

C: is FIXED (NTFS) - 98 GiB total, 67.94 GiB free.

D: is FIXED (NTFS) - 98 GiB total, 92.591 GiB free.

E: is FIXED (FAT32) - 24 GiB total, 24.402 GiB free.

F: is CDROM ()

G: is CDROM ()

I would try removing the power leads from the power supply to all but the boot drive.

It very well could be the PS is weak or not powerful enough to run all those.

I think in one of your post you said you already tried flashing the BIOS so if you have/had a BIOS infection, that should have removed that.

Other than the above suggestions, I'm out of ideas.

[DocHappy]

The C, D, and E drives are all one HD, just different partitions. There is something not right. I just cant put my finger on it. My recent admin event logs are attached. It's apparent there is still an issue.

adminlogs.zip

[LDTate]

I suggest you start a new topic in our PC Help forum and see if one of the software/hardware techs can help you with this as it doesn't appear to be an infection.

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!