multiple virus/malware issues

[mss]

Hello,

Win7

MSE installed and "running whenever it's not getting shut down by malware"

This afternoon my desktop was infected with what looks to be a number of virus/malware files. Initial infection was "Opencloud Security" scareware, which I think I removed with MBAM. I then immediately noticed any time I tried to go to Google, it would resolve to the UK or LT Google sites. No change to proxy settings, etc. Various attempts to remove "Google Redirect" failed and MSE now reports "smadow|genB" after every reboot. Remove it and it comes back.

Current situation is MBAM and GMER are both immediately shut down when I try to run them. I re-installed MBAM, updated to latest rev and defs, went into Safe Mode, scanned, removed, rebooted into regular Win7, and tried to scan again - 5 seconds in MBAM process is TERMINATED (in task manager / resource manager) and I no longer have "permission" to run MBAM. Likewise, GMER will get shut down and access disallowed. Tried another copy of GMER - same result.

Thanks in advance for any help.

MSS

[Elise]

Hello and

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
    

  [*]Double click on the DDS icon, allow it to run.

  [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

  [*]Notepad will open with the results.

  [*]Follow the instructions that pop up for posting the results.

  [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

[mss]

Hello,

MSE disabled (killed running process)

DDS run and log files pasted below

FYI - I did run TDDSKILLER on the machine last night which identified and cured a number of items. Then a full MSE scan and MBAM scan was run and items identified were removed. Please pardon my 3am tinkering!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Main at 13:44:27 on 2011-09-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1682 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\System32\Ctxfihlp.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe

C:\Windows\SYSTEM32\CTXFISPI.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\WUDFHost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.drudgereport.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Set UA String (BHO): {3ce56db6-fcbe-4422-9454-63c354178985} - c:\program files\uapick\UABtn.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [AdobeBridge]

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"

mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"

mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [intel AppUp(SM) center] "c:\program files\intel\intelappstore\bin\serviceManager.lnk"

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

dRun: [Exetender_135] "c:\program files\verizon games player\GPlayer.exe" /runonstartup

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-system: DisableTaskMgr = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - {1E866952-62EA-4161-B97D-4D228CEDF7A0} - c:\program files\uapick\UABtn.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

DPF: {7F245E01-651F-48E5-8A85-4752EC65E4ED} - hxxp://69.133.80.51:1028/Cisco210Viewer.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab

TCP: DhcpNameServer = 192.168.55.1 71.242.0.12

TCP: Interfaces\{2F2380D1-ACAF-462E-B3A0-BFA8BA16E715} : DhcpNameServer = 192.168.55.1 71.242.0.12

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 ZetSFD;Zetera Storage Class Filter Driver;c:\windows\system32\drivers\ZetSFD.sys [2010-11-12 13824]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl25713152;MpKsl25713152;c:\programdata\microsoft\microsoft antimalware\definition updates\{434bb94c-6042-4af4-90a6-633de4409386}\MpKsl25713152.sys [2011-9-19 28752]

R1 MpKsl53ed4089;MpKsl53ed4089;c:\programdata\microsoft\microsoft antimalware\definition updates\{434bb94c-6042-4af4-90a6-633de4409386}\MpKsl53ed4089.sys [2011-9-20 28752]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110552]

R2 X4HSEx_Pr135;X4HSEx_Pr135;c:\program files\verizon games player\X4HSEx.sys [2011-2-4 56352]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]

S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 16396]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-15 183560]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2010-4-21 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-4-21 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]

S3 ECRDRV;ECRDRV;c:\windows\system32\drivers\ecrdrv.sys [2010-6-9 17580]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-27 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-22 1343400]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-09-20 16:56:08 -------- d-----w- c:\users\main\appdata\local\{32D5062C-86D5-4FAC-86B5-3DA5BC88633F}

2011-09-20 16:55:58 -------- d-----w- c:\users\main\appdata\local\{5A6A9DD2-9D2A-496F-AE17-7CE105C44B75}

2011-09-20 16:00:48 -------- d-----w- c:\users\main\appdata\local\{31CBC1E5-33D8-469A-BD9B-CDF3AA5B9C5D}

2011-09-20 16:00:38 -------- d-----w- c:\users\main\appdata\local\{652DE62A-65C2-459C-BF69-54023FD693D8}

2011-09-20 15:39:29 -------- d-----w- c:\users\main\appdata\local\{840224F2-5D1C-4E7F-B355-223C84BAF3B8}

2011-09-20 15:39:19 -------- d-----w- c:\users\main\appdata\local\{4456B576-E1E5-44D7-85D9-6DAAEC337F49}

2011-09-20 12:19:03 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{434bb94c-6042-4af4-90a6-633de4409386}\MpKsl53ed4089.sys

2011-09-20 03:57:12 -------- d-----w- c:\users\main\appdata\local\{4A537270-41D0-4B2F-BE97-987213971D34}

2011-09-20 03:57:00 -------- d-----w- c:\users\main\appdata\local\{34ADE9EF-50B3-467B-983B-7866EDAF06BD}

2011-09-20 03:08:11 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{434bb94c-6042-4af4-90a6-633de4409386}\MpKsl25713152.sys

2011-09-20 01:31:21 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{434bb94c-6042-4af4-90a6-633de4409386}\mpengine.dll

2011-09-19 18:17:25 -------- d-----w- c:\users\main\appdata\roaming\uS2obF3pm5Q6W8R

2011-09-19 18:00:05 -------- d-----w- c:\users\main\appdata\roaming\XH5sQJ7dE8R9YwU

2011-09-19 17:41:29 -------- d-----w- c:\users\main\appdata\roaming\xqjUCekIBzNx0v2

2011-09-19 17:34:50 -------- d-----w- c:\users\main\appdata\roaming\nnnG4amH6

2011-09-19 17:34:42 -------- d-----w- c:\users\main\appdata\roaming\anF4pmH5sJ

2011-09-19 16:29:07 -------- d-----w- c:\users\main\appdata\local\{061C26F7-ABBA-41FB-A95A-54808577211F}

2011-09-19 16:28:57 -------- d-----w- c:\users\main\appdata\local\{4A89B0C1-7F18-4C36-980B-62DB0C1FAF53}

2011-09-19 15:34:37 -------- d-----w- c:\users\main\appdata\local\{AFE1F490-E404-40BD-9275-FACCDE6FE824}

2011-09-19 15:34:27 -------- d-----w- c:\users\main\appdata\local\{38233356-87F2-45A9-95F0-EB77A7509AB0}

2011-09-19 14:41:55 -------- d-----w- c:\users\main\appdata\local\{A282A69D-C7C1-445E-B2F7-F2C6433B8181}

2011-09-19 14:41:45 -------- d-----w- c:\users\main\appdata\local\{D722C98B-B311-4837-BD0E-2CEAB3D57E4E}

2011-09-19 13:35:45 -------- d-----w- c:\users\main\appdata\local\{FF3B2784-C88D-437E-961F-6EE6D5617328}

2011-09-19 13:35:34 -------- d-----w- c:\users\main\appdata\local\{D3BCABF1-FF56-471F-BE27-389E0F2050CD}

2011-09-19 00:22:32 -------- d-----w- c:\users\main\appdata\local\{B42CF388-D4F7-4666-960F-473CA894C3FA}

2011-09-18 19:33:36 -------- d-----w- c:\users\main\appdata\local\{6ADF9699-CAD7-44D9-A1CD-422A6E1A017E}

2011-09-18 19:33:26 -------- d-----w- c:\users\main\appdata\local\{04339A92-DDFC-42E3-B177-6437C2536312}

2011-09-17 21:27:11 -------- d-----w- c:\users\main\appdata\local\{F838CBD8-98F4-48F5-84FC-A7EE03CECBC8}

2011-09-17 13:10:11 -------- d-----w- c:\users\main\appdata\local\{942304C9-217C-4B17-8D2D-E85FEF9DEF7F}

2011-09-17 13:10:01 -------- d-----w- c:\users\main\appdata\local\{A047CA3C-0DDB-43E2-BCC3-B654142598CF}

2011-09-17 04:21:04 -------- d-----w- c:\users\main\appdata\local\{71F60FCF-2264-4AA0-ABE0-1F2AF30A449F}

2011-09-17 04:20:54 -------- d-----w- c:\users\main\appdata\local\{3748EC7A-92C1-4966-8A1F-7317EC0CD5B4}

2011-09-17 02:08:29 -------- d-----w- c:\users\main\appdata\local\{290C0945-2598-4A7D-ACED-E3CB9B08F99C}

2011-09-17 02:08:19 -------- d-----w- c:\users\main\appdata\local\{0F8475C7-D8DB-4A28-8697-5773A008FC74}

2011-09-16 18:19:07 -------- d-----w- c:\users\main\appdata\local\{EEFE70E2-DE35-4A94-A3E2-E38929DBBD52}

2011-09-16 18:18:56 -------- d-----w- c:\users\main\appdata\local\{101D9C39-285D-43B4-AD4E-E675D1B70958}

2011-09-16 17:48:57 -------- d-----w- c:\users\main\appdata\local\{6F2256AE-5CD7-4CCF-B39E-8BF2D4E4F09F}

2011-09-16 17:48:47 -------- d-----w- c:\users\main\appdata\local\{2491A9A0-72FA-4283-AC1F-14D5F5D22DFB}

2011-09-15 18:29:23 -------- d-----w- c:\users\main\appdata\local\{A7D53566-B98C-4B4B-9385-363D688963CC}

2011-09-15 18:29:13 -------- d-----w- c:\users\main\appdata\local\{F6234EED-E65A-4EAA-AD4B-293001498E73}

2011-09-15 15:03:56 -------- d-----w- c:\users\main\appdata\local\{0423CDE3-49F6-499C-9139-DAFBA572EB69}

2011-09-15 15:03:46 -------- d-----w- c:\users\main\appdata\local\{C2D30148-03AA-4F54-997E-606C64C46180}

2011-09-15 12:34:46 -------- d-----w- c:\users\main\appdata\local\{25F84727-2DD8-4D67-878D-E77A774C221D}

2011-09-15 12:34:36 -------- d-----w- c:\users\main\appdata\local\{70FCFC56-2C76-4A81-A129-4DB914ECF5FF}

2011-09-15 02:19:02 -------- d-----w- c:\users\main\appdata\local\{7DB334EB-1268-4C38-918E-418572A92962}

2011-09-15 02:18:52 -------- d-----w- c:\users\main\appdata\local\{962242D1-9644-47E1-975B-07DA51AD776F}

2011-09-14 19:43:29 -------- d-----w- c:\users\main\appdata\local\{D593B1B8-9528-41B0-86ED-0CDAB8149A94}

2011-09-14 19:43:19 -------- d-----w- c:\users\main\appdata\local\{A0D3D302-93F4-45E6-8CD4-F446FD74E419}

2011-09-14 18:50:22 -------- d-----w- c:\users\main\appdata\local\{6D2ED2D6-5781-40B0-9CA7-5CEAC0A33041}

2011-09-14 18:50:12 -------- d-----w- c:\users\main\appdata\local\{9142FE85-19D9-4AAA-9DE3-3E98D35B333D}

2011-09-14 15:06:14 -------- d-----w- c:\users\main\appdata\local\{F18FDD1A-7821-49FD-B32D-BFA5EA262F2F}

2011-09-14 15:06:04 -------- d-----w- c:\users\main\appdata\local\{BF93A4E8-29D8-4F40-95EB-33C651F682D5}

2011-09-14 14:33:37 -------- d-----w- c:\users\main\appdata\local\{569A6EA9-966B-44F7-93D6-9CD6046A1146}

2011-09-14 14:33:27 -------- d-----w- c:\users\main\appdata\local\{F8E78703-1810-49AD-B823-635C6A01C915}

2011-09-14 14:16:26 -------- d-----w- c:\users\main\appdata\local\{A7361194-E55D-4169-877B-CB2511EE95BB}

2011-09-14 14:06:34 -------- d-----w- c:\users\main\appdata\local\{68D928C7-6930-4C0F-A9A0-20B4C241159F}

2011-09-14 14:06:25 -------- d-----w- c:\users\main\appdata\local\{D1428DBB-2E27-44FC-8583-EE51C20A8F4A}

2011-09-14 13:41:22 -------- d-----w- c:\users\main\appdata\local\{90963C0F-4267-408D-BF36-B3B2DAFF7D34}

2011-09-14 13:41:11 -------- d-----w- c:\users\main\appdata\local\{1B45CCCE-C7AA-401B-A43D-5313FEBDCCFC}

2011-09-13 17:02:19 -------- d-----w- c:\users\main\appdata\local\{EDB6AA18-21D5-47D6-8667-4518C30C9472}

2011-09-13 17:02:09 -------- d-----w- c:\users\main\appdata\local\{7B62B33A-338C-470A-BF29-2ED090D87B75}

2011-09-13 16:35:02 -------- d-----w- c:\users\main\appdata\local\{E5AB9D89-3AF2-49BF-AB03-39DDB7481D70}

2011-09-13 16:34:51 -------- d-----w- c:\users\main\appdata\local\{875A0B19-F68A-4748-91CC-D7EED223C913}

2011-09-12 20:34:14 -------- d-----w- c:\users\main\appdata\local\{C935A59F-50AA-4F31-B92A-9D9C15D4431F}

2011-09-12 20:34:04 -------- d-----w- c:\users\main\appdata\local\{DE296F09-0127-45D5-B44D-0BDA6F30188F}

2011-09-12 14:56:10 -------- d-----w- c:\users\main\appdata\local\{B501525E-501A-4C85-AF45-BC7B73925E36}

2011-09-12 14:56:00 -------- d-----w- c:\users\main\appdata\local\{CC2FC2D8-F8D6-44D7-917F-0A6191871809}

2011-09-11 23:52:26 -------- d-----w- c:\users\main\appdata\local\{D866837A-F086-4F36-8D46-D07F6D058DA7}

2011-09-11 23:52:16 -------- d-----w- c:\users\main\appdata\local\{8F945D50-B75B-4AC4-A6B9-72070E95C582}

2011-09-11 13:55:28 -------- d-----w- c:\users\main\appdata\local\{43EACBC7-C773-469E-B6BA-371A8805191D}

2011-09-11 13:55:16 -------- d-----w- c:\users\main\appdata\local\{419866B2-3CA5-4109-B6A0-94C9DA523C51}

2011-09-10 02:04:27 -------- d-----w- c:\users\main\appdata\local\{BEF25452-AFFD-4EB5-8853-D3B56810DDE4}

2011-09-10 02:04:17 -------- d-----w- c:\users\main\appdata\local\{1A90026B-0CAB-4A17-9C28-B7BC77070483}

2011-09-09 14:15:35 -------- d-----w- c:\users\main\appdata\local\{CC27DC6C-FAE7-4A8C-B031-265668AD75EE}

2011-09-09 14:15:25 -------- d-----w- c:\users\main\appdata\local\{3770536F-1B94-42BB-9849-238CD56B1B16}

2011-09-09 04:23:25 -------- d-----w- c:\users\main\appdata\local\{CB1F6084-8DB3-496A-8BE0-6A3CF6F4225E}

2011-09-09 04:23:13 -------- d-----w- c:\users\main\appdata\local\{C2089C5F-A574-4D0E-9E6A-F2B48EB94B4A}

2011-09-09 01:41:59 -------- d-----w- c:\users\main\appdata\local\{35736826-499E-4568-8A76-FAD0CB549EA1}

2011-09-08 21:45:57 -------- d-----w- c:\users\main\appdata\local\{57525052-6148-40D1-8D1C-0DE7F2BD17D8}

2011-09-08 17:56:26 -------- d-----w- c:\users\main\appdata\local\{A878A79A-6109-4632-91CA-350212BC4414}

2011-09-08 17:56:15 -------- d-----w- c:\users\main\appdata\local\{55865CC4-8B72-4F7C-8E60-462FCA7EC9EA}

2011-09-08 12:13:18 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll

2011-09-08 12:13:13 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d9576805-1c6c-4251-b5d6-dba658ba4efa}\gapaengine.dll

2011-09-07 23:43:03 -------- d-----w- c:\users\main\appdata\local\{7797E277-C335-4FCC-8836-BC1A04899A82}

2011-09-07 23:42:51 -------- d-----w- c:\users\main\appdata\local\{644F3284-0454-4E1B-981E-6885143AC51F}

2011-09-07 19:54:49 -------- d-----w- c:\users\main\appdata\local\{80402F9E-AFB1-4688-9FFA-851350348BCA}

2011-09-07 19:54:39 -------- d-----w- c:\users\main\appdata\local\{D9F39719-C810-44AE-BC52-3952678BCCB6}

2011-09-07 18:48:00 -------- d-----w- c:\users\main\appdata\local\{E3312D72-70EE-41E8-B948-3AE2C9A995DE}

2011-09-07 18:47:49 -------- d-----w- c:\users\main\appdata\local\{E0B5517A-0C5C-4259-B32B-3A6CB5B74C50}

2011-09-07 15:09:11 -------- d-----w- c:\users\main\appdata\local\{E8427A27-2F16-4B51-9148-ABAEEC8595D4}

2011-09-07 15:09:00 -------- d-----w- c:\users\main\appdata\local\{29ACC156-755F-4F2A-8440-D312491C816A}

2011-09-07 13:35:50 -------- d-----w- c:\users\main\appdata\local\{BDA6C5C6-5E43-457D-BFE6-D1ED304DC60F}

2011-09-07 13:35:39 -------- d-----w- c:\users\main\appdata\local\{977DBDA8-C0E2-47B1-80DE-1A8A3F4D00F5}

2011-09-07 04:22:27 -------- d-----w- c:\users\main\appdata\local\{825157CE-7DF0-45A8-9E82-FB544CFE5C15}

2011-09-07 03:08:28 -------- d-----w- c:\users\main\appdata\local\{A517F854-73F7-4184-A007-FF63A6BC8882}

2011-09-07 02:48:50 -------- d-----w- c:\users\main\appdata\local\{E12299DC-BC26-400B-86CF-FDECEBB139D3}

2011-09-07 02:48:40 -------- d-----w- c:\users\main\appdata\local\{37CFFE8F-9D3C-443D-B009-1DF663DBA6B6}

2011-09-06 17:33:25 -------- d-----w- c:\users\main\appdata\local\{7B44F362-625E-43A0-B465-248BFAABB908}

2011-09-06 17:33:15 -------- d-----w- c:\users\main\appdata\local\{7F0A8894-C121-45C3-AACD-8C52CA3D2E5D}

2011-09-06 16:02:17 -------- d-----w- c:\users\main\appdata\local\{07DB05AD-9767-4F37-B625-FC4CCCEB926F}

2011-09-06 16:02:07 -------- d-----w- c:\users\main\appdata\local\{BC315F32-7679-4882-91E1-DE433E02D6F1}

2011-09-06 14:23:05 -------- d-----w- c:\users\main\appdata\local\{504874D1-1B39-4CFC-904F-4868A90AB370}

2011-09-06 14:22:55 -------- d-----w- c:\users\main\appdata\local\{BB796D2E-9522-4DD1-828C-47D8949D3AF1}

2011-09-06 13:28:28 -------- d-----w- c:\users\main\appdata\local\{95CF3626-314F-4038-A55B-9F6920383CA6}

2011-09-06 13:28:18 -------- d-----w- c:\users\main\appdata\local\{2D3B3E77-12D9-4EB1-8903-97188B368810}

2011-09-06 12:38:06 -------- d-----w- c:\users\main\appdata\local\{AEC0F44C-CFD7-4F54-BCB6-2CEC468EE409}

2011-09-06 12:37:56 -------- d-----w- c:\users\main\appdata\local\{FAC9D1EE-67BB-40A2-A7D0-BA9500AD11BE}

2011-09-06 12:08:55 -------- d-----w- c:\users\main\appdata\local\{65A85E17-0368-4396-BBBC-0DC27BACAFA1}

2011-09-06 12:08:45 -------- d-----w- c:\users\main\appdata\local\{7AE23E24-7539-44CB-BC3D-B08A34221544}

2011-09-05 21:26:07 -------- d-----w- c:\users\main\appdata\local\{20BAFCC0-CB02-4D03-8E09-2107432AE83D}

2011-09-05 21:25:57 -------- d-----w- c:\users\main\appdata\local\{EDA05355-3537-4DC5-AB59-AF9191CE734C}

2011-09-05 18:58:19 -------- d-----w- c:\users\main\appdata\local\{8F1DF619-9B45-4C3F-8979-92E93E54E430}

2011-09-05 18:57:37 -------- d-----w- c:\users\main\appdata\local\{64EEF74D-B8D7-4DBC-8249-CC341E887392}

2011-09-02 22:43:17 -------- d-----w- c:\users\main\appdata\local\{8DA2EF31-86B1-4A7C-BB40-6EAF33DE9267}

2011-09-02 22:43:06 -------- d-----w- c:\users\main\appdata\local\{126407DB-5CE3-4F06-BA57-E6465B9F13EA}

2011-09-02 21:50:18 -------- d-----w- c:\users\main\appdata\local\{BC38D77C-3CE7-4249-B0B1-C6616B927384}

2011-09-02 21:50:06 -------- d-----w- c:\users\main\appdata\local\{1C4B8031-5B66-4A44-8A23-110CC97F6AB9}

2011-09-02 19:42:15 -------- d-----w- c:\users\main\appdata\local\{D471064F-4EB4-42C3-8896-901493A5F212}

2011-09-02 19:42:03 -------- d-----w- c:\users\main\appdata\local\{78CB5D1D-2D97-45AB-9334-B67FAB745600}

2011-09-02 16:15:15 -------- d-----w- c:\users\main\appdata\local\{D0B1DEF3-B029-440B-A685-9CB2E352405B}

2011-09-02 16:15:05 -------- d-----w- c:\users\main\appdata\local\{0E505D35-2C0A-4B0C-99D1-BED25423DFDD}

2011-09-02 12:56:21 -------- d-----w- c:\users\main\appdata\local\{AC3315A0-1C1D-4960-95AD-D2E4B06FEDCB}

2011-09-02 12:56:11 -------- d-----w- c:\users\main\appdata\local\{A8BC392C-1D38-42B8-9D15-02315ED75948}

2011-09-02 07:02:12 -------- d-----w- c:\users\main\appdata\local\{E9AF3A7E-8F52-4938-BD7E-1C4921A1D0D5}

2011-09-02 06:13:04 -------- d-----w- c:\users\main\appdata\local\{684A9D25-278D-4EA5-A84C-F5B7E931CFF4}

2011-09-02 06:12:54 -------- d-----w- c:\users\main\appdata\local\{DD33116B-00A9-47C3-AA5F-B703B47A6698}

2011-09-02 03:04:01 -------- d-----w- c:\users\main\appdata\local\{193B829C-A5AA-4E07-829C-149FE7CA3DBF}

2011-09-02 03:03:51 -------- d-----w- c:\users\main\appdata\local\{18B09C84-5921-4846-8A76-B70412EF522D}

2011-09-02 00:37:00 -------- d-----w- c:\users\main\appdata\local\{5C306B9C-97A5-4C27-9408-2F74E7ECF184}

2011-09-02 00:36:48 -------- d-----w- c:\users\main\appdata\local\{D5092FBE-3F46-48D3-BD92-DEEDDF5B3BF0}

2011-09-01 20:49:39 -------- d-----w- c:\users\main\appdata\local\{20DC34C5-B588-4C44-A68B-0C6B45D4D34C}

2011-09-01 18:42:52 -------- d-----w- c:\users\main\appdata\local\{9FDA7003-2A47-480C-9170-13FDDF9A838C}

2011-09-01 18:42:40 -------- d-----w- c:\users\main\appdata\local\{AEB684AD-DB3D-4459-ADE8-E077F6531831}

2011-09-01 15:43:43 -------- d-----w- c:\users\main\appdata\local\{6D0B9CAC-F81A-46C2-9F10-D9FDF3E7B6A1}

2011-09-01 15:25:49 -------- d-----w- c:\users\main\appdata\local\{0885CDC5-2BED-459C-886B-9B6EAABA6A6C}

2011-09-01 15:25:39 -------- d-----w- c:\users\main\appdata\local\{291AC160-44F1-4ABA-BCF2-386DF163261E}

2011-09-01 12:18:13 -------- d-----w- c:\users\main\appdata\local\{F57CC247-E1DC-4AF0-B476-B165C26BFB3B}

2011-09-01 12:18:02 -------- d-----w- c:\users\main\appdata\local\{13F6709F-6299-413E-B273-0A45407A3EAB}

2011-08-31 19:35:54 -------- d-----w- c:\users\main\appdata\local\{09B44181-3260-4BC6-9C7B-589FF0D1D0B3}

2011-08-31 19:35:44 -------- d-----w- c:\users\main\appdata\local\{60B89003-72AC-46DD-A16B-8C29C33BAC20}

2011-08-31 17:58:32 -------- d-----w- c:\users\main\appdata\local\{77EC44D6-D0C5-4FE9-BDC7-DB5ADD9092B1}

2011-08-31 17:58:22 -------- d-----w- c:\users\main\appdata\local\{C77630A0-C70E-4242-9C9C-EC0A9A0872F3}

2011-08-31 14:54:02 -------- d-----w- c:\users\main\appdata\local\{F8132704-1798-4FDA-B9D5-67E8E4B55960}

2011-08-31 13:05:33 -------- d-----w- c:\users\main\appdata\local\{5B320115-4FD3-45ED-A1D9-2123A587D342}

2011-08-31 13:05:22 -------- d-----w- c:\users\main\appdata\local\{73D30E81-BA91-4787-9D5D-AF984B95B9FD}

2011-08-31 01:41:50 -------- d-----w- c:\users\main\appdata\local\{A90EEEA6-BEF5-4AF9-9DBD-E04DF03595B2}

2011-08-31 01:41:40 -------- d-----w- c:\users\main\appdata\local\{FFF6D88B-11F6-41E2-83D7-9F30BF6CCF36}

2011-08-31 00:47:19 -------- d-----w- c:\users\main\appdata\local\{FBC99425-86CE-4337-8B18-882C5A574E9D}

2011-08-31 00:47:09 -------- d-----w- c:\users\main\appdata\local\{D2652E20-5B65-4073-8D0B-52261A1589B7}

2011-08-30 19:00:27 -------- d-----w- c:\users\main\appdata\local\{78747C62-938D-4DA7-A3F1-FAC09FCB78B5}

2011-08-30 19:00:17 -------- d-----w- c:\users\main\appdata\local\{A4E95584-497A-48DC-9D41-23ECB403C5D5}

2011-08-30 17:03:09 -------- d-----w- c:\users\main\appdata\local\{80F8BD16-612F-4899-8FCD-C94D6E764D6E}

2011-08-30 17:02:59 -------- d-----w- c:\users\main\appdata\local\{BF12CE68-06BE-49B2-AB7B-9AC9FD06F72C}

2011-08-27 21:03:27 -------- d-----w- c:\users\main\appdata\local\{F439FBAC-3948-4675-996D-20D648A4E518}

2011-08-27 21:03:17 -------- d-----w- c:\users\main\appdata\local\{03EE17A5-D753-4E9C-83EA-B070DAB6235E}

2011-08-27 13:59:18 -------- d-----w- c:\users\main\appdata\local\{03860399-3BD8-46A7-AF7E-4867436BE98E}

2011-08-27 13:59:08 -------- d-----w- c:\users\main\appdata\local\{11DA6F84-9C99-4E90-9444-C2985A4045EF}

2011-08-27 12:51:41 -------- d-----w- c:\users\main\appdata\local\{80653535-CF8F-4DDE-B3AC-E9A8DF11086A}

2011-08-27 12:51:31 -------- d-----w- c:\users\main\appdata\local\{698C190C-2AA8-48E7-B4CD-FB349F150725}

2011-08-27 12:31:26 2048 ----a-w- c:\windows\system32\tzres.dll

.

==================== Find3M ====================

.

2011-09-20 03:07:59 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-01 14:59:15 0 ----a-w- c:\programdata\mrwa.exe

2011-08-01 14:59:15 0 ----a-w- c:\programdata\ixie.exe

2011-08-01 14:59:15 0 ----a-w- c:\programdata\gsrt.exe

2011-08-01 14:59:15 0 ----a-w- c:\programdata\bqgx.exe

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-26 19:04:22 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe

2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

.

============= FINISH: 13:46:05.76 ===============

=========================>>>>>>>>>> ATTACH.TXT FOLLOWS

[mss]

ATTACH.TXT LOG

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 4/21/2010 12:51:09 AM

System Uptime: 9/20/2011 8:18:47 AM (5 hours ago)

.

Motherboard: EVGA | | NFORCE 680i LT SLI

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 98.744 GiB free.

D: is CDROM (CDFS)

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKslb0d09274

Device ID: ROOT\LEGACY_MPKSLB0D09274\0000

Manufacturer:

Name: MpKslb0d09274

PNP Device ID: ROOT\LEGACY_MPKSLB0D09274\0000

Service: MpKslb0d09274

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: NVIDIA nForce Networking Controller

Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_C55E10DE&REV_A2\3&2411E6FE&1&90

Manufacturer: NVIDIA

Name: NVIDIA nForce Networking Controller

PNP Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_C55E10DE&REV_A2\3&2411E6FE&1&90

Service: NVENETFD

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKslb1b6e323

Device ID: ROOT\LEGACY_MPKSLB1B6E323\0000

Manufacturer:

Name: MpKslb1b6e323

PNP Device ID: ROOT\LEGACY_MPKSLB1B6E323\0000

Service: MpKslb1b6e323

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl1f298334

Device ID: ROOT\LEGACY_MPKSL1F298334\0000

Manufacturer:

Name: MpKsl1f298334

PNP Device ID: ROOT\LEGACY_MPKSL1F298334\0000

Service: MpKsl1f298334

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKslb3fa9fb5

Device ID: ROOT\LEGACY_MPKSLB3FA9FB5\0000

Manufacturer:

Name: MpKslb3fa9fb5

PNP Device ID: ROOT\LEGACY_MPKSLB3FA9FB5\0000

Service: MpKslb3fa9fb5

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKslb4519cf7

Device ID: ROOT\LEGACY_MPKSLB4519CF7\0000

Manufacturer:

Name: MpKslb4519cf7

PNP Device ID: ROOT\LEGACY_MPKSLB4519CF7\0000

Service: MpKslb4519cf7

.

Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}

Description: Communications Port

Device ID: ACPI\PNP0501\1

Manufacturer: (Standard port types)

Name: Communications Port (COM1)

PNP Device ID: ACPI\PNP0501\1

Service: Serial

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl64f503f2

Device ID: ROOT\LEGACY_MPKSL64F503F2\0000

Manufacturer:

Name: MpKsl64f503f2

PNP Device ID: ROOT\LEGACY_MPKSL64F503F2\0000

Service: MpKsl64f503f2

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKslbf50a83a

Device ID: ROOT\LEGACY_MPKSLBF50A83A\0000

Manufacturer:

Name: MpKslbf50a83a

PNP Device ID: ROOT\LEGACY_MPKSLBF50A83A\0000

Service: MpKslbf50a83a

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl2e407e22

Device ID: ROOT\LEGACY_MPKSL2E407E22\0000

Manufacturer:

Name: MpKsl2e407e22

PNP Device ID: ROOT\LEGACY_MPKSL2E407E22\0000

Service: MpKsl2e407e22

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl8095eccb

Device ID: ROOT\LEGACY_MPKSL8095ECCB\0000

Manufacturer:

Name: MpKsl8095eccb

PNP Device ID: ROOT\LEGACY_MPKSL8095ECCB\0000

Service: MpKsl8095eccb

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl04971854

Device ID: ROOT\LEGACY_MPKSL04971854\0000

Manufacturer:

Name: MpKsl04971854

PNP Device ID: ROOT\LEGACY_MPKSL04971854\0000

Service: MpKsl04971854

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl0b3adc7e

Device ID: ROOT\LEGACY_MPKSL0B3ADC7E\0000

Manufacturer:

Name: MpKsl0b3adc7e

PNP Device ID: ROOT\LEGACY_MPKSL0B3ADC7E\0000

Service: MpKsl0b3adc7e

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl3b7703bf

Device ID: ROOT\LEGACY_MPKSL3B7703BF\0000

Manufacturer:

Name: MpKsl3b7703bf

PNP Device ID: ROOT\LEGACY_MPKSL3B7703BF\0000

Service: MpKsl3b7703bf

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsleb44bfa8

Device ID: ROOT\LEGACY_MPKSLEB44BFA8\0000

Manufacturer:

Name: MpKsleb44bfa8

PNP Device ID: ROOT\LEGACY_MPKSLEB44BFA8\0000

Service: MpKsleb44bfa8

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl1442fbe2

Device ID: ROOT\LEGACY_MPKSL1442FBE2\0000

Manufacturer:

Name: MpKsl1442fbe2

PNP Device ID: ROOT\LEGACY_MPKSL1442FBE2\0000

Service: MpKsl1442fbe2

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl95212787

Device ID: ROOT\LEGACY_MPKSL95212787\0000

Manufacturer:

Name: MpKsl95212787

PNP Device ID: ROOT\LEGACY_MPKSL95212787\0000

Service: MpKsl95212787

.

==== System Restore Points ===================

.

RP390: 9/8/2011 3:00:14 AM - Windows Update

RP391: 9/11/2011 7:52:34 AM - Windows Update

RP392: 9/14/2011 2:56:51 PM - Windows Update

RP393: 9/15/2011 3:00:22 AM - Windows Update

RP394: 9/18/2011 3:36:48 PM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

1... 2... 3... KICK IT! (Drop That Beat Like an Ugly Baby)

AaAaAA!!! - A Reckless Disregard for Gravity

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5 Design Premium

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Photoshop Lightroom 3.4.1

Adobe Reader 9.4.5

Adobe Shockwave Player 11.5

Akamai NetSession Interface

Alien Swarm

Altitude

Amnesia: The Dark Descent

Audiosurf

B&K Editor for SR10.1

Bayden UAPick

Bejeweled® 3

Bing Bar

Bing Maps 3D

Bing Rewards Client Installer

BIT.TRIP BEAT

Canon CanoScan Toolbox 5.0

CanoScan 8600F

Carbonite

Cogs

Counter-Strike: Source

Counter-Strike: Source Beta

Creative ALchemy

Creative Audio Control Panel

Creative Console Launcher

Creative MediaSource 5

Creative Software AutoUpdate

Creative Sound Blaster Properties

Creative WaveStudio 7

Customer Support Tool A22S

D3DX10

Defense Grid: The Awakening

Dual-Core Optimizer

eReg

Free DWG Viewer 7.0

Google Earth Plug-in

Google Update Helper

Half-Life 2

Half-Life 2: Episode One

Half-Life 2: Episode Two

Half-Life 2: Lost Coast

Intel AppUp(SM) center

Java Auto Updater

Java 6 Update 23

Junk Mail filter update

Killing Floor

Left 4 Dead

Left 4 Dead 2

Logitech GamePanel Software 3.04.143

Logitech SetPoint 6.0

Malwarebytes' Anti-Malware version 1.51.2.1300

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft Mathematics

Microsoft Mathematics Add-in (32-bit)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

MSVCRT

MX-980 Editor

MX-980 Expansion Pack

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA PhysX

Oceanis

Octoshape add-in for Adobe Flash Player

OGA Notifier 2.0.0048.0

OpenAL

PDF Settings CS5

Plants vs. Zombies

Portal

PunkBuster Services

PVSonyDll

Quake Live Internet Explorer Plugin

R.U.S.E. Free Week End

RUSH

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Skype Toolbars

Skype™ 4.2

Snood 4

StarCraft II Demo

Steam

Super Meat Boy

Supreme Commander 2

System Requirements Lab

Team Fortress 2

Team Fortress 2 Beta

The Ball

The Wonderful End of the World

Toki Tori

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2553110)

Vegas Movie Studio HD Platinum 10.0

Verizon Games Player

Verizon Help and Support Tool

Vz In Home Agent

WD SmartWare

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Center

Windows Mobile Device Center Driver Update

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

9/20/2011 8:20:17 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {A483C63A-CDBC-426E-BF93-872502E8144E}. The error: "2" Happened while starting this command: C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -Embedding

9/20/2011 8:19:24 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/20/2011 8:19:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD SmartWare Background Service service to connect.

9/20/2011 8:16:28 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

9/19/2011 9:33:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

9/19/2011 9:33:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.

9/19/2011 9:33:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

9/19/2011 9:32:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

9/19/2011 9:31:46 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

9/19/2011 9:31:46 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/19/2011 9:31:46 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/19/2011 9:31:46 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/19/2011 9:31:46 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/19/2011 9:31:46 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/19/2011 9:31:46 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/19/2011 9:31:46 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/19/2011 9:31:46 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/19/2011 9:31:46 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/19/2011 9:31:46 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/19/2011 9:31:46 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/19/2011 9:31:46 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/19/2011 9:31:46 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/19/2011 9:31:46 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/19/2011 9:24:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 9:22:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

9/19/2011 9:22:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/19/2011 9:22:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/19/2011 9:22:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

9/19/2011 9:22:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

9/19/2011 9:22:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/19/2011 9:22:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

9/19/2011 9:22:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/19/2011 9:20:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

9/19/2011 9:20:42 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/19/2011 9:20:42 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/19/2011 9:20:42 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

9/19/2011 9:20:42 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/19/2011 9:20:42 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/19/2011 9:20:42 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

9/19/2011 9:20:42 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/19/2011 9:20:42 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/19/2011 9:20:42 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/19/2011 9:20:42 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/19/2011 9:20:39 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.

9/19/2011 9:16:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 8:54:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 8:38:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 8:22:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 8:21:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x87966938, 0x87966aa4, 0x82e22d60). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091911-17113-01.

9/19/2011 8:16:26 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 8:08:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x8aed77cc, 0x00000000, 0x820708c8, 0x00000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091911-18096-01.

9/19/2011 7:56:48 PM, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.

9/19/2011 7:43:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 7:39:31 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 7:33:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 7:17:26 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 7:15:05 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 7:10:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

9/19/2011 6:28:51 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 6:25:59 PM, Error: Service Control Manager [7000] - The CarboniteService service failed to start due to the following error: Access is denied.

9/19/2011 6:25:58 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

9/19/2011 6:24:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

9/19/2011 6:24:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 6:24:19 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: Access is denied.

9/19/2011 6:24:18 PM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: Access is denied.

9/19/2011 6:24:17 PM, Error: Service Control Manager [7000] - The McciCMService service failed to start due to the following error: Access is denied.

9/19/2011 6:24:13 PM, Error: Service Control Manager [7000] - The Creative Audio Service service failed to start due to the following error: Access is denied.

9/19/2011 6:12:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 6:12:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xcb359000, 0x00000002, 0x00000000, 0x8701089c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091911-24554-01.

9/19/2011 6:04:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 5:33:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8680c500, 0x8c98bb74, 0x8c98b750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091911-26520-01.

9/19/2011 5:19:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 5:19:36 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

9/19/2011 5:04:57 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 5:02:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

9/19/2011 5:02:41 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/19/2011 5:02:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.

9/19/2011 5:02:11 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/19/2011 4:14:50 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

9/19/2011 4:00:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 3:59:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82cafc7d, 0x8c98fb50, 0x8c98f730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091911-23415-01.

9/19/2011 3:26:57 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 3:26:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8680a500, 0xb1347b74, 0xb1347750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091911-23852-01.

9/19/2011 3:12:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 3:12:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82cbac7d, 0xa9373b50, 0xa9373730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091911-27003-01.

9/19/2011 2:59:56 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

9/19/2011 2:59:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 2:58:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82cabc7d, 0x8cb83b50, 0x8cb83730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091911-27690-01.

9/19/2011 2:39:40 PM, Error: Service Control Manager [7034] - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly. It has done this 1 time(s).

9/19/2011 2:22:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 2:17:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 11:09:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 11:03:44 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Font Cache Service service, but this action failed with the following error: An instance of the service is already running.

9/19/2011 11:02:44 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SSDP Discovery service, but this action failed with the following error: An instance of the service is already running.

9/19/2011 11:02:44 PM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/19/2011 11:02:44 PM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

9/19/2011 11:02:44 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

9/19/2011 11:02:44 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/19/2011 10:59:32 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 1:59:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 1:42:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

9/19/2011 1:38:23 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

9/19/2011 1:35:33 PM, Error: Service Control Manager [7000] - The 5622 service failed to start due to the following error: The system cannot find the file specified.

9/17/2011 8:10:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

9/17/2011 4:47:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

9/15/2011 3:02:58 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

9/15/2011 3:02:58 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

[Elise]

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

• 
  

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[mss]

Hello,

Combofix running - reports that MSE is still active although I did turn off real-time protection. It seems the process I killed earlier was merely the GUI, not the actual service.

• Of note, while running, Combofix reported that my system has "Rootkit ZeroAccess" in the TCP/IP stack. I have had my ethernet adapter disabled during all of this testing/scanning steps.
  
• Also, Combofix pop-up windows for Recovery Console, etc., did not come up. Combofix went straight to a DOS box to scan.
  
• Combofix requested a reboot due to rootkit activity. After system reboot, went straight to DOS box scan with black background/no desktop icons/start menu.
  

COMBOFIX.TXT FOLLOWS:

ComboFix 11-09-20.04 - Main 09/20/2011 14:23:59.1.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1949 [GMT -4:00]

Running from: c:\users\Main\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\d.bat

c:\users\Main\AppData\Local\alrr.exe

c:\users\Main\AppData\Local\cxet.exe

c:\users\Main\AppData\Local\rrct.exe

c:\users\Main\AppData\Local\wngg.exe

c:\windows\$NtUninstallKB29813$

c:\windows\$NtUninstallKB29813$\1025357463\@

c:\windows\$NtUninstallKB29813$\1025357463\click.tlb

c:\windows\$NtUninstallKB29813$\1025357463\L\xadqgnnk

c:\windows\$NtUninstallKB29813$\1025357463\loader.tlb

c:\windows\$NtUninstallKB29813$\1025357463\U\@00000001

c:\windows\$NtUninstallKB29813$\1025357463\U\@000000c0

c:\windows\$NtUninstallKB29813$\1025357463\U\@000000cb

c:\windows\$NtUninstallKB29813$\1025357463\U\@000000cf

c:\windows\$NtUninstallKB29813$\1025357463\U\@80000000

c:\windows\$NtUninstallKB29813$\1025357463\U\@800000c0

c:\windows\$NtUninstallKB29813$\1025357463\U\@800000cb

c:\windows\$NtUninstallKB29813$\1025357463\U\@800000cf

c:\windows\$NtUninstallKB29813$\32397164

c:\windows\2545294653

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\system32\

.

.

((((((((((((((((((((((((( Files Created from 2011-08-20 to 2011-09-20 )))))))))))))))))))))))))))))))

.

.

2011-09-20 18:38 . 2011-09-20 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-20 18:38 . 2011-09-20 18:38 -------- d-----w- c:\users\Main\AppData\Local\temp

2011-09-20 12:19 . 2011-09-20 12:19 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{434BB94C-6042-4AF4-90A6-633DE4409386}\MpKsl53ed4089.sys

2011-09-20 01:31 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{434BB94C-6042-4AF4-90A6-633DE4409386}\mpengine.dll

2011-09-19 18:33 . 2011-09-19 18:33 -------- d-----w- c:\windows\Sun

2011-09-19 18:17 . 2011-09-19 18:17 -------- d-----w- c:\users\Main\AppData\Roaming\uS2obF3pm5Q6W8R

2011-09-19 18:00 . 2011-09-19 18:00 -------- d-----w- c:\users\Main\AppData\Roaming\XH5sQJ7dE8R9YwU

2011-09-19 17:41 . 2011-09-19 17:41 -------- d-----w- c:\users\Main\AppData\Roaming\xqjUCekIBzNx0v2

2011-09-19 17:34 . 2011-09-19 17:37 -------- d-----w- c:\users\Main\AppData\Roaming\nnnG4amH6

2011-09-19 17:34 . 2011-09-19 18:20 -------- d-----w- c:\users\Main\AppData\Roaming\anF4pmH5sJ

2011-09-08 12:13 . 2011-08-13 01:50 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-09-08 12:13 . 2011-08-13 01:50 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9576805-1C6C-4251-B5D6-DBA658BA4EFA}\gapaengine.dll

2011-08-27 12:31 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-20 03:07 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2011-08-31 21:00 . 2011-06-27 00:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-12 02:44 . 2011-08-14 05:38 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-01 14:59 . 2011-08-01 14:59 0 ----a-w- c:\programdata\mrwa.exe

2011-08-01 14:59 . 2011-08-01 14:59 0 ----a-w- c:\programdata\ixie.exe

2011-08-01 14:59 . 2011-08-01 14:59 0 ----a-w- c:\programdata\gsrt.exe

2011-08-01 14:59 . 2011-08-01 14:59 0 ----a-w- c:\programdata\bqgx.exe

2011-07-22 02:54 . 2011-08-10 07:07 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-10 07:07 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-10 07:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27 . 2011-08-09 21:56 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:30 . 2011-08-09 21:56 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-26 19:04 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-06-24 04:27 . 2011-08-09 21:56 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-24 04:22 . 2011-08-09 21:56 271360 ----a-w- c:\windows\system32\conhost.exe

2011-06-23 04:33 . 2011-08-09 21:56 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-23 04:33 . 2011-08-09 21:56 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-02-22 1264]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Exetender_135"="c:\program files\Verizon Games Player\GPlayer.exe" [2010-10-27 4889600]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Main^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-23 03:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]

2008-07-22 17:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

R1 MpKsl02ca8e55;MpKsl02ca8e55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7905F4A9-EE07-47E0-97AE-A7CF39A98B8D}\MpKsl02ca8e55.sys [x]

R1 MpKsl04971854;MpKsl04971854;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA9C20DA-C39F-4945-9456-A79D2E2580AA}\MpKsl04971854.sys [x]

R1 MpKsl0b3adc7e;MpKsl0b3adc7e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{906D8ED5-C214-4355-96C0-0B1EF3AF0377}\MpKsl0b3adc7e.sys [x]

R1 MpKsl0e3cd0ec;MpKsl0e3cd0ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7905F4A9-EE07-47E0-97AE-A7CF39A98B8D}\MpKsl0e3cd0ec.sys [x]

R1 MpKsl1442fbe2;MpKsl1442fbe2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4405EFBB-4A41-4B73-8AFB-AD04F3758309}\MpKsl1442fbe2.sys [x]

R1 MpKsl1f298334;MpKsl1f298334;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKsl1f298334.sys [x]

R1 MpKsl2e407e22;MpKsl2e407e22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9F9CA30-4384-41AF-98A7-04213D75A7AE}\MpKsl2e407e22.sys [x]

R1 MpKsl3b7703bf;MpKsl3b7703bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKsl3b7703bf.sys [x]

R1 MpKsl64f503f2;MpKsl64f503f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3ED43C1-1C2D-4B1A-8FAC-93804B6A38BB}\MpKsl64f503f2.sys [x]

R1 MpKsl8095eccb;MpKsl8095eccb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B994C9D-2392-45D8-9779-A0D58543629D}\MpKsl8095eccb.sys [x]

R1 MpKsl95212787;MpKsl95212787;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCACB125-D98A-4566-AFBA-BEEDE69B8FC1}\MpKsl95212787.sys [x]

R1 MpKslb0d09274;MpKslb0d09274;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9276D608-6EF2-41BB-9777-78D96BCB9444}\MpKslb0d09274.sys [x]

R1 MpKslb1b6e323;MpKslb1b6e323;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKslb1b6e323.sys [x]

R1 MpKslb3fa9fb5;MpKslb3fa9fb5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFC70D21-8D93-4DA2-87C4-8E5728DDEA64}\MpKslb3fa9fb5.sys [x]

R1 MpKslb4519cf7;MpKslb4519cf7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C503BB63-4CE4-4D7E-8C26-7F7B9F18A362}\MpKslb4519cf7.sys [x]

R1 MpKslbf50a83a;MpKslbf50a83a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKslbf50a83a.sys [x]

R1 MpKsleb44bfa8;MpKsleb44bfa8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACDA316E-1682-4343-A461-C8C741568061}\MpKsleb44bfa8.sys [x]

R1 mwkzeicb;mwkzeicb;c:\windows\system32\drivers\mwkzeicb.sys [x]

R1 xnqiidrp;xnqiidrp;c:\windows\system32\drivers\xnqiidrp.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 16396]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-21 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-21 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]

R3 ECRDRV;ECRDRV;c:\windows\system32\drivers\ecrdrv.sys [2006-08-02 17580]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-22 1343400]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]

R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 ZetSFD;Zetera Storage Class Filter Driver;c:\windows\system32\DRIVERS\ZetSFD.sys [2007-08-09 13824]

S1 MpKsl53ed4089;MpKsl53ed4089;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{434BB94C-6042-4AF4-90A6-633DE4409386}\MpKsl53ed4089.sys [2011-09-20 28752]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110552]

S2 X4HSEx_Pr135;X4HSEx_Pr135;c:\program files\Verizon Games Player\X4HSEx.Sys [2010-03-11 56352]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 22:11]

.

2011-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 22:11]

.

2011-09-19 c:\windows\Tasks\User_Feed_Synchronization-{A402C951-CF5D-42F7-80CB-7AC129EB92B5}.job

- c:\windows\system32\msfeedssync.exe [2011-04-28 23:21]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.drudgereport.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {{7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - {1E866952-62EA-4161-B97D-4D228CEDF7A0} - c:\program files\UAPick\UABtn.dll

TCP: DhcpNameServer = 192.168.55.1 71.242.0.12

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {7F245E01-651F-48E5-8A85-4752EC65E4ED} - hxxp://69.133.80.51:1028/Cisco210Viewer.cab

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{95A27763-F62A-4114-9072-E81D87DE3B68} - c:\users\Main\AppData\Local\5721u.dll

HKCU-Run-AdobeBridge - (no file)

SafeBoot-98531443.sys

MSConfigStartUp-2480983055 - c:\users\Main\AppData\Local\mlg.exe

AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe

AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe

AddRemove-UnityWebPlayer - c:\users\Main\AppData\Local\Unity\WebPlayer\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-09-20 14:42:12

ComboFix-quarantined-files.txt 2011-09-20 18:42

.

Pre-Run: 105,606,840,320 bytes free

Post-Run: 108,302,172,160 bytes free

.

- - End Of File - - 11E2695BB51813B8EA9489D6E931549A

Thank you

[Elise]

Can you please rerun combofix once more and post me the new log?

[mss]

Hello,

Trying to re-run Combofix but it has not successfully run in two attempts. It seems to run as expected and extracts a number of files as it did the first run, however, it does not ever get to the DOS box scan portion of the program.

[mss]

Hello,

Downloaded a new copy of Combofix and it has made it through to the DOS scan box. I will post results shortly.

[mss]

COMBOFIX run #2 LOG FILE FOLLOWS:

ComboFix 11-09-20.04 - Main 09/20/2011 16:18:29.2.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1582 [GMT -4:00]

Running from: c:\users\Main\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-08-20 to 2011-09-20 )))))))))))))))))))))))))))))))

.

.

2011-09-20 20:31 . 2011-09-20 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-20 01:31 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{434BB94C-6042-4AF4-90A6-633DE4409386}\mpengine.dll

2011-09-19 18:33 . 2011-09-19 18:33 -------- d-----w- c:\windows\Sun

2011-09-19 18:17 . 2011-09-19 18:17 -------- d-----w- c:\users\Main\AppData\Roaming\uS2obF3pm5Q6W8R

2011-09-19 18:00 . 2011-09-19 18:00 -------- d-----w- c:\users\Main\AppData\Roaming\XH5sQJ7dE8R9YwU

2011-09-19 17:41 . 2011-09-19 17:41 -------- d-----w- c:\users\Main\AppData\Roaming\xqjUCekIBzNx0v2

2011-09-19 17:34 . 2011-09-19 17:37 -------- d-----w- c:\users\Main\AppData\Roaming\nnnG4amH6

2011-09-19 17:34 . 2011-09-19 18:20 -------- d-----w- c:\users\Main\AppData\Roaming\anF4pmH5sJ

2011-09-08 12:13 . 2011-08-13 01:50 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-09-08 12:13 . 2011-08-13 01:50 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9576805-1C6C-4251-B5D6-DBA658BA4EFA}\gapaengine.dll

2011-08-27 12:31 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-20 03:07 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2011-08-31 21:00 . 2011-06-27 00:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-12 02:44 . 2011-08-14 05:38 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-01 14:59 . 2011-08-01 14:59 0 ----a-w- c:\programdata\mrwa.exe

2011-08-01 14:59 . 2011-08-01 14:59 0 ----a-w- c:\programdata\ixie.exe

2011-08-01 14:59 . 2011-08-01 14:59 0 ----a-w- c:\programdata\gsrt.exe

2011-08-01 14:59 . 2011-08-01 14:59 0 ----a-w- c:\programdata\bqgx.exe

2011-07-22 02:54 . 2011-08-10 07:07 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-10 07:07 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-10 07:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27 . 2011-08-09 21:56 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:30 . 2011-08-09 21:56 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-26 19:04 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-06-24 04:27 . 2011-08-09 21:56 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-24 04:22 . 2011-08-09 21:56 271360 ----a-w- c:\windows\system32\conhost.exe

2011-06-23 04:33 . 2011-08-09 21:56 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-23 04:33 . 2011-08-09 21:56 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-02-22 1264]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Exetender_135"="c:\program files\Verizon Games Player\GPlayer.exe" [2010-10-27 4889600]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Main^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-23 03:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]

2008-07-22 17:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

R1 MpKsl02ca8e55;MpKsl02ca8e55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7905F4A9-EE07-47E0-97AE-A7CF39A98B8D}\MpKsl02ca8e55.sys [x]

R1 MpKsl04971854;MpKsl04971854;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA9C20DA-C39F-4945-9456-A79D2E2580AA}\MpKsl04971854.sys [x]

R1 MpKsl0b3adc7e;MpKsl0b3adc7e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{906D8ED5-C214-4355-96C0-0B1EF3AF0377}\MpKsl0b3adc7e.sys [x]

R1 MpKsl0e3cd0ec;MpKsl0e3cd0ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7905F4A9-EE07-47E0-97AE-A7CF39A98B8D}\MpKsl0e3cd0ec.sys [x]

R1 MpKsl1442fbe2;MpKsl1442fbe2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4405EFBB-4A41-4B73-8AFB-AD04F3758309}\MpKsl1442fbe2.sys [x]

R1 MpKsl1f298334;MpKsl1f298334;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKsl1f298334.sys [x]

R1 MpKsl2e407e22;MpKsl2e407e22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9F9CA30-4384-41AF-98A7-04213D75A7AE}\MpKsl2e407e22.sys [x]

R1 MpKsl3b7703bf;MpKsl3b7703bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKsl3b7703bf.sys [x]

R1 MpKsl64f503f2;MpKsl64f503f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3ED43C1-1C2D-4B1A-8FAC-93804B6A38BB}\MpKsl64f503f2.sys [x]

R1 MpKsl8095eccb;MpKsl8095eccb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B994C9D-2392-45D8-9779-A0D58543629D}\MpKsl8095eccb.sys [x]

R1 MpKsl95212787;MpKsl95212787;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCACB125-D98A-4566-AFBA-BEEDE69B8FC1}\MpKsl95212787.sys [x]

R1 MpKslb0d09274;MpKslb0d09274;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9276D608-6EF2-41BB-9777-78D96BCB9444}\MpKslb0d09274.sys [x]

R1 MpKslb1b6e323;MpKslb1b6e323;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKslb1b6e323.sys [x]

R1 MpKslb3fa9fb5;MpKslb3fa9fb5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFC70D21-8D93-4DA2-87C4-8E5728DDEA64}\MpKslb3fa9fb5.sys [x]

R1 MpKslb4519cf7;MpKslb4519cf7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C503BB63-4CE4-4D7E-8C26-7F7B9F18A362}\MpKslb4519cf7.sys [x]

R1 MpKslbf50a83a;MpKslbf50a83a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKslbf50a83a.sys [x]

R1 MpKsleb44bfa8;MpKsleb44bfa8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACDA316E-1682-4343-A461-C8C741568061}\MpKsleb44bfa8.sys [x]

R1 mwkzeicb;mwkzeicb;c:\windows\system32\drivers\mwkzeicb.sys [x]

R1 xnqiidrp;xnqiidrp;c:\windows\system32\drivers\xnqiidrp.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 16396]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-21 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-21 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]

R3 ECRDRV;ECRDRV;c:\windows\system32\drivers\ecrdrv.sys [2006-08-02 17580]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-22 1343400]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]

R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]

R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]

R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 ZetSFD;Zetera Storage Class Filter Driver;c:\windows\system32\DRIVERS\ZetSFD.sys [2007-08-09 13824]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110552]

S2 X4HSEx_Pr135;X4HSEx_Pr135;c:\program files\Verizon Games Player\X4HSEx.Sys [2010-03-11 56352]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 22:11]

.

2011-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 22:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.drudgereport.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {{7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - {1E866952-62EA-4161-B97D-4D228CEDF7A0} - c:\program files\UAPick\UABtn.dll

TCP: DhcpNameServer = 192.168.55.1 71.242.0.12

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {7F245E01-651F-48E5-8A85-4752EC65E4ED} - hxxp://69.133.80.51:1028/Cisco210Viewer.cab

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1236)

c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

Completion time: 2011-09-20 16:33:46

ComboFix-quarantined-files.txt 2011-09-20 20:33

ComboFix2.txt 2011-09-20 18:42

.

Pre-Run: 108,345,368,576 bytes free

Post-Run: 108,299,952,128 bytes free

.

- - End Of File - - DD75A7934284AE67A9C3556FFE00A3E0

[Elise]

That looks better! How are things running now? Any problem left?

CF-SCRIPT

-------------

We need to execute a CF-script.

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

Folder::
c:\users\Main\AppData\Roaming\uS2obF3pm5Q6W8R
c:\users\Main\AppData\Roaming\XH5sQJ7dE8R9YwU
c:\users\Main\AppData\Roaming\xqjUCekIBzNx0v2
c:\users\Main\AppData\Roaming\nnnG4amH6
c:\users\Main\AppData\Roaming\anF4pmH5sJ

File::
c:\programdata\mrwa.exe
c:\programdata\ixie.exe
c:\programdata\gsrt.exe
c:\programdata\bqgx.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[mss]

That looks better! How are things running now? Any problem left?

Hello,

I have kept the computer offline (network adapter disabled) until I received your response (using another computer for all of these forum messages, etc.), therefore, I can't tell if it's any better. I have run multiple MSE and MBAM scans which report nothing suspicious, however, I seen in the Combofix log that a number of OpenCloud items were deleted (my initial observed infection was OpenCloud).

Running CFScript.txt -> Combofix.exe now

COMBOFIX.TXT run #3 (using CFScript.txt as directed) FOLLOWS:

ComboFix 11-09-21.02 - Main 09/21/2011 11:10:06.3.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1833 [GMT -4:00]

Running from: E:\ComboFix.exe

Command switches used :: c:\users\Main\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programdata\bqgx.exe"

"c:\programdata\gsrt.exe"

"c:\programdata\ixie.exe"

"c:\programdata\mrwa.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\bqgx.exe

c:\programdata\gsrt.exe

c:\programdata\ixie.exe

c:\programdata\mrwa.exe

c:\users\Main\AppData\Roaming\anF4pmH5sJ

c:\users\Main\AppData\Roaming\nnnG4amH6

c:\users\Main\AppData\Roaming\nnnG4amH6\OpenCloud Security.ico

c:\users\Main\AppData\Roaming\nnnG4amH6\sysl32.dll

c:\users\Main\AppData\Roaming\nnnG4amH6\wmf.cfg

c:\users\Main\AppData\Roaming\uS2obF3pm5Q6W8R

c:\users\Main\AppData\Roaming\uS2obF3pm5Q6W8R\OpenCloud Security.ico

c:\users\Main\AppData\Roaming\uS2obF3pm5Q6W8R\wmf.cfg

c:\users\Main\AppData\Roaming\XH5sQJ7dE8R9YwU

c:\users\Main\AppData\Roaming\XH5sQJ7dE8R9YwU\OpenCloud Security.ico

c:\users\Main\AppData\Roaming\XH5sQJ7dE8R9YwU\wmf.cfg

c:\users\Main\AppData\Roaming\xqjUCekIBzNx0v2

c:\users\Main\AppData\Roaming\xqjUCekIBzNx0v2\OpenCloud Security.ico

c:\users\Main\AppData\Roaming\xqjUCekIBzNx0v2\wmf.cfg

.

.

((((((((((((((((((((((((( Files Created from 2011-08-21 to 2011-09-21 )))))))))))))))))))))))))))))))

.

.

2011-09-21 15:24 . 2011-09-21 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-20 20:49 . 2011-09-20 20:49 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5667E5C4-85B4-4CC9-ABB9-0BF425A02722}\MpKslf4cbc164.sys

2011-09-20 20:49 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5667E5C4-85B4-4CC9-ABB9-0BF425A02722}\mpengine.dll

2011-09-20 18:42 . 2011-09-21 15:24 -------- d-----w- c:\users\Main\AppData\Local\temp

2011-09-19 18:33 . 2011-09-19 18:33 -------- d-----w- c:\windows\Sun

2011-09-08 12:13 . 2011-08-13 01:50 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-09-08 12:13 . 2011-08-13 01:50 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9576805-1C6C-4251-B5D6-DBA658BA4EFA}\gapaengine.dll

2011-08-27 12:31 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-20 03:07 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2011-08-31 21:00 . 2011-06-27 00:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-12 02:44 . 2011-08-14 05:38 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-22 02:54 . 2011-08-10 07:07 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-10 07:07 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-10 07:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27 . 2011-08-09 21:56 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:30 . 2011-08-09 21:56 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-26 19:04 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-06-24 04:27 . 2011-08-09 21:56 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-24 04:22 . 2011-08-09 21:56 271360 ----a-w- c:\windows\system32\conhost.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-02-22 1264]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Exetender_135"="c:\program files\Verizon Games Player\GPlayer.exe" [2010-10-27 4889600]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Main^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-23 03:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]

2008-07-22 17:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

R1 MpKsl02ca8e55;MpKsl02ca8e55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7905F4A9-EE07-47E0-97AE-A7CF39A98B8D}\MpKsl02ca8e55.sys [x]

R1 MpKsl04971854;MpKsl04971854;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA9C20DA-C39F-4945-9456-A79D2E2580AA}\MpKsl04971854.sys [x]

R1 MpKsl0b3adc7e;MpKsl0b3adc7e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{906D8ED5-C214-4355-96C0-0B1EF3AF0377}\MpKsl0b3adc7e.sys [x]

R1 MpKsl0e3cd0ec;MpKsl0e3cd0ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7905F4A9-EE07-47E0-97AE-A7CF39A98B8D}\MpKsl0e3cd0ec.sys [x]

R1 MpKsl1442fbe2;MpKsl1442fbe2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4405EFBB-4A41-4B73-8AFB-AD04F3758309}\MpKsl1442fbe2.sys [x]

R1 MpKsl1f298334;MpKsl1f298334;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKsl1f298334.sys [x]

R1 MpKsl2e407e22;MpKsl2e407e22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9F9CA30-4384-41AF-98A7-04213D75A7AE}\MpKsl2e407e22.sys [x]

R1 MpKsl3b7703bf;MpKsl3b7703bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKsl3b7703bf.sys [x]

R1 MpKsl64f503f2;MpKsl64f503f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3ED43C1-1C2D-4B1A-8FAC-93804B6A38BB}\MpKsl64f503f2.sys [x]

R1 MpKsl8095eccb;MpKsl8095eccb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B994C9D-2392-45D8-9779-A0D58543629D}\MpKsl8095eccb.sys [x]

R1 MpKsl95212787;MpKsl95212787;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCACB125-D98A-4566-AFBA-BEEDE69B8FC1}\MpKsl95212787.sys [x]

R1 MpKslb0d09274;MpKslb0d09274;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9276D608-6EF2-41BB-9777-78D96BCB9444}\MpKslb0d09274.sys [x]

R1 MpKslb1b6e323;MpKslb1b6e323;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKslb1b6e323.sys [x]

R1 MpKslb3fa9fb5;MpKslb3fa9fb5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFC70D21-8D93-4DA2-87C4-8E5728DDEA64}\MpKslb3fa9fb5.sys [x]

R1 MpKslb4519cf7;MpKslb4519cf7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C503BB63-4CE4-4D7E-8C26-7F7B9F18A362}\MpKslb4519cf7.sys [x]

R1 MpKslbf50a83a;MpKslbf50a83a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKslbf50a83a.sys [x]

R1 MpKsleb44bfa8;MpKsleb44bfa8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACDA316E-1682-4343-A461-C8C741568061}\MpKsleb44bfa8.sys [x]

R1 mwkzeicb;mwkzeicb;c:\windows\system32\drivers\mwkzeicb.sys [x]

R1 xnqiidrp;xnqiidrp;c:\windows\system32\drivers\xnqiidrp.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 16396]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-21 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-21 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]

R3 ECRDRV;ECRDRV;c:\windows\system32\drivers\ecrdrv.sys [2006-08-02 17580]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-22 1343400]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]

R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]

R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]

R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 ZetSFD;Zetera Storage Class Filter Driver;c:\windows\system32\DRIVERS\ZetSFD.sys [2007-08-09 13824]

S1 MpKslf4cbc164;MpKslf4cbc164;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5667E5C4-85B4-4CC9-ABB9-0BF425A02722}\MpKslf4cbc164.sys [2011-09-20 28752]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110552]

S2 X4HSEx_Pr135;X4HSEx_Pr135;c:\program files\Verizon Games Player\X4HSEx.Sys [2010-03-11 56352]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLF4CBC164

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 22:11]

.

2011-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 22:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.drudgereport.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {{7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - {1E866952-62EA-4161-B97D-4D228CEDF7A0} - c:\program files\UAPick\UABtn.dll

TCP: DhcpNameServer = 192.168.55.1 71.242.0.12

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {7F245E01-651F-48E5-8A85-4752EC65E4ED} - hxxp://69.133.80.51:1028/Cisco210Viewer.cab

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-09-21 11:27:27

ComboFix-quarantined-files.txt 2011-09-21 15:27

ComboFix2.txt 2011-09-20 20:33

ComboFix3.txt 2011-09-20 18:42

.

Pre-Run: 108,356,337,664 bytes free

Post-Run: 108,302,495,744 bytes free

.

- - End Of File - - EA299E5ED8225328A7780BDD107BC2F2

[Elise]

No worries, these items were deleted because I included them in the script.

Try to use your computer a bit, see if you can connect and let me know if you encounter any problem.

[mss]

Hello,

No obvious issues. I have noted the following "fixes" that no longer are occuring since the initial infection:

(1) No pop-up scareware (Opencloud Security)

(2) No "all 4 cores to 100% until BSOD"

(3) No "Backdoor:smadow|genB" infections

(4) No Google redirect in effect

Also, multiple full scans of MSE and MBAM have come up clean.

Thank you for your time. You rock!

[Elise]

Glad to hear that!

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

• Download the latest version of Adobe Reader Version X. and save it to your desktop.
  
• Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  
• Click the download button at the bottom.
  
• If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  
• Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
  If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  
• Then from your desktop double-click on Adobe Reader to install the newest version.
  If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the "Adobe Setup - Welcome" window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Download the latest version of Java Runtime Environment (JRE) Version 7.
  
• Look for "JDK 7 (JDK or JRE).
  
• Click the "Download JRE" button at the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
  • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
    

  [*]Save it to your desktop

  [*]Close any programs you may have running - especially your web browser.

  [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

  [*]Reboot your computer once all Java components are removed.

  [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the
      icon on your desktop.
      
      
   4. Check "YES, I accept the Terms of Use."
      
   5. Click the Start button.
      
   6. Accept any security warnings from your browser.
      
   7. Under scan settings, check "Scan Archives" and "Remove found threats"
      
   8. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
        
      • Scan for potentially unsafe applications
        
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

[mss]

Hello,

Argh. Looks like I've either still got something or picked up another infection. I have not done the Acrobat, Java, or ESET steps yet.

Everything looked good, however, during a game session all four cores went to 100%. After exiting the game, I noticed the desktop was missing a few icons. The Start Menu was also different. All Programs now lists <empty> instead of all my programs/folders.

Tried a system restore back to yesterday, but when it completed, it (System Restore) stated that it used a restore point from today @ 6:34pm - not the one I selected from yesterday at 10:28am.

MSE popped up that it found Alureon which is another rootkit, right?

I hate the bastards that write this garbage code. I will let you know the results of the system restore attempt #2. After that, I will remove Java 6.23 and Acrobat 9.4.6

Thanks

[Elise]

With these infections better not use system restore, you never know what the messed up there.

Please run this: http://download.bleepingcomputer.com/grinler/unhide.exe

This should make your files visible.

The following should take care of Alureon

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

[mss]

Hello,

Understood on future system restores - I won't do that again. After a couple of failures, the PC began to boot into Windows Repair mode. I tried repair and/or restore a few times but did not succeed. Gave it one more shot this morning while I reviewed the earlier logs to determine what I would need to reload if I did a full wipe of the O/S, and voila! it finally took and all desktop files/links as well as the Start Menu program/folders were back in place.

Immediately ran TDDSKILLER as requested (also will delete Adobe Reader 9.4.6 and Java 6.0.230).

Two threats found (tdl3 and tdl4) by TDDSKILLER and cured. Log follows:

19:37:47.0168 2896 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37

19:37:47.0183 2896 ============================================================

19:37:47.0183 2896 Current date / time: 2011/09/24 19:37:47.0183

19:37:47.0183 2896 SystemInfo:

19:37:47.0183 2896

19:37:47.0183 2896 OS Version: 6.1.7601 ServicePack: 1.0

19:37:47.0183 2896 Product type: Workstation

19:37:47.0183 2896 ComputerName: MAIN-PC

19:37:47.0183 2896 UserName: Main

19:37:47.0183 2896 Windows directory: C:\Windows

19:37:47.0183 2896 System windows directory: C:\Windows

19:37:47.0183 2896 Processor architecture: Intel x86

19:37:47.0183 2896 Number of processors: 4

19:37:47.0183 2896 Page size: 0x1000

19:37:47.0183 2896 Boot type: Normal boot

19:37:47.0183 2896 ============================================================

19:37:49.0508 2896 Initialize success

19:38:04.0843 4152 ============================================================

19:38:04.0843 4152 Scan started

19:38:04.0843 4152 Mode: Manual;

19:38:04.0843 4152 ============================================================

19:38:06.0325 4152 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

19:38:06.0356 4152 1394ohci - ok

19:38:06.0559 4152 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

19:38:06.0715 4152 ACPI - ok

19:38:07.0120 4152 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

19:38:07.0120 4152 AcpiPmi - ok

19:38:07.0385 4152 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

19:38:07.0432 4152 adp94xx - ok

19:38:07.0495 4152 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

19:38:07.0526 4152 adpahci - ok

19:38:07.0604 4152 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

19:38:07.0619 4152 adpu320 - ok

19:38:07.0666 4152 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

19:38:07.0697 4152 AFD - ok

19:38:07.0713 4152 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

19:38:07.0729 4152 agp440 - ok

19:38:07.0744 4152 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

19:38:07.0760 4152 aic78xx - ok

19:38:07.0822 4152 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

19:38:07.0822 4152 aliide - ok

19:38:07.0838 4152 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

19:38:07.0869 4152 amdagp - ok

19:38:07.0869 4152 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

19:38:07.0885 4152 amdide - ok

19:38:07.0900 4152 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

19:38:07.0900 4152 AmdK8 - ok

19:38:07.0931 4152 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys

19:38:07.0947 4152 AmdLLD - ok

19:38:07.0963 4152 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

19:38:07.0963 4152 AmdPPM - ok

19:38:07.0978 4152 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

19:38:07.0994 4152 amdsata - ok

19:38:08.0025 4152 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

19:38:08.0041 4152 amdsbs - ok

19:38:08.0056 4152 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

19:38:08.0056 4152 amdxata - ok

19:38:08.0103 4152 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

19:38:08.0119 4152 AppID - ok

19:38:08.0150 4152 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

19:38:08.0150 4152 arc - ok

19:38:08.0165 4152 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

19:38:08.0181 4152 arcsas - ok

19:38:08.0228 4152 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

19:38:08.0228 4152 AsyncMac - ok

19:38:08.0243 4152 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

19:38:08.0259 4152 atapi - ok

19:38:08.0290 4152 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

19:38:08.0306 4152 b06bdrv - ok

19:38:08.0337 4152 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

19:38:08.0353 4152 b57nd60x - ok

19:38:08.0368 4152 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

19:38:08.0368 4152 Beep - ok

19:38:08.0384 4152 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

19:38:08.0399 4152 blbdrive - ok

19:38:08.0509 4152 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

19:38:08.0509 4152 bowser - ok

19:38:08.0555 4152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:38:08.0571 4152 BrFiltLo - ok

19:38:08.0587 4152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:38:08.0602 4152 BrFiltUp - ok

19:38:08.0633 4152 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

19:38:08.0649 4152 Brserid - ok

19:38:08.0665 4152 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

19:38:08.0680 4152 BrSerWdm - ok

19:38:08.0696 4152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:38:08.0711 4152 BrUsbMdm - ok

19:38:08.0727 4152 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

19:38:08.0727 4152 BrUsbSer - ok

19:38:08.0743 4152 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

19:38:08.0758 4152 BTHMODEM - ok

19:38:09.0023 4152 catchme - ok

19:38:09.0133 4152 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

19:38:09.0133 4152 cdfs - ok

19:38:09.0164 4152 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

19:38:09.0179 4152 cdrom - ok

19:38:09.0195 4152 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

19:38:09.0195 4152 circlass - ok

19:38:09.0242 4152 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

19:38:09.0257 4152 CLFS - ok

19:38:09.0289 4152 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

19:38:09.0304 4152 CmBatt - ok

19:38:09.0304 4152 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

19:38:09.0320 4152 cmdide - ok

19:38:09.0351 4152 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

19:38:09.0367 4152 CNG - ok

19:38:09.0382 4152 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

19:38:09.0398 4152 Compbatt - ok

19:38:09.0398 4152 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

19:38:09.0413 4152 CompositeBus - ok

19:38:09.0429 4152 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

19:38:09.0429 4152 crcdisk - ok

19:38:09.0491 4152 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\Windows\system32\drivers\CT20XUT.SYS

19:38:09.0538 4152 CT20XUT - ok

19:38:09.0554 4152 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\Windows\System32\drivers\CT20XUT.SYS

19:38:09.0554 4152 CT20XUT.SYS - ok

19:38:09.0585 4152 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\Windows\system32\drivers\ctac32k.sys

19:38:09.0647 4152 ctac32k - ok

19:38:09.0679 4152 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\Windows\system32\drivers\ctaud2k.sys

19:38:09.0725 4152 ctaud2k - ok

19:38:09.0741 4152 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\Windows\system32\drivers\ctdvda2k.sys

19:38:09.0866 4152 ctdvda2k - ok

19:38:10.0006 4152 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\system32\drivers\CTEXFIFX.SYS

19:38:10.0069 4152 CTEXFIFX - ok

19:38:10.0178 4152 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\System32\drivers\CTEXFIFX.SYS

19:38:10.0178 4152 CTEXFIFX.SYS - ok

19:38:10.0303 4152 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\system32\drivers\CTHWIUT.SYS

19:38:10.0318 4152 CTHWIUT - ok

19:38:10.0334 4152 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\System32\drivers\CTHWIUT.SYS

19:38:10.0334 4152 CTHWIUT.SYS - ok

19:38:10.0349 4152 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\Windows\system32\drivers\ctprxy2k.sys

19:38:10.0349 4152 ctprxy2k - ok

19:38:10.0365 4152 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\Windows\system32\drivers\ctsfm2k.sys

19:38:10.0381 4152 ctsfm2k - ok

19:38:10.0396 4152 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

19:38:10.0412 4152 DfsC - ok

19:38:10.0427 4152 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

19:38:10.0427 4152 discache - ok

19:38:10.0490 4152 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

19:38:10.0505 4152 Disk - ok

19:38:10.0521 4152 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

19:38:10.0537 4152 drmkaud - ok

19:38:10.0568 4152 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

19:38:10.0630 4152 DXGKrnl - ok

19:38:10.0724 4152 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

19:38:10.0802 4152 ebdrv - ok

19:38:10.0817 4152 ECRDRV (1c89ab10e0153451f8a58342366411dc) C:\Windows\system32\drivers\ecrdrv.sys

19:38:10.0833 4152 ECRDRV - ok

19:38:10.0864 4152 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

19:38:10.0880 4152 elxstor - ok

19:38:10.0895 4152 emupia (04afe5c11777e33178ec11e1fac47b07) C:\Windows\system32\drivers\emupia2k.sys

19:38:10.0911 4152 emupia - ok

19:38:10.0927 4152 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

19:38:10.0927 4152 ErrDev - ok

19:38:10.0973 4152 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

19:38:10.0973 4152 exfat - ok

19:38:10.0989 4152 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

19:38:11.0005 4152 fastfat - ok

19:38:11.0020 4152 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

19:38:11.0036 4152 fdc - ok

19:38:11.0098 4152 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

19:38:11.0114 4152 FileInfo - ok

19:38:11.0145 4152 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

19:38:11.0145 4152 Filetrace - ok

19:38:11.0161 4152 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

19:38:11.0176 4152 flpydisk - ok

19:38:11.0207 4152 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

19:38:11.0223 4152 FltMgr - ok

19:38:11.0239 4152 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

19:38:11.0239 4152 FsDepends - ok

19:38:11.0254 4152 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

19:38:11.0270 4152 fssfltr - ok

19:38:11.0285 4152 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

19:38:11.0285 4152 Fs_Rec - ok

19:38:11.0332 4152 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

19:38:11.0379 4152 fvevol - ok

19:38:11.0395 4152 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:38:11.0410 4152 gagp30kx - ok

19:38:11.0426 4152 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys

19:38:11.0441 4152 grmnusb - ok

19:38:11.0535 4152 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\Windows\system32\drivers\ha20x2k.sys

19:38:11.0613 4152 ha20x2k - ok

19:38:11.0629 4152 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

19:38:11.0644 4152 hcw85cir - ok

19:38:11.0644 4152 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

19:38:11.0660 4152 HDAudBus - ok

19:38:11.0675 4152 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

19:38:11.0691 4152 HidBatt - ok

19:38:11.0707 4152 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

19:38:11.0707 4152 HidBth - ok

19:38:11.0722 4152 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

19:38:11.0738 4152 HidIr - ok

19:38:11.0769 4152 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

19:38:11.0785 4152 HidUsb - ok

19:38:11.0800 4152 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

19:38:11.0800 4152 HpSAMD - ok

19:38:11.0863 4152 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

19:38:11.0863 4152 HTTP - ok

19:38:11.0909 4152 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

19:38:11.0909 4152 hwpolicy - ok

19:38:11.0925 4152 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

19:38:11.0941 4152 i8042prt - ok

19:38:11.0972 4152 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

19:38:11.0987 4152 iaStorV - ok

19:38:12.0003 4152 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

19:38:12.0019 4152 iirsp - ok

19:38:12.0034 4152 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

19:38:12.0065 4152 intelide - ok

19:38:12.0097 4152 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

19:38:12.0112 4152 intelppm - ok

19:38:12.0143 4152 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:38:12.0206 4152 IpFilterDriver - ok

19:38:12.0237 4152 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

19:38:12.0268 4152 IPMIDRV - ok

19:38:12.0299 4152 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

19:38:12.0299 4152 IPNAT - ok

19:38:12.0331 4152 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

19:38:12.0331 4152 IRENUM - ok

19:38:12.0346 4152 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

19:38:12.0346 4152 isapnp - ok

19:38:12.0393 4152 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

19:38:12.0487 4152 iScsiPrt - ok

19:38:12.0502 4152 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

19:38:12.0533 4152 kbdclass - ok

19:38:12.0549 4152 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

19:38:12.0549 4152 kbdhid - ok

19:38:12.0596 4152 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

19:38:12.0596 4152 KSecDD - ok

19:38:12.0611 4152 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

19:38:12.0627 4152 KSecPkg - ok

19:38:12.0643 4152 LGBusEnum (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys

19:38:12.0658 4152 LGBusEnum - ok

19:38:12.0658 4152 LGVirHid (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys

19:38:12.0674 4152 LGVirHid - ok

19:38:12.0705 4152 LHidFilt (f5e165b4e3df145f6e8bf3c0573f94d8) C:\Windows\system32\DRIVERS\LHidFilt.Sys

19:38:12.0721 4152 LHidFilt - ok

19:38:12.0752 4152 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

19:38:12.0783 4152 lltdio - ok

19:38:12.0799 4152 LMouFilt (b46e39b8ae439d7ce75a923e7f950040) C:\Windows\system32\DRIVERS\LMouFilt.Sys

19:38:12.0814 4152 LMouFilt - ok

19:38:12.0845 4152 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:38:12.0845 4152 LSI_FC - ok

19:38:12.0861 4152 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:38:12.0877 4152 LSI_SAS - ok

19:38:12.0892 4152 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:38:12.0892 4152 LSI_SAS2 - ok

19:38:12.0908 4152 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:38:12.0923 4152 LSI_SCSI - ok

19:38:12.0955 4152 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

19:38:12.0955 4152 luafv - ok

19:38:13.0001 4152 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

19:38:13.0001 4152 megasas - ok

19:38:13.0033 4152 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

19:38:13.0048 4152 MegaSR - ok

19:38:13.0079 4152 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

19:38:13.0079 4152 Modem - ok

19:38:13.0095 4152 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

19:38:13.0095 4152 monitor - ok

19:38:13.0111 4152 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

19:38:13.0126 4152 mouclass - ok

19:38:13.0204 4152 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

19:38:13.0204 4152 mouhid - ok

19:38:13.0345 4152 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

19:38:13.0345 4152 mountmgr - ok

19:38:13.0407 4152 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

19:38:13.0438 4152 MpFilter - ok

19:38:13.0454 4152 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

19:38:13.0469 4152 mpio - ok

19:38:13.0594 4152 MpKsl02ca8e55 - ok

19:38:13.0657 4152 MpKsl04971854 - ok

19:38:13.0657 4152 MpKsl0b3adc7e - ok

19:38:13.0672 4152 MpKsl0e3cd0ec - ok

19:38:13.0703 4152 MpKsl1442fbe2 - ok

19:38:13.0719 4152 MpKsl1f298334 - ok

19:38:13.0719 4152 MpKsl2e407e22 - ok

19:38:13.0735 4152 MpKsl3b7703bf - ok

19:38:13.0750 4152 MpKsl64f503f2 - ok

19:38:13.0750 4152 MpKsl8095eccb - ok

19:38:13.0766 4152 MpKsl95212787 - ok

19:38:13.0781 4152 MpKslb0d09274 - ok

19:38:13.0781 4152 MpKslb1b6e323 - ok

19:38:13.0797 4152 MpKslb3fa9fb5 - ok

19:38:13.0813 4152 MpKslb4519cf7 - ok

19:38:13.0813 4152 MpKslbf50a83a - ok

19:38:13.0922 4152 MpKsld0e53434 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB4A726A-2379-4687-B72C-3F5CD3FAA0AC}\MpKsld0e53434.sys

19:38:13.0922 4152 MpKsld0e53434 - ok

19:38:13.0953 4152 MpKsleb44bfa8 - ok

19:38:14.0000 4152 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

19:38:14.0031 4152 MpNWMon - ok

19:38:14.0078 4152 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

19:38:14.0078 4152 mpsdrv - ok

19:38:14.0203 4152 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

19:38:14.0218 4152 MREMP50 - ok

19:38:14.0312 4152 MREMPR5 - ok

19:38:14.0327 4152 MRENDIS5 - ok

19:38:14.0405 4152 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

19:38:14.0421 4152 MRESP50 - ok

19:38:14.0483 4152 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

19:38:14.0530 4152 MRxDAV - ok

19:38:14.0593 4152 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:38:14.0593 4152 mrxsmb - ok

19:38:14.0639 4152 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:38:14.0686 4152 mrxsmb10 - ok

19:38:14.0702 4152 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:38:14.0702 4152 mrxsmb20 - ok

19:38:14.0717 4152 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

19:38:14.0717 4152 msahci - ok

19:38:14.0764 4152 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

19:38:14.0780 4152 msdsm - ok

19:38:14.0795 4152 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

19:38:14.0795 4152 Msfs - ok

19:38:14.0827 4152 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

19:38:14.0827 4152 mshidkmdf - ok

19:38:14.0842 4152 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

19:38:14.0842 4152 msisadrv - ok

19:38:14.0889 4152 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

19:38:14.0889 4152 MSKSSRV - ok

19:38:14.0905 4152 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

19:38:14.0905 4152 MSPCLOCK - ok

19:38:14.0936 4152 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

19:38:14.0936 4152 MSPQM - ok

19:38:14.0967 4152 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

19:38:14.0967 4152 MsRPC - ok

19:38:14.0998 4152 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

19:38:14.0998 4152 mssmbios - ok

19:38:15.0029 4152 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

19:38:15.0045 4152 MSTEE - ok

19:38:15.0076 4152 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

19:38:15.0076 4152 MTConfig - ok

19:38:15.0123 4152 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

19:38:15.0139 4152 Mup - ok

19:38:15.0154 4152 mwkzeicb - ok

19:38:15.0201 4152 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

19:38:15.0217 4152 NativeWifiP - ok

19:38:15.0279 4152 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

19:38:15.0341 4152 NDIS - ok

19:38:15.0451 4152 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

19:38:15.0451 4152 NdisCap - ok

19:38:15.0497 4152 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

19:38:15.0497 4152 NdisTapi - ok

19:38:15.0560 4152 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

19:38:15.0575 4152 Ndisuio - ok

19:38:15.0700 4152 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

19:38:15.0763 4152 NdisWan - ok

19:38:15.0809 4152 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

19:38:15.0809 4152 NDProxy - ok

19:38:15.0825 4152 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

19:38:15.0825 4152 NetBIOS - ok

19:38:15.0841 4152 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

19:38:15.0872 4152 NetBT - ok

19:38:15.0934 4152 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

19:38:15.0950 4152 nfrd960 - ok

19:38:15.0981 4152 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

19:38:15.0997 4152 NisDrv - ok

19:38:16.0028 4152 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

19:38:16.0043 4152 Npfs - ok

19:38:16.0043 4152 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

19:38:16.0059 4152 nsiproxy - ok

19:38:16.0340 4152 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

19:38:16.0418 4152 Ntfs - ok

19:38:16.0465 4152 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

19:38:16.0465 4152 Null - ok

19:38:16.0511 4152 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys

19:38:16.0589 4152 NVENETFD - ok

19:38:17.0432 4152 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys

19:38:17.0900 4152 nvlddmkm - ok

19:38:18.0025 4152 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

19:38:18.0040 4152 nvraid - ok

19:38:18.0071 4152 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

19:38:18.0071 4152 nvstor - ok

19:38:18.0118 4152 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

19:38:18.0134 4152 nv_agp - ok

19:38:18.0165 4152 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

19:38:18.0181 4152 ohci1394 - ok

19:38:18.0227 4152 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\Windows\system32\drivers\ctoss2k.sys

19:38:18.0243 4152 ossrv - ok

19:38:18.0259 4152 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

19:38:18.0274 4152 Parport - ok

19:38:18.0305 4152 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

19:38:18.0305 4152 partmgr - ok

19:38:18.0321 4152 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

19:38:18.0321 4152 Parvdm - ok

19:38:18.0352 4152 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

19:38:18.0368 4152 pci - ok

19:38:18.0383 4152 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

19:38:18.0399 4152 pciide - ok

19:38:18.0415 4152 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

19:38:18.0430 4152 pcmcia - ok

19:38:18.0493 4152 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

19:38:18.0493 4152 pcw - ok

19:38:18.0508 4152 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

19:38:18.0524 4152 PEAUTH - ok

19:38:18.0617 4152 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

19:38:18.0617 4152 PptpMiniport - ok

19:38:18.0664 4152 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

19:38:18.0664 4152 Processor - ok

19:38:18.0727 4152 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

19:38:18.0773 4152 Psched - ok

19:38:18.0789 4152 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

19:38:18.0805 4152 PxHelp20 - ok

19:38:18.0867 4152 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

19:38:18.0976 4152 ql2300 - ok

19:38:18.0992 4152 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

19:38:19.0007 4152 ql40xx - ok

19:38:19.0039 4152 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

19:38:19.0039 4152 QWAVEdrv - ok

19:38:19.0070 4152 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

19:38:19.0085 4152 RasAcd - ok

19:38:19.0132 4152 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:38:19.0132 4152 RasAgileVpn - ok

19:38:19.0163 4152 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:38:19.0179 4152 Rasl2tp - ok

19:38:19.0226 4152 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

19:38:19.0241 4152 RasPppoe - ok

19:38:19.0288 4152 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

19:38:19.0288 4152 RasSstp - ok

19:38:19.0397 4152 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

19:38:19.0429 4152 rdbss - ok

19:38:19.0444 4152 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

19:38:19.0444 4152 rdpbus - ok

19:38:19.0491 4152 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:38:19.0491 4152 RDPCDD - ok

19:38:19.0507 4152 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

19:38:19.0507 4152 RDPENCDD - ok

19:38:19.0538 4152 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

19:38:19.0538 4152 RDPREFMP - ok

19:38:19.0631 4152 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

19:38:19.0631 4152 RDPWD - ok

19:38:19.0694 4152 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

19:38:19.0741 4152 rdyboost - ok

19:38:19.0772 4152 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

19:38:19.0772 4152 rspndr - ok

19:38:19.0803 4152 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

19:38:19.0819 4152 sbp2port - ok

19:38:19.0850 4152 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

19:38:19.0865 4152 scfilter - ok

19:38:19.0897 4152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

19:38:19.0897 4152 secdrv - ok

19:38:19.0943 4152 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

19:38:19.0959 4152 Serenum - ok

19:38:19.0975 4152 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

19:38:19.0990 4152 sermouse - ok

19:38:20.0021 4152 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

19:38:20.0037 4152 sffdisk - ok

19:38:20.0068 4152 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

19:38:20.0084 4152 sffp_mmc - ok

19:38:20.0099 4152 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

19:38:20.0099 4152 sffp_sd - ok

19:38:20.0115 4152 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

19:38:20.0115 4152 sfloppy - ok

19:38:20.0162 4152 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

19:38:20.0193 4152 sisagp - ok

19:38:20.0209 4152 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:38:20.0209 4152 SiSRaid2 - ok

19:38:20.0224 4152 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

19:38:20.0240 4152 SiSRaid4 - ok

19:38:20.0271 4152 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

19:38:20.0302 4152 Smb - ok

19:38:20.0333 4152 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

19:38:20.0333 4152 spldr - ok

19:38:20.0380 4152 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

19:38:20.0474 4152 srv - ok

19:38:20.0645 4152 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

19:38:20.0645 4152 srv2 - ok

19:38:20.0864 4152 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

19:38:20.0864 4152 srvnet - ok

19:38:20.0926 4152 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

19:38:20.0942 4152 stexstor - ok

19:38:20.0957 4152 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

19:38:20.0973 4152 swenum - ok

19:38:21.0191 4152 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys

19:38:21.0269 4152 Tcpip - ok

19:38:21.0316 4152 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys

19:38:21.0316 4152 TCPIP6 - ok

19:38:21.0379 4152 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

19:38:21.0425 4152 tcpipreg - ok

19:38:21.0441 4152 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

19:38:21.0441 4152 TDPIPE - ok

19:38:21.0488 4152 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

19:38:21.0535 4152 TDTCP - ok

19:38:21.0535 4152 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

19:38:21.0550 4152 tdx - ok

19:38:21.0581 4152 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

19:38:21.0628 4152 TermDD - ok

19:38:21.0691 4152 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:38:21.0691 4152 tssecsrv - ok

19:38:21.0831 4152 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

19:38:21.0847 4152 TsUsbFlt - ok

19:38:21.0893 4152 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

19:38:21.0909 4152 tunnel - ok

19:38:21.0909 4152 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

19:38:21.0925 4152 uagp35 - ok

19:38:21.0971 4152 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

19:38:21.0987 4152 udfs - ok

19:38:22.0034 4152 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

19:38:22.0034 4152 uliagpkx - ok

19:38:22.0049 4152 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

19:38:22.0065 4152 umbus - ok

19:38:22.0081 4152 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

19:38:22.0096 4152 UmPass - ok

19:38:22.0143 4152 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

19:38:22.0159 4152 usbccgp - ok

19:38:22.0190 4152 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

19:38:22.0205 4152 usbcir - ok

19:38:22.0205 4152 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

19:38:22.0221 4152 usbehci - ok

19:38:22.0252 4152 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

19:38:22.0268 4152 usbhub - ok

19:38:22.0283 4152 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys

19:38:22.0283 4152 usbohci - ok

19:38:22.0299 4152 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

19:38:22.0315 4152 usbprint - ok

19:38:22.0330 4152 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

19:38:22.0346 4152 usbscan - ok

19:38:22.0361 4152 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\DRIVERS\usbser.sys

19:38:22.0393 4152 usbser - ok

19:38:22.0408 4152 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:38:22.0408 4152 USBSTOR - ok

19:38:22.0424 4152 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys

19:38:22.0439 4152 usbuhci - ok

19:38:22.0455 4152 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

19:38:22.0455 4152 vdrvroot - ok

19:38:22.0471 4152 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

19:38:22.0486 4152 vga - ok

19:38:22.0533 4152 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

19:38:22.0549 4152 VgaSave - ok

19:38:22.0564 4152 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

19:38:22.0580 4152 vhdmp - ok

19:38:22.0595 4152 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

19:38:22.0611 4152 viaagp - ok

19:38:22.0627 4152 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

19:38:22.0642 4152 ViaC7 - ok

19:38:22.0673 4152 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

19:38:22.0673 4152 viaide - ok

19:38:22.0705 4152 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

19:38:22.0720 4152 volmgr - ok

19:38:22.0736 4152 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

19:38:22.0751 4152 volmgrx - ok

19:38:22.0783 4152 volsnap (ab6532bf1c2519efcec5b8c04d8dc407) C:\Windows\system32\drivers\volsnap.sys

19:38:22.0798 4152 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: ab6532bf1c2519efcec5b8c04d8dc407

19:38:22.0798 4152 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - infected

19:38:22.0798 4152 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)

19:38:22.0845 4152 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

19:38:22.0861 4152 vsmraid - ok

19:38:22.0970 4152 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

19:38:22.0970 4152 vwifibus - ok

19:38:23.0048 4152 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

19:38:23.0048 4152 WacomPen - ok

19:38:23.0141 4152 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

19:38:23.0157 4152 WANARP - ok

19:38:23.0157 4152 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

19:38:23.0157 4152 Wanarpv6 - ok

19:38:23.0266 4152 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

19:38:23.0266 4152 Wd - ok

19:38:23.0329 4152 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys

19:38:23.0344 4152 WDC_SAM - ok

19:38:23.0407 4152 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

19:38:23.0407 4152 Wdf01000 - ok

19:38:23.0485 4152 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

19:38:23.0531 4152 WfpLwf - ok

19:38:23.0547 4152 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

19:38:23.0594 4152 WIMMount - ok

19:38:23.0641 4152 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.SYS

19:38:23.0656 4152 WINUSB - ok

19:38:23.0687 4152 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

19:38:23.0703 4152 WmiAcpi - ok

19:38:23.0719 4152 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

19:38:23.0719 4152 ws2ifsl - ok

19:38:23.0765 4152 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

19:38:23.0781 4152 WudfPf - ok

19:38:23.0859 4152 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:38:23.0859 4152 WUDFRd - ok

19:38:23.0984 4152 X4HSEx_Pr135 (13cf1854fecc1b4d7490983b03cdbcd2) C:\Program Files\Verizon Games Player\X4HSEx.Sys

19:38:24.0031 4152 X4HSEx_Pr135 - ok

19:38:24.0062 4152 xnqiidrp - ok

19:38:24.0077 4152 ZetSFD (ed7a426c372e9f5bbcbf32e065a6a31b) C:\Windows\system32\DRIVERS\ZetSFD.sys

19:38:24.0093 4152 ZetSFD - ok

19:38:24.0093 4152 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0

19:38:24.0093 4152 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected

19:38:24.0093 4152 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

19:38:24.0109 4152 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1

19:38:24.0109 4152 \Device\Harddisk1\DR1 - ok

19:38:24.0109 4152 Boot (0x1200) (9b5fabfb8f7e6be9841745feb0632851) \Device\Harddisk0\DR0\Partition0

19:38:24.0109 4152 \Device\Harddisk0\DR0\Partition0 - ok

19:38:24.0109 4152 Boot (0x1200) (4bedfc55eb22ff7703c2638b65d20cdc) \Device\Harddisk1\DR1\Partition0

19:38:24.0109 4152 \Device\Harddisk1\DR1\Partition0 - ok

19:38:24.0109 4152 ============================================================

19:38:24.0109 4152 Scan finished

19:38:24.0109 4152 ============================================================

19:38:24.0124 4704 Detected object count: 2

19:38:24.0124 4704 Actual detected object count: 2

19:38:44.0685 4704 Backup copy found, using it..

19:38:44.0716 4704 C:\Windows\system32\drivers\volsnap.sys - will be cured on reboot

19:38:44.0716 4704 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure

19:38:44.0857 4704 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot

19:38:44.0857 4704 \Device\Harddisk0\DR0 - ok

19:38:44.0888 4704 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure

19:39:52.0288 5572 Deinitialize success

[mss]

Hello,

FYI - reran TDDSKILLER.exe again for grins and had zero threats returned.

Should I go back to your request to run ESET?

Thanks - again, you rock!

[Elise]

Two more rootkits, so I'd prefer another scan. Can you please rerun combofix and post me the new log?

[mss]

Combofix running now

DOS box lists infected system file

"C:\Windows\System32\Drivers\Volsnap.sys"

After about 10 minutes, Combofix showed two lines:

"File could not be found"

"File could not be found"

and then went forward to attempt to create a restore point.

Combofix then reported in a pop-up window that rootkit.ZeroAccess! had been found. A reboot was then forced by Combofix.

After reboot, Combofix continued to run as expected.

COMBOFIX LOG #4 follows:

ComboFix 11-09-26.02 - Main 09/26/2011 19:03:08.4.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1851 [GMT -4:00]

Running from: c:\users\Main\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB29813$

c:\windows\$NtUninstallKB29813$\60058685

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\system32\c_62941.nls

.

.

.

.

((((((((((((((((((((((((( Files Created from 2011-08-26 to 2011-09-26 )))))))))))))))))))))))))))))))

.

.

2011-09-26 23:18 . 2011-09-26 23:18 -------- d-----w- c:\users\Main\AppData\Local\temp

2011-09-26 23:18 . 2011-09-26 23:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-26 00:10 . 2011-09-26 00:10 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D421C6E-08EA-4950-B468-495650E86383}\MpKslbf3a5e80.sys

2011-09-26 00:10 . 2011-09-26 23:02 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D421C6E-08EA-4950-B468-495650E86383}\offreg.dll

2011-09-26 00:10 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D421C6E-08EA-4950-B468-495650E86383}\mpengine.dll

2011-09-22 14:39 . 2011-09-22 14:39 -------- d-----w- C:\AIM_SPORT

2011-09-19 18:33 . 2011-09-19 18:33 -------- d-----w- c:\windows\Sun

2011-09-08 12:13 . 2011-08-13 01:50 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-09-08 12:13 . 2011-08-13 01:50 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9576805-1C6C-4251-B5D6-DBA658BA4EFA}\gapaengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-24 23:39 . 2011-06-23 15:58 245632 ----a-w- c:\windows\system32\drivers\volsnap.sys

2011-09-20 03:07 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2011-09-12 23:14 . 2011-08-14 05:38 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-31 21:00 . 2011-06-27 00:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-22 02:54 . 2011-08-10 07:07 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-10 07:07 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-10 07:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27 . 2011-08-09 21:56 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 21:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 04:29 . 2011-08-27 12:31 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:30 . 2011-08-09 21:56 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-02-22 1264]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Exetender_135"="c:\program files\Verizon Games Player\GPlayer.exe" [2010-10-27 4889600]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Main^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 07:44 500208 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-23 03:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]

2008-07-22 17:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

R1 MpKsl02ca8e55;MpKsl02ca8e55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7905F4A9-EE07-47E0-97AE-A7CF39A98B8D}\MpKsl02ca8e55.sys [x]

R1 MpKsl04971854;MpKsl04971854;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA9C20DA-C39F-4945-9456-A79D2E2580AA}\MpKsl04971854.sys [x]

R1 MpKsl0b3adc7e;MpKsl0b3adc7e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{906D8ED5-C214-4355-96C0-0B1EF3AF0377}\MpKsl0b3adc7e.sys [x]

R1 MpKsl0e3cd0ec;MpKsl0e3cd0ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7905F4A9-EE07-47E0-97AE-A7CF39A98B8D}\MpKsl0e3cd0ec.sys [x]

R1 MpKsl1442fbe2;MpKsl1442fbe2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4405EFBB-4A41-4B73-8AFB-AD04F3758309}\MpKsl1442fbe2.sys [x]

R1 MpKsl1f298334;MpKsl1f298334;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKsl1f298334.sys [x]

R1 MpKsl2e407e22;MpKsl2e407e22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9F9CA30-4384-41AF-98A7-04213D75A7AE}\MpKsl2e407e22.sys [x]

R1 MpKsl3b7703bf;MpKsl3b7703bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKsl3b7703bf.sys [x]

R1 MpKsl64f503f2;MpKsl64f503f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3ED43C1-1C2D-4B1A-8FAC-93804B6A38BB}\MpKsl64f503f2.sys [x]

R1 MpKsl8095eccb;MpKsl8095eccb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B994C9D-2392-45D8-9779-A0D58543629D}\MpKsl8095eccb.sys [x]

R1 MpKsl95212787;MpKsl95212787;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCACB125-D98A-4566-AFBA-BEEDE69B8FC1}\MpKsl95212787.sys [x]

R1 MpKslb0d09274;MpKslb0d09274;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9276D608-6EF2-41BB-9777-78D96BCB9444}\MpKslb0d09274.sys [x]

R1 MpKslb1b6e323;MpKslb1b6e323;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKslb1b6e323.sys [x]

R1 MpKslb3fa9fb5;MpKslb3fa9fb5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFC70D21-8D93-4DA2-87C4-8E5728DDEA64}\MpKslb3fa9fb5.sys [x]

R1 MpKslb4519cf7;MpKslb4519cf7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C503BB63-4CE4-4D7E-8C26-7F7B9F18A362}\MpKslb4519cf7.sys [x]

R1 MpKslbf50a83a;MpKslbf50a83a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5B43E18-9C3B-4669-A92C-C74ED47504B7}\MpKslbf50a83a.sys [x]

R1 MpKsleb44bfa8;MpKsleb44bfa8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACDA316E-1682-4343-A461-C8C741568061}\MpKsleb44bfa8.sys [x]

R1 mwkzeicb;mwkzeicb;c:\windows\system32\drivers\mwkzeicb.sys [x]

R1 xnqiidrp;xnqiidrp;c:\windows\system32\drivers\xnqiidrp.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 16396]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-21 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-21 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]

R3 ECRDRV;ECRDRV;c:\windows\system32\drivers\ecrdrv.sys [2006-08-02 17580]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-22 1343400]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]

R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]

R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]

R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 ZetSFD;Zetera Storage Class Filter Driver;c:\windows\system32\DRIVERS\ZetSFD.sys [2007-08-09 13824]

S1 MpKslbf3a5e80;MpKslbf3a5e80;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D421C6E-08EA-4950-B468-495650E86383}\MpKslbf3a5e80.sys [2011-09-26 28752]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110552]

S2 X4HSEx_Pr135;X4HSEx_Pr135;c:\program files\Verizon Games Player\X4HSEx.Sys [2010-03-11 56352]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 22:11]

.

2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 22:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.drudgereport.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {{7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - {1E866952-62EA-4161-B97D-4D228CEDF7A0} - c:\program files\UAPick\UABtn.dll

TCP: DhcpNameServer = 192.168.55.1 71.242.0.12

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {7F245E01-651F-48E5-8A85-4752EC65E4ED} - hxxp://69.133.80.51:1028/Cisco210Viewer.cab

.

Supplementary scan did not complete!

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-92387208.sys

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-09-26 19:22:01

ComboFix-quarantined-files.txt 2011-09-21 15:27

ComboFix2.txt 2011-09-21 15:27

ComboFix3.txt 2011-09-20 18:42

.

Pre-Run: 105,322,717,184 bytes free

Post-Run: 105,172,754,432 bytes free

.

- - End Of File - - 54192B28A3D2D14475B189FB017DA45F

[mss]

FYI - Rerunning Combofix as was done earlier in our removal process and VOLSNAP.SYS is still infected. "File not found" message popped up again. Combofix is now running normal scanning stages.

[mss]

Hello,

Ran Combofix two more times with reboots in between. No errors on VOLSNAP.SYS nor any pop-up messages about rootkit infections.

I have Combofix logs #5, #6, and #7 if you need to see them.

[Elise]

TDSSkiller should have fixed the volsnap infection. How are things running now?

[mss]

Hello,

PC is running well. No infections per MSE or MBAM that I can tell. Reran Combofix as mentioned above and TDDSKILLER a couple times with no threats reported. No BSODs or strange CPU 4x @ 100% observations.