Malware and maybe more [Solved]

RandyL · August 15, 2013

A bad time to get my oldest friends mothers computer what with remodeling but I have it.

1. No AV.

2. IE really messed up. Downloads and updates etc.

3. sluggish.

4. Flash in in programs and features but not in control panel.

5. No Areo option in Themes.

6. Malwarebytes and ESET freeze and quit responding on two different things.

C:\USERS\MELISSA\Local Settings\Temporary Internet Files\Content.IE5\8VNS4M94\desktop.ini

and

C:\USERS\DEFAULT\Local Settings\Temporary Internet Files\Content.IE5\8VNS4M94\desktop.ini

7. Computer making random changes like turning on side bar.

8. Two teenage grandchildren used the computer.

9. ARO 2011 registry cleaner used.

10. And the list goes on.

I fixed Areo by running sfc.

I got Malwarebytes to run by installing and scanning with MSE and removing Trojans but also had to run ATF-Cleaner and AdwCleaner first.

I still had to use Ccleaner to remove the desktop.ini files first.

I reset IE9 too.

And the list of issues goes on even so.

Vista 32 bit home premium-Compaq-desktop-2Gb ram ddr2

BIOS drive test passed.

No memory tests ran yet.

MSE quarintined;

Trojan:Win32/Sirefef!cfg

Trojan:Win32/Sirefef.P

Trojan:Win32/Siref.AG

Trojan:Win32/Siref.AN

Trojan:Win32/Siref

Exploit:JS/StykxEk.A

Exploit:Win32/Pdfjsc.RF

AdwCleaner log file;

# AdwCleaner v2.306 - Logfile created 08/13/2013 at 15:30:26

# Updated 19/07/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : Melissa - MELISSA-PC

# Boot Mode : Normal

# Running from : C:\Users\Melissa\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

Folder Deleted : C:\Program Files\Application Updater

Folder Deleted : C:\Program Files\Common Files\spigot

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Coupons.com

Folder Deleted : C:\Program Files\Free Offers from Freeze.com

Folder Deleted : C:\Program Files\Inbox Toolbar

Folder Deleted : C:\ProgramData\Free Ride Games

Folder Deleted : C:\Users\Melissa\AppData\Local\Temp\AskSearch

Folder Deleted : C:\Users\Melissa\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Melissa\AppData\LocalLow\Coupons.com

Folder Deleted : C:\Users\Melissa\AppData\LocalLow\Search Settings

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\Coupons.com

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Freeze.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupons.com Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37153479-1976-43C3-A1EE-557513977B64}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE869485-18FC-43FB-AEE2-F6E1EF53A6E2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37153479-1976-43C3-A1EE-557513977B64}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

Key Deleted : HKCU\Software\Search Settings

Key Deleted : HKCU\Software\XBTB03021

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\Application Updater

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B66A848-813C-4165-AE05-53A534B397FF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE869485-18FC-43FB-AEE2-F6E1EF53A6E2}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Coupons.com

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8B2E9F2-167B-4759-963F-C0B6350E2AF9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37153479-1976-43C3-A1EE-557513977B64}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0B66A848-813C-4165-AE05-53A534B397FF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupons.com Toolbar

Key Deleted : HKLM\Software\Search Settings

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37153479-1976-43C3-A1EE-557513977B64}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{37153479-1976-43C3-A1EE-557513977B64}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8379 octets] - [13/08/2013 15:29:43]

AdwCleaner[s1].txt - [7711 octets] - [13/08/2013 15:30:26]

########## EOF - C:\AdwCleaner[s1].txt - [7771 octets] ##########

Malwarebytes log file follows;

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.08.13.05

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Melissa :: MELISSA-PC [administrator]

8/13/2013 3:57:32 PM

mbam-log-2013-08-13 (15-57-32).txt

Scan type: Full scan (C:\|)

Scan options disabled: P2P

Objects scanned: 797528

Time elapsed: 9 hour(s), 37 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 9

C:\$Recycle.Bin\S-1-5-21-1820304486-1500276803-1493905708-1000\$eebcbfaf17eb994eba4c8abf9c748dab\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-1820304486-1500276803-1493905708-1000\$eebcbfaf17eb994eba4c8abf9c748dab\U\00000008.@ (Trojan.0Access) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-1820304486-1500276803-1493905708-1000\$eebcbfaf17eb994eba4c8abf9c748dab\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-1820304486-1500276803-1493905708-1000\$eebcbfaf17eb994eba4c8abf9c748dab\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-1820304486-1500276803-1493905708-1000\$eebcbfaf17eb994eba4c8abf9c748dab\U\80000032.@ (Trojan.0Access) -> Quarantined and deleted successfully.

C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REN0A1E4\TelevisionFanatic.exe (PUP.Optional.MyWebSearch) -> Quarantined and deleted successfully.

C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6XRZX7OA\security_cleaner[1].exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.

C:\Users\Melissa\AppData\Local\Temp\Low\Inbox.cab (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

C:\Users\Melissa\AppData\Local\Temp\Low\Inbox_dll.cab (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

(end)

I'll do the OTL in the next post but this thing is a real mess.

Edited November 19, 2013 by Starbuck

Starbuck · August 15, 2013

Hi Randy,

this thing is a real mess.

You're not kidding.

Before we start, i must say that one or more of the malware items found can communicate with remote computers, download and run code, send emails and redirect browser requests. Unfortunately we cannot be sure about what they have done.

If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

For more information read ....Here

If you choose to format and reinstall read...... Here

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again.

If you want to continue let's check that Zero Access has been removed:

Download RogueKiller and save it to your desktop.

Close all the running processes
Double click RogueKiller icon to run the program
Vista/Win7 users should right click the icon and select Run as Administrator.
Wait for the Prescan to finish.
Now click the Scan button.
Please copy and paste the report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

Note:

If RogueKiller is blocked, do not hesitate to try running it again.

If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

RandyL · August 15, 2013

Hi Starbuck;

I looked up those infections too and they really are bad. OTL ran for 9 hours and quit responding. It might be the infections or it might be a memory issue. Strange things were happening like sidebar turning on by itself.

I'll run RogueKiller and see what happens.

RandyL · August 15, 2013

Here is that report for you Starbuck.

RogueKiller V8.6.5 [Aug 5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Melissa [Admin rights]

Mode : Remove -- Date : 08/15/2013 14:57:35

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJ SECU] HKLM\[...]\Security Center : AntiVirusDisableNotify (0) -> REPLACED ()

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[sCREENSVR][sUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Users\Melissa\Desktop\OTL.scr [-]) -> REPLACED (C:\Windows\system32\logon.scr)

¤¤¤ Scheduled tasks : 2 ¤¤¤

[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Melissa\AppData\Local\Temp\IHU3F07.tmp.exe [x][x] -> DELETED

[V2][sUSP PATH] RunAsStdUser Task : C:\Users\Melissa\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe - -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=FB-SEM&browser=IE&success=1&trackid=yah-161 [x][x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

208.43.47.212 a1n.review.zdnet.com

208.43.47.212 d1n.reviews.cnet.com

208.43.47.212 reviewn.2009softwarereviews.com

208.43.47.212 reviewsn.download.com

208.43.47.212 reviewsn.pcadvisor.co.uk

208.43.47.212 reviewsn.pcpro.co.uk

208.43.47.212 reviewsn.techradar.com

208.43.47.212 reviewsn.riverstreams.co.uk

208.43.47.212 reviewsn.pcmag.com

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST350062 0AS SCSI Disk Device +++++

--- User ---

[MBR] e0f9e5bff73313e688c62d44652da213

[bSP] 309fdfd200901d3359dd1e035123a213 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 466536 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 955465875 | Size: 10401 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[0]_D_08152013_145735.txt >>

RKreport[0]_S_08152013_145630.txt

Starbuck · August 15, 2013

Hi Randy,

It might be the infections or it might be a memory issue. Strange things were happening like sidebar turning on by itself.

I think we need to remove any malware that we can see and then look into any setting changes.

If some of this malware is still around, it may only keep resetting things again.

RogueKiller will inform us if Zero Access is still active and will take care of some other malware if present.

Starbuck · August 15, 2013

Mode : Remove -- Date : 08/15/2013 14:57:35

Ok, that saves us having to run the delete part. :)

Step 1

Download TDSSKiller and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
Vista/Win7 users should right-click and select Run As Administrator.

http://img.photobucket.com/albums/v708/starbuck50/new/tdss1.png
If an infected file is detected, the default action will be Cure, click on Continue.

http://img.photobucket.com/albums/v708/starbuck50/new/tdss2.png
If a suspicious file is detected, the default action will be Skip, click on Continue.

http://img.photobucket.com/albums/v708/starbuck50/new/tdss3.png
It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://img.photobucket.com/albums/v708/starbuck50/new/tdss4.png
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply.

Step 2

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1

Link 2

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
For more information read:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please submit:

TDSSKiller report

Combofix.txt

Thanks.

Edited August 15, 2013 by Starbuck

RandyL · August 16, 2013

TDSSKiller didn't find anything but here is the report. :)

22:09:55.0358 1272 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

22:09:56.0325 1272 ============================================================

22:09:56.0325 1272 Current date / time: 2013/08/15 22:09:56.0325

22:09:56.0325 1272 SystemInfo:

22:09:56.0325 1272

22:09:56.0325 1272 OS Version: 6.0.6002 ServicePack: 2.0

22:09:56.0325 1272 Product type: Workstation

22:09:56.0325 1272 ComputerName: MELISSA-PC

22:09:56.0325 1272 UserName: Melissa

22:09:56.0325 1272 Windows directory: C:\Windows

22:09:56.0325 1272 System windows directory: C:\Windows

22:09:56.0325 1272 Processor architecture: Intel x86

22:09:56.0325 1272 Number of processors: 2

22:09:56.0325 1272 Page size: 0x1000

22:09:56.0325 1272 Boot type: Normal boot

22:09:56.0325 1272 ============================================================

22:09:59.0102 1272 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

22:09:59.0102 1272 ============================================================

22:09:59.0102 1272 \Device\Harddisk0\DR0:

22:09:59.0102 1272 MBR partitions:

22:09:59.0102 1272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38F34054

22:09:59.0102 1272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38F34093, BlocksNum 0x1450BAE

22:09:59.0102 1272 ============================================================

22:09:59.0133 1272 C: <-> \Device\Harddisk0\DR0\Partition1

22:09:59.0226 1272 D: <-> \Device\Harddisk0\DR0\Partition2

22:09:59.0398 1272 ============================================================

22:09:59.0398 1272 Initialize success

22:09:59.0398 1272 ============================================================

22:10:20.0723 3420 ============================================================

22:10:20.0723 3420 Scan started

22:10:20.0723 3420 Mode: Manual;

22:10:20.0723 3420 ============================================================

22:10:21.0066 3420 ================ Scan system memory ========================

22:10:21.0066 3420 System memory - ok

22:10:21.0066 3420 ================ Scan services =============================

22:10:21.0222 3420 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

22:10:21.0238 3420 ACDaemon - ok

22:10:21.0363 3420 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

22:10:21.0378 3420 ACPI - ok

22:10:21.0488 3420 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

22:10:21.0503 3420 AdobeFlashPlayerUpdateSvc - ok

22:10:21.0612 3420 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

22:10:21.0628 3420 adp94xx - ok

22:10:21.0675 3420 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys

22:10:21.0690 3420 adpahci - ok

22:10:21.0722 3420 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

22:10:21.0722 3420 adpu160m - ok

22:10:21.0768 3420 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

22:10:21.0784 3420 adpu320 - ok

22:10:21.0878 3420 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

22:10:21.0893 3420 AeLookupSvc - ok

22:10:21.0924 3420 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\Windows\system32\drivers\Afc.sys

22:10:21.0924 3420 Afc - ok

22:10:22.0018 3420 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

22:10:22.0018 3420 AFD - ok

22:10:22.0080 3420 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys

22:10:22.0080 3420 agp440 - ok

22:10:22.0143 3420 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

22:10:22.0143 3420 aic78xx - ok

22:10:22.0174 3420 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

22:10:22.0190 3420 ALG - ok

22:10:22.0205 3420 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys

22:10:22.0221 3420 aliide - ok

22:10:22.0252 3420 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys

22:10:22.0283 3420 amdagp - ok

22:10:22.0314 3420 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys

22:10:22.0314 3420 amdide - ok

22:10:22.0361 3420 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

22:10:22.0377 3420 AmdK7 - ok

22:10:22.0408 3420 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

22:10:22.0408 3420 AmdK8 - ok

22:10:22.0439 3420 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

22:10:22.0439 3420 Appinfo - ok

22:10:22.0533 3420 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:10:22.0533 3420 Apple Mobile Device - ok

22:10:22.0580 3420 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys

22:10:22.0595 3420 arc - ok

22:10:22.0642 3420 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys

22:10:22.0642 3420 arcsas - ok

22:10:22.0704 3420 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

22:10:22.0704 3420 AsyncMac - ok

22:10:22.0767 3420 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

22:10:22.0767 3420 atapi - ok

22:10:22.0829 3420 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

22:10:22.0845 3420 AudioEndpointBuilder - ok

22:10:22.0876 3420 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

22:10:22.0876 3420 Audiosrv - ok

22:10:22.0907 3420 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

22:10:22.0907 3420 Beep - ok

22:10:22.0970 3420 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

22:10:22.0985 3420 BFE - ok

22:10:23.0094 3420 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll

22:10:23.0126 3420 BITS - ok

22:10:23.0157 3420 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

22:10:23.0157 3420 blbdrive - ok

22:10:23.0282 3420 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

22:10:23.0297 3420 Bonjour Service - ok

22:10:23.0391 3420 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

22:10:23.0406 3420 bowser - ok

22:10:23.0453 3420 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

22:10:23.0484 3420 BrFiltLo - ok

22:10:23.0500 3420 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

22:10:23.0516 3420 BrFiltUp - ok

22:10:23.0562 3420 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

22:10:23.0562 3420 Browser - ok

22:10:23.0625 3420 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

22:10:23.0625 3420 Brserid - ok

22:10:23.0656 3420 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

22:10:23.0656 3420 BrSerWdm - ok

22:10:23.0703 3420 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

22:10:23.0703 3420 BrUsbMdm - ok

22:10:23.0750 3420 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

22:10:23.0750 3420 BrUsbSer - ok

22:10:23.0796 3420 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

22:10:23.0796 3420 BTHMODEM - ok

22:10:23.0828 3420 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

22:10:23.0843 3420 cdfs - ok

22:10:23.0952 3420 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

22:10:23.0968 3420 cdrom - ok

22:10:24.0015 3420 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

22:10:24.0030 3420 CertPropSvc - ok

22:10:24.0046 3420 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys

22:10:24.0046 3420 circlass - ok

22:10:24.0124 3420 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

22:10:24.0124 3420 CLFS - ok

22:10:24.0186 3420 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:10:24.0202 3420 clr_optimization_v2.0.50727_32 - ok

22:10:24.0296 3420 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:10:24.0342 3420 clr_optimization_v4.0.30319_32 - ok

22:10:24.0374 3420 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys

22:10:24.0374 3420 cmdide - ok

22:10:24.0420 3420 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys

22:10:24.0420 3420 Compbatt - ok

22:10:24.0436 3420 COMSysApp - ok

22:10:24.0483 3420 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

22:10:24.0483 3420 crcdisk - ok

22:10:24.0530 3420 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys

22:10:24.0530 3420 Crusoe - ok

22:10:24.0576 3420 [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc C:\Windows\system32\cryptsvc.dll

22:10:24.0592 3420 CryptSvc - ok

22:10:24.0670 3420 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

22:10:24.0701 3420 DcomLaunch - ok

22:10:24.0717 3420 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

22:10:24.0732 3420 DfsC - ok

22:10:24.0842 3420 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

22:10:24.0888 3420 DFSR - ok

22:10:24.0966 3420 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

22:10:24.0966 3420 Dhcp - ok

22:10:25.0013 3420 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

22:10:25.0013 3420 disk - ok

22:10:25.0091 3420 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll

22:10:25.0091 3420 Dnscache - ok

22:10:25.0169 3420 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

22:10:25.0185 3420 dot3svc - ok

22:10:25.0247 3420 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

22:10:25.0247 3420 DPS - ok

22:10:25.0310 3420 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

22:10:25.0310 3420 drmkaud - ok

22:10:25.0388 3420 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

22:10:25.0419 3420 DXGKrnl - ok

22:10:25.0450 3420 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

22:10:25.0450 3420 E1G60 - ok

22:10:25.0512 3420 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

22:10:25.0512 3420 EapHost - ok

22:10:25.0544 3420 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

22:10:25.0559 3420 Ecache - ok

22:10:25.0637 3420 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

22:10:25.0653 3420 ehRecvr - ok

22:10:25.0668 3420 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe

22:10:25.0684 3420 ehSched - ok

22:10:25.0715 3420 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll

22:10:25.0731 3420 ehstart - ok

22:10:25.0778 3420 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys

22:10:25.0793 3420 elxstor - ok

22:10:25.0856 3420 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

22:10:25.0887 3420 EMDMgmt - ok

22:10:25.0918 3420 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys

22:10:25.0918 3420 ErrDev - ok

22:10:25.0996 3420 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

22:10:25.0996 3420 EventSystem - ok

22:10:26.0058 3420 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

22:10:26.0058 3420 exfat - ok

22:10:26.0136 3420 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

22:10:26.0136 3420 fastfat - ok

22:10:26.0183 3420 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

22:10:26.0199 3420 fdc - ok

22:10:26.0246 3420 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

22:10:26.0246 3420 fdPHost - ok

22:10:26.0277 3420 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

22:10:26.0277 3420 FDResPub - ok

22:10:26.0308 3420 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

22:10:26.0339 3420 FileInfo - ok

22:10:26.0370 3420 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

22:10:26.0370 3420 Filetrace - ok

22:10:26.0402 3420 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

22:10:26.0402 3420 flpydisk - ok

22:10:26.0464 3420 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

22:10:26.0464 3420 FltMgr - ok

22:10:26.0589 3420 [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache C:\Windows\system32\FntCache.dll

22:10:26.0620 3420 FontCache - ok

22:10:26.0667 3420 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

22:10:26.0667 3420 FontCache3.0.0.0 - ok

22:10:26.0729 3420 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

22:10:26.0729 3420 Fs_Rec - ok

22:10:26.0760 3420 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

22:10:26.0760 3420 gagp30kx - ok

22:10:26.0854 3420 [ 6139AE70E943B2A57AD04B70A316C0A0 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

22:10:27.0104 3420 GameConsoleService - ok

22:10:27.0150 3420 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:10:27.0150 3420 GEARAspiWDM - ok

22:10:27.0213 3420 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

22:10:27.0228 3420 gpsvc - ok

22:10:27.0338 3420 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

22:10:27.0369 3420 gupdate - ok

22:10:27.0384 3420 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

22:10:27.0384 3420 gupdatem - ok

22:10:27.0462 3420 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

22:10:27.0478 3420 HDAudBus - ok

22:10:27.0509 3420 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

22:10:27.0525 3420 HidBth - ok

22:10:27.0540 3420 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

22:10:27.0540 3420 HidIr - ok

22:10:27.0603 3420 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll

22:10:27.0603 3420 hidserv - ok

22:10:27.0650 3420 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

22:10:27.0650 3420 HidUsb - ok

22:10:27.0681 3420 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

22:10:27.0681 3420 hkmsvc - ok

22:10:27.0743 3420 [ CB383AB0B8BA871D893B86D3C9A3ED9F ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

22:10:27.0743 3420 HP Health Check Service - ok

22:10:27.0790 3420 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

22:10:27.0790 3420 HpCISSs - ok

22:10:27.0868 3420 [ 88749FBF8BEB18C90E7D6626C8C1910B ] HSF_DP C:\Windows\system32\DRIVERS\HSX_DP.sys

22:10:27.0899 3420 HSF_DP - ok

22:10:27.0946 3420 [ FE440536BD98AF772130DC3A6FE1915F ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys

22:10:27.0946 3420 HSXHWBS2 - ok

22:10:28.0008 3420 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys

22:10:28.0024 3420 HTTP - ok

22:10:28.0086 3420 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys

22:10:28.0086 3420 i2omp - ok

22:10:28.0118 3420 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

22:10:28.0118 3420 i8042prt - ok

22:10:28.0164 3420 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

22:10:28.0164 3420 iaStorV - ok

22:10:28.0258 3420 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:10:28.0274 3420 idsvc - ok

22:10:28.0305 3420 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

22:10:28.0305 3420 iirsp - ok

22:10:28.0414 3420 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

22:10:28.0430 3420 IKEEXT - ok

22:10:28.0508 3420 [ 5D26CCB06E1F3B5C26E863DF3F4F2611 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

22:10:28.0570 3420 IntcAzAudAddService - ok

22:10:28.0601 3420 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys

22:10:28.0601 3420 intelide - ok

22:10:28.0632 3420 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

22:10:28.0632 3420 intelppm - ok

22:10:28.0679 3420 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

22:10:28.0695 3420 IPBusEnum - ok

22:10:28.0726 3420 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:10:28.0742 3420 IpFilterDriver - ok

22:10:28.0788 3420 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

22:10:28.0804 3420 iphlpsvc - ok

22:10:28.0804 3420 IpInIp - ok

22:10:28.0851 3420 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

22:10:28.0851 3420 IPMIDRV - ok

22:10:28.0882 3420 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

22:10:28.0882 3420 IPNAT - ok

22:10:28.0929 3420 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

22:10:28.0944 3420 iPod Service - ok

22:10:28.0960 3420 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

22:10:28.0960 3420 IRENUM - ok

22:10:28.0976 3420 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys

22:10:28.0976 3420 isapnp - ok

22:10:29.0054 3420 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

22:10:29.0069 3420 iScsiPrt - ok

22:10:29.0116 3420 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

22:10:29.0116 3420 iteatapi - ok

22:10:29.0163 3420 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

22:10:29.0163 3420 iteraid - ok

22:10:29.0178 3420 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

22:10:29.0194 3420 kbdclass - ok

22:10:29.0256 3420 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

22:10:29.0256 3420 kbdhid - ok

22:10:29.0288 3420 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

22:10:29.0288 3420 KeyIso - ok

22:10:29.0334 3420 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

22:10:29.0350 3420 KSecDD - ok

22:10:29.0381 3420 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

22:10:29.0397 3420 KtmRm - ok

22:10:29.0459 3420 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll

22:10:29.0459 3420 LanmanServer - ok

22:10:29.0522 3420 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

22:10:29.0537 3420 LanmanWorkstation - ok

22:10:29.0584 3420 [ DFEFF67508D3A9AEB1A85D7B0F513B24 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

22:10:29.0600 3420 LightScribeService - ok

22:10:29.0631 3420 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

22:10:29.0631 3420 lltdio - ok

22:10:29.0646 3420 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

22:10:29.0662 3420 lltdsvc - ok

22:10:29.0693 3420 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

22:10:29.0693 3420 lmhosts - ok

22:10:29.0740 3420 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

22:10:29.0740 3420 LSI_FC - ok

22:10:29.0771 3420 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

22:10:29.0771 3420 LSI_SAS - ok

22:10:29.0818 3420 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

22:10:29.0818 3420 LSI_SCSI - ok

22:10:29.0865 3420 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

22:10:29.0865 3420 luafv - ok

22:10:29.0958 3420 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys

22:10:29.0958 3420 MBAMSwissArmy - ok

22:10:30.0005 3420 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe

22:10:30.0036 3420 McciCMService - ok

22:10:30.0161 3420 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe

22:10:30.0177 3420 McComponentHostService - ok

22:10:30.0224 3420 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

22:10:30.0224 3420 Mcx2Svc - ok

22:10:30.0286 3420 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

22:10:30.0286 3420 mdmxsdk - ok

22:10:30.0364 3420 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys

22:10:30.0411 3420 megasas - ok

22:10:30.0442 3420 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys

22:10:30.0458 3420 MegaSR - ok

22:10:30.0489 3420 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

22:10:30.0504 3420 MMCSS - ok

22:10:30.0520 3420 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

22:10:30.0520 3420 Modem - ok

22:10:30.0551 3420 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

22:10:30.0551 3420 monitor - ok

22:10:30.0567 3420 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

22:10:30.0567 3420 mouclass - ok

22:10:30.0598 3420 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

22:10:30.0598 3420 mouhid - ok

22:10:30.0614 3420 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

22:10:30.0614 3420 MountMgr - ok

22:10:30.0676 3420 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

22:10:30.0676 3420 MpFilter - ok

22:10:30.0738 3420 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys

22:10:30.0738 3420 mpio - ok

22:10:30.0894 3420 [ A69630D039C38018689190234F866D77 ] MpKsl50bb57df c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F22D14C-24A4-4449-87B1-F1D9C0E56B38}\MpKsl50bb57df.sys

22:10:30.0894 3420 MpKsl50bb57df - ok

22:10:30.0941 3420 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

22:10:30.0941 3420 mpsdrv - ok

22:10:30.0988 3420 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll

22:10:31.0004 3420 MpsSvc - ok

22:10:31.0050 3420 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

22:10:31.0050 3420 Mraid35x - ok

22:10:31.0082 3420 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

22:10:31.0144 3420 MREMP50 - ok

22:10:31.0160 3420 MREMP50a64 - ok

22:10:31.0160 3420 MREMPR5 - ok

22:10:31.0175 3420 MRENDIS5 - ok

22:10:31.0206 3420 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

22:10:31.0222 3420 MRESP50 - ok

22:10:31.0238 3420 MRESP50a64 - ok

22:10:31.0284 3420 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

22:10:31.0284 3420 MRxDAV - ok

22:10:31.0331 3420 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

22:10:31.0331 3420 mrxsmb - ok

22:10:31.0394 3420 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:10:31.0409 3420 mrxsmb10 - ok

22:10:31.0456 3420 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:10:31.0456 3420 mrxsmb20 - ok

22:10:31.0503 3420 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys

22:10:31.0503 3420 msahci - ok

22:10:31.0518 3420 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys

22:10:31.0518 3420 msdsm - ok

22:10:31.0596 3420 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

22:10:31.0596 3420 MSDTC - ok

22:10:31.0628 3420 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

22:10:31.0628 3420 Msfs - ok

22:10:31.0690 3420 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

22:10:31.0690 3420 msisadrv - ok

22:10:31.0706 3420 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

22:10:31.0706 3420 MSiSCSI - ok

22:10:31.0721 3420 msiserver - ok

22:10:31.0768 3420 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

22:10:31.0768 3420 MSKSSRV - ok

22:10:31.0830 3420 [ 3EA6A1A744D79328AE7E2C6FAE4C4420 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

22:10:31.0830 3420 MsMpSvc - ok

22:10:31.0877 3420 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

22:10:31.0877 3420 MSPCLOCK - ok

22:10:31.0893 3420 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

22:10:31.0893 3420 MSPQM - ok

22:10:31.0940 3420 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

22:10:31.0955 3420 MsRPC - ok

22:10:31.0986 3420 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

22:10:32.0002 3420 mssmbios - ok

22:10:32.0018 3420 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

22:10:32.0018 3420 MSTEE - ok

22:10:32.0033 3420 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

22:10:32.0033 3420 Mup - ok

22:10:32.0080 3420 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

22:10:32.0096 3420 napagent - ok

22:10:32.0174 3420 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

22:10:32.0189 3420 NativeWifiP - ok

22:10:32.0283 3420 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

22:10:32.0298 3420 NDIS - ok

22:10:32.0330 3420 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

22:10:32.0330 3420 NdisTapi - ok

22:10:32.0361 3420 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

22:10:32.0376 3420 Ndisuio - ok

22:10:32.0408 3420 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

22:10:32.0423 3420 NdisWan - ok

22:10:32.0470 3420 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

22:10:32.0486 3420 NDProxy - ok

22:10:32.0501 3420 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

22:10:32.0501 3420 NetBIOS - ok

22:10:32.0564 3420 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

22:10:32.0564 3420 netbt - ok

22:10:32.0610 3420 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

22:10:32.0610 3420 Netlogon - ok

22:10:32.0642 3420 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

22:10:32.0657 3420 Netman - ok

22:10:32.0688 3420 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

22:10:32.0704 3420 netprofm - ok

22:10:32.0735 3420 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:10:32.0735 3420 NetTcpPortSharing - ok

22:10:32.0782 3420 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

22:10:32.0782 3420 nfrd960 - ok

22:10:32.0844 3420 [ C58DB40E4C95BE8EE727BE872BE6383F ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

22:10:32.0844 3420 NisDrv - ok

22:10:32.0922 3420 [ C5BC0144F8FF164425B197CB78620B5F ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

22:10:32.0922 3420 NisSrv - ok

22:10:32.0969 3420 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

22:10:32.0985 3420 NlaSvc - ok

22:10:33.0032 3420 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

22:10:33.0047 3420 Npfs - ok

22:10:33.0063 3420 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

22:10:33.0063 3420 nsi - ok

22:10:33.0094 3420 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

22:10:33.0094 3420 nsiproxy - ok

22:10:33.0188 3420 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

22:10:33.0219 3420 Ntfs - ok

22:10:33.0281 3420 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

22:10:33.0281 3420 ntrigdigi - ok

22:10:33.0297 3420 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

22:10:33.0297 3420 Null - ok

22:10:33.0375 3420 [ AE78A7285DF03A277415FC62F8CE8F24 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys

22:10:33.0406 3420 NVENETFD - ok

22:10:33.0656 3420 [ FBBA09782F2FAC5A57619DF378BA9372 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:10:33.0843 3420 nvlddmkm - ok

22:10:33.0874 3420 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys

22:10:33.0890 3420 nvraid - ok

22:10:33.0936 3420 [ 0D15327134E5871C922760ACD7449E84 ] nvrd32 C:\Windows\system32\drivers\nvrd32.sys

22:10:33.0936 3420 nvrd32 - ok

22:10:33.0983 3420 [ C44EE36DD84FA95EB81D79C374756003 ] nvsmu C:\Windows\system32\drivers\nvsmu.sys

22:10:33.0983 3420 nvsmu - ok

22:10:34.0030 3420 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys

22:10:34.0030 3420 nvstor - ok

22:10:34.0061 3420 [ FA7B8ECA6E845B244B7E30A9DCD82C6C ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys

22:10:34.0061 3420 nvstor32 - ok

22:10:34.0108 3420 [ CF7769F13B3ECC5E2BF1B3D1C5831AE8 ] nvsvc C:\Windows\system32\nvvsvc.exe

22:10:34.0124 3420 nvsvc - ok

22:10:34.0155 3420 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

22:10:34.0155 3420 nv_agp - ok

22:10:34.0170 3420 NwlnkFlt - ok

22:10:34.0170 3420 NwlnkFwd - ok

22:10:34.0264 3420 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

22:10:34.0280 3420 odserv - ok

22:10:34.0342 3420 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

22:10:34.0342 3420 ohci1394 - ok

22:10:34.0404 3420 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:10:34.0404 3420 ose - ok

22:10:34.0482 3420 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

22:10:34.0560 3420 p2pimsvc - ok

22:10:34.0654 3420 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

22:10:34.0670 3420 p2psvc - ok

22:10:34.0701 3420 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

22:10:34.0732 3420 Parport - ok

22:10:34.0779 3420 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

22:10:34.0794 3420 partmgr - ok

22:10:34.0826 3420 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

22:10:34.0826 3420 Parvdm - ok

22:10:34.0857 3420 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

22:10:34.0857 3420 PcaSvc - ok

22:10:34.0950 3420 [ 77A76C2DA7C9431024B299EF7700DD4F ] PCD5SRVC{BD6912E3-AC9D80E8-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms

22:10:35.0122 3420 PCD5SRVC{BD6912E3-AC9D80E8-05040000} - ok

22:10:35.0184 3420 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

22:10:35.0184 3420 pci - ok

22:10:35.0231 3420 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys

22:10:35.0247 3420 pciide - ok

22:10:35.0294 3420 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

22:10:35.0294 3420 pcmcia - ok

22:10:35.0372 3420 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

22:10:35.0387 3420 PEAUTH - ok

22:10:35.0496 3420 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

22:10:35.0543 3420 pla - ok

22:10:35.0606 3420 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

22:10:35.0621 3420 PlugPlay - ok

22:10:35.0668 3420 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

22:10:35.0684 3420 PNRPAutoReg - ok

22:10:35.0715 3420 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

22:10:35.0730 3420 PNRPsvc - ok

22:10:35.0793 3420 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

22:10:35.0808 3420 PolicyAgent - ok

22:10:35.0840 3420 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

22:10:35.0840 3420 PptpMiniport - ok

22:10:35.0886 3420 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys

22:10:35.0886 3420 Processor - ok

22:10:35.0933 3420 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

22:10:35.0949 3420 ProfSvc - ok

22:10:35.0996 3420 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

22:10:35.0996 3420 ProtectedStorage - ok

22:10:36.0058 3420 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

22:10:36.0058 3420 PSched - ok

22:10:36.0152 3420 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

22:10:36.0183 3420 ql2300 - ok

22:10:36.0230 3420 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

22:10:36.0230 3420 ql40xx - ok

22:10:36.0292 3420 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

22:10:36.0308 3420 QWAVE - ok

22:10:36.0323 3420 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

22:10:36.0339 3420 QWAVEdrv - ok

22:10:36.0354 3420 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

22:10:36.0354 3420 RasAcd - ok

22:10:36.0386 3420 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

22:10:36.0401 3420 RasAuto - ok

22:10:36.0432 3420 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

22:10:36.0448 3420 Rasl2tp - ok

22:10:36.0510 3420 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

22:10:36.0542 3420 RasMan - ok

22:10:36.0604 3420 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

22:10:36.0604 3420 RasPppoe - ok

22:10:36.0666 3420 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

22:10:36.0666 3420 RasSstp - ok

22:10:36.0729 3420 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

22:10:36.0744 3420 rdbss - ok

22:10:36.0791 3420 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

22:10:36.0791 3420 RDPCDD - ok

22:10:36.0822 3420 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

22:10:36.0838 3420 rdpdr - ok

22:10:36.0854 3420 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

22:10:36.0854 3420 RDPENCDD - ok

22:10:36.0932 3420 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

22:10:36.0932 3420 RDPWD - ok

22:10:36.0994 3420 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

22:10:37.0010 3420 RemoteAccess - ok

22:10:37.0072 3420 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

22:10:37.0088 3420 RemoteRegistry - ok

22:10:37.0134 3420 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

22:10:37.0134 3420 RpcLocator - ok

22:10:37.0197 3420 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

22:10:37.0212 3420 RpcSs - ok

22:10:37.0244 3420 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

22:10:37.0244 3420 rspndr - ok

22:10:37.0259 3420 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

22:10:37.0259 3420 SamSs - ok

22:10:37.0290 3420 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

22:10:37.0290 3420 sbp2port - ok

22:10:37.0337 3420 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

22:10:37.0353 3420 SCardSvr - ok

22:10:37.0415 3420 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

22:10:37.0446 3420 Schedule - ok

22:10:37.0462 3420 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

22:10:37.0462 3420 SCPolicySvc - ok

22:10:37.0509 3420 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

22:10:37.0509 3420 SDRSVC - ok

22:10:37.0540 3420 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

22:10:37.0540 3420 secdrv - ok

22:10:37.0556 3420 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

22:10:37.0571 3420 seclogon - ok

22:10:37.0587 3420 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll

22:10:37.0602 3420 SENS - ok

22:10:37.0634 3420 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

22:10:37.0634 3420 Serenum - ok

22:10:37.0665 3420 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

22:10:37.0665 3420 Serial - ok

22:10:37.0696 3420 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

22:10:37.0696 3420 sermouse - ok

22:10:37.0743 3420 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

22:10:37.0743 3420 SessionEnv - ok

22:10:37.0790 3420 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

22:10:37.0790 3420 sffdisk - ok

22:10:37.0805 3420 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

22:10:37.0821 3420 sffp_mmc - ok

22:10:37.0852 3420 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

22:10:37.0868 3420 sffp_sd - ok

22:10:37.0899 3420 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

22:10:37.0899 3420 sfloppy - ok

22:10:37.0930 3420 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

22:10:37.0946 3420 SharedAccess - ok

22:10:38.0008 3420 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

22:10:38.0024 3420 ShellHWDetection - ok

22:10:38.0070 3420 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys

22:10:38.0070 3420 sisagp - ok

22:10:38.0102 3420 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

22:10:38.0102 3420 SiSRaid2 - ok

22:10:38.0133 3420 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

22:10:38.0148 3420 SiSRaid4 - ok

22:10:38.0258 3420 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

22:10:38.0320 3420 slsvc - ok

22:10:38.0382 3420 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

22:10:38.0382 3420 SLUINotify - ok

22:10:38.0414 3420 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

22:10:38.0414 3420 Smb - ok

22:10:38.0460 3420 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

22:10:38.0460 3420 SNMPTRAP - ok

22:10:38.0476 3420 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

22:10:38.0492 3420 spldr - ok

22:10:38.0538 3420 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

22:10:38.0554 3420 Spooler - ok

22:10:38.0616 3420 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

22:10:38.0616 3420 srv - ok

22:10:38.0679 3420 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

22:10:38.0694 3420 srv2 - ok

22:10:38.0741 3420 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

22:10:38.0741 3420 srvnet - ok

22:10:38.0788 3420 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

22:10:38.0804 3420 SSDPSRV - ok

22:10:38.0866 3420 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

22:10:38.0882 3420 SstpSvc - ok

22:10:38.0913 3420 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

22:10:38.0944 3420 stisvc - ok

22:10:38.0960 3420 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

22:10:38.0960 3420 swenum - ok

22:10:39.0022 3420 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

22:10:39.0038 3420 swprv - ok

22:10:39.0084 3420 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

22:10:39.0100 3420 Symc8xx - ok

22:10:39.0116 3420 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

22:10:39.0116 3420 Sym_hi - ok

22:10:39.0147 3420 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

22:10:39.0147 3420 Sym_u3 - ok

22:10:39.0209 3420 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

22:10:39.0225 3420 SysMain - ok

22:10:39.0256 3420 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

22:10:39.0256 3420 TabletInputService - ok

22:10:39.0303 3420 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

22:10:39.0318 3420 TapiSrv - ok

22:10:39.0350 3420 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

22:10:39.0365 3420 TBS - ok

22:10:39.0412 3420 [ 6D0D344F643E28B31262AC2682109A3C ] Tcpip C:\Windows\system32\drivers\tcpip.sys

22:10:39.0443 3420 Tcpip - ok

22:10:39.0490 3420 [ 6D0D344F643E28B31262AC2682109A3C ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

22:10:39.0506 3420 Tcpip6 - ok

22:10:39.0568 3420 [ 5877A786EF27E42C4E84D1356F922302 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

22:10:39.0568 3420 tcpipreg - ok

22:10:39.0599 3420 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

22:10:39.0599 3420 TDPIPE - ok

22:10:39.0630 3420 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

22:10:39.0646 3420 TDTCP - ok

22:10:39.0662 3420 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

22:10:39.0662 3420 tdx - ok

22:10:39.0740 3420 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

22:10:39.0740 3420 TermDD - ok

22:10:39.0755 3420 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

22:10:39.0771 3420 TermService - ok

22:10:39.0802 3420 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

22:10:39.0802 3420 Themes - ok

22:10:39.0818 3420 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

22:10:39.0833 3420 THREADORDER - ok

22:10:39.0849 3420 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

22:10:39.0849 3420 TrkWks - ok

22:10:39.0942 3420 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

22:10:39.0942 3420 TrustedInstaller - ok

22:10:40.0020 3420 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

22:10:40.0020 3420 tssecsrv - ok

22:10:40.0036 3420 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

22:10:40.0052 3420 tunmp - ok

22:10:40.0098 3420 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

22:10:40.0098 3420 tunnel - ok

22:10:40.0130 3420 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys

22:10:40.0145 3420 uagp35 - ok

22:10:40.0208 3420 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

22:10:40.0208 3420 udfs - ok

22:10:40.0254 3420 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

22:10:40.0254 3420 UI0Detect - ok

22:10:40.0286 3420 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

22:10:40.0286 3420 uliagpkx - ok

22:10:40.0332 3420 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys

22:10:40.0332 3420 uliahci - ok

22:10:40.0379 3420 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

22:10:40.0379 3420 UlSata - ok

22:10:40.0442 3420 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

22:10:40.0442 3420 ulsata2 - ok

22:10:40.0473 3420 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

22:10:40.0488 3420 umbus - ok

22:10:40.0504 3420 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

22:10:40.0551 3420 upnphost - ok

22:10:40.0566 3420 [ 60A68A5EA173A97971EE9F1FF49EB2B3 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

22:10:40.0582 3420 USBAAPL - ok

22:10:40.0629 3420 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

22:10:40.0644 3420 usbccgp - ok

22:10:40.0676 3420 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

22:10:40.0676 3420 usbcir - ok

22:10:40.0754 3420 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

22:10:40.0754 3420 usbehci - ok

22:10:40.0816 3420 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

22:10:40.0816 3420 usbhub - ok

22:10:40.0863 3420 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

22:10:40.0878 3420 usbohci - ok

22:10:40.0910 3420 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

22:10:40.0910 3420 usbprint - ok

22:10:40.0972 3420 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

22:10:40.0972 3420 usbscan - ok

22:10:41.0019 3420 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:10:41.0019 3420 USBSTOR - ok

22:10:41.0066 3420 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

22:10:41.0066 3420 usbuhci - ok

22:10:41.0128 3420 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

22:10:41.0144 3420 UxSms - ok

22:10:41.0222 3420 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

22:10:41.0237 3420 vds - ok

22:10:41.0268 3420 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

22:10:41.0268 3420 vga - ok

22:10:41.0315 3420 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

22:10:41.0331 3420 VgaSave - ok

22:10:41.0378 3420 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys

22:10:41.0393 3420 viaagp - ok

22:10:41.0440 3420 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys

22:10:41.0440 3420 ViaC7 - ok

22:10:41.0487 3420 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys

22:10:41.0487 3420 viaide - ok

22:10:41.0518 3420 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

22:10:41.0549 3420 volmgr - ok

22:10:41.0612 3420 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

22:10:41.0643 3420 volmgrx - ok

22:10:41.0674 3420 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys

22:10:41.0690 3420 volsnap - ok

22:10:41.0768 3420 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

22:10:41.0768 3420 vsmraid - ok

22:10:41.0846 3420 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

22:10:41.0877 3420 VSS - ok

22:10:41.0939 3420 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

22:10:41.0955 3420 W32Time - ok

22:10:41.0986 3420 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

22:10:41.0986 3420 WacomPen - ok

22:10:42.0017 3420 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

22:10:42.0017 3420 Wanarp - ok

22:10:42.0033 3420 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

22:10:42.0033 3420 Wanarpv6 - ok

22:10:42.0111 3420 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

22:10:42.0126 3420 wcncsvc - ok

22:10:42.0158 3420 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

22:10:42.0173 3420 WcsPlugInService - ok

22:10:42.0204 3420 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys

22:10:42.0204 3420 Wd - ok

22:10:42.0267 3420 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

22:10:42.0282 3420 Wdf01000 - ok

22:10:42.0298 3420 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

22:10:42.0314 3420 WdiServiceHost - ok

22:10:42.0329 3420 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

22:10:42.0345 3420 WdiSystemHost - ok

22:10:42.0376 3420 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

22:10:42.0376 3420 WebClient - ok

22:10:42.0438 3420 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

22:10:42.0485 3420 Wecsvc - ok

22:10:42.0501 3420 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

22:10:42.0501 3420 wercplsupport - ok

22:10:42.0563 3420 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

22:10:42.0563 3420 WerSvc - ok

22:10:42.0610 3420 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys

22:10:42.0626 3420 winachsf - ok

22:10:42.0657 3420 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

22:10:42.0672 3420 WinDefend - ok

22:10:42.0688 3420 WinHttpAutoProxySvc - ok

22:10:42.0750 3420 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

22:10:42.0766 3420 Winmgmt - ok

22:10:42.0828 3420 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

22:10:42.0875 3420 WinRM - ok

22:10:42.0906 3420 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

22:10:42.0938 3420 Wlansvc - ok

22:10:43.0047 3420 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

22:10:43.0078 3420 wlidsvc - ok

22:10:43.0109 3420 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

22:10:43.0109 3420 WmiAcpi - ok

22:10:43.0172 3420 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

22:10:43.0172 3420 wmiApSrv - ok

22:10:43.0234 3420 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

22:10:43.0265 3420 WMPNetworkSvc - ok

22:10:43.0281 3420 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

22:10:43.0296 3420 WPCSvc - ok

22:10:43.0359 3420 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

22:10:43.0359 3420 WPDBusEnum - ok

22:10:43.0608 3420 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

22:10:43.0640 3420 WPFFontCache_v0400 - ok

22:10:43.0655 3420 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

22:10:43.0655 3420 ws2ifsl - ok

22:10:43.0718 3420 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll

22:10:43.0718 3420 wscsvc - ok

22:10:43.0733 3420 WSearch - ok

22:10:43.0842 3420 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

22:10:43.0889 3420 wuauserv - ok

22:10:43.0967 3420 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

22:10:43.0967 3420 WudfPf - ok

22:10:44.0014 3420 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

22:10:44.0030 3420 WUDFRd - ok

22:10:44.0061 3420 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

22:10:44.0076 3420 wudfsvc - ok

22:10:44.0123 3420 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys

22:10:44.0123 3420 XAudio - ok

22:10:44.0186 3420 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe

22:10:44.0201 3420 XAudioService - ok

22:10:44.0217 3420 ================ Scan global ===============================

22:10:44.0248 3420 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

22:10:44.0310 3420 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll

22:10:44.0357 3420 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll

22:10:44.0435 3420 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

22:10:44.0451 3420 [Global] - ok

22:10:44.0451 3420 ================ Scan MBR ==================================

22:10:44.0466 3420 [ 03BA8F890B47C0BE359A4D5A636D214D ] \Device\Harddisk0\DR0

22:10:44.0966 3420 \Device\Harddisk0\DR0 - ok

22:10:44.0966 3420 ================ Scan VBR ==================================

22:10:44.0981 3420 [ A20EA72A37A0EA66D5634CBB142DAFEB ] \Device\Harddisk0\DR0\Partition1

22:10:44.0981 3420 \Device\Harddisk0\DR0\Partition1 - ok

22:10:44.0981 3420 [ 28FACC70417BBA5B0D49BCA2B5E19EF2 ] \Device\Harddisk0\DR0\Partition2

22:10:44.0981 3420 \Device\Harddisk0\DR0\Partition2 - ok

22:10:44.0981 3420 ============================================================

22:10:44.0981 3420 Scan finished

22:10:44.0981 3420 ============================================================

22:10:44.0997 3548 Detected object count: 0

22:10:44.0997 3548 Actual detected object count: 0

Starbuck · August 16, 2013

TDSSKiller didn't find anything

Well at least that's something. :)

Just off to work so will check for the combofix.txt when i get home.

RandyL · August 16, 2013

I tried to run combofix as administrator and with all security turned off. MSE and Windows firewall. I tried several times and even let it run for hours. After stage 4 nothing happens. Needless to say there is no log. Maybe I should try combofix /uninstall and download a fresh copy. I'll wait for your guidance first though.

Starbuck · August 16, 2013

By all means try a fresh copy, but don't use the uninstall switch.

Just right click the icon and select delete

Will explain better when I get home from work.

Also try booting the system into safe mode and running combofix

Edit:

When removing Combofix using the uninstall switch, it will also run some cleaning procedures.

One of which is to clear your restore points.

If we encounter any problems and have to fall back on System Restore , there won't be any.

When in trouble even an infected restore point is better than no restore point.

Edited August 16, 2013 by Starbuck

RandyL · August 16, 2013

No luck I'm afraid. In safemode it initializes with some failure to load files then just quits. It never goes to the AutoScan screen.

Starbuck · August 16, 2013

Ok, we can come back to Combofix later.

Let's see if Otl will give us a scan now.

Download OTL to your desktop.
right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

Now copy the lines in bold below.

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
.
Click the Run Scan button.

http://img.photobucket.com/albums/v708/starbuck50/runscan.png
Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

RandyL · August 18, 2013

Finally. I got ComboFix and OTL to run. OTL hung on the C:\USERS\MELISSA\Local Settings\Temporary Internet Files\Content.IE5\ folder. In my first post I had the same problem with Malwarebytes and ESET. I'm betting Combofix had the same problem.

I used Internet options and ATF-Cleaner to delete temp files but there was still over 150Gb of Content.IE5 temp files. I've never seen such a massive amount before. It took many days of running Ccleaner to get rid of those. Once they were gone ComboFix and OTL ran just fine. So here are the logs. :)

ComboFix 13-08-16.03 - Melissa 08/17/2013 12:12:10.5.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.909 [GMT -5:00]

Running from: c:\users\Melissa\Desktop\Combo-Fix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\DFR892D.tmp

C:\prefs.js

c:\program files\CouponAlert_2pEI

c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll

c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll

c:\program files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll

c:\program files\WeatherBlinkEI

c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Recent\Bffs.comicdoc.url

.

((((((((((((((((((((((((( Files Created from 2013-07-17 to 2013-08-17 )))))))))))))))))))))))))))))))

.

2013-08-17 17:21 . 2013-08-17 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-17 17:21 . 2013-08-17 17:21 -------- d-----w- c:\users\Melissa\AppData\Local\temp

2013-08-16 18:43 . 2013-08-16 18:42 698504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58A80E35-E2DD-4C72-B8F9-D04AD224D3E4}\gapaengine.dll

2013-08-16 18:43 . 2013-07-02 04:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C14672AC-CB38-4017-BC62-5D3741FFD096}\mpengine.dll

2013-08-16 18:39 . 2013-08-16 18:40 -------- d-----w- c:\program files\Microsoft Security Client

2013-08-16 18:04 . 2013-08-16 18:04 -------- d-----w- C:\Combo-Fix

2013-08-14 21:30 . 2013-08-14 21:30 -------- d-----w- c:\users\Melissa\AppData\Local\Apple

2013-08-14 20:16 . 2013-08-14 20:16 -------- d-----w- c:\users\Melissa\AppData\Local\ElevatedDiagnostics

2013-08-14 09:35 . 2013-08-14 09:35 -------- d-----w- c:\program files\Common Files\Java

2013-08-14 09:33 . 2013-08-14 09:33 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-08-14 09:24 . 2013-08-14 09:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-14 09:24 . 2013-08-14 09:24 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-08-14 09:23 . 2013-08-15 07:56 -------- d-----w- c:\users\Melissa\AppData\Local\Adobe

2013-08-14 01:32 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-14 01:32 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-14 01:32 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll

2013-08-14 01:31 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-14 01:31 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2013-08-14 01:31 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-14 01:31 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-14 01:31 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll

2013-08-14 01:31 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-14 01:31 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll

2013-08-14 01:31 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-14 01:31 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll

2013-08-14 01:31 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-14 00:05 . 2013-04-06 00:53 57727 -c--a-w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Report0c6b41f3\google_ads_gptCACDJ1EQ.js

2013-08-13 18:35 . 2013-08-13 18:35 -------- d-----w- c:\program files\YTD Toolbar

2013-08-13 18:23 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2013-08-13 08:54 . 2013-08-13 08:54 -------- d-----w- c:\program files\ESET

2013-08-13 06:49 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B573B4E-8F7E-48EF-B098-FAD47C6645DF}\mpengine.dll

2013-08-12 07:10 . 2013-08-12 07:10 -------- d-----w- c:\program files\CCleaner

2013-08-12 06:18 . 2013-08-14 09:32 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-08-12 06:04 . 2013-08-14 09:13 -------- d-----w- c:\windows\system32\MRT

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-14 09:32 . 2010-06-17 17:01 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-08-13 20:57 . 2010-12-01 22:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-06-19 02:50 . 2013-06-19 02:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-06-19 02:50 . 2013-06-19 02:50 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-06-04 01:50 . 2013-07-10 21:16 2049024 ----a-w- c:\windows\system32\win32k.sys

2013-06-01 04:06 . 2013-07-10 21:15 505344 ----a-w- c:\windows\system32\qedit.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 995184]

.

c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk

backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

2009-08-05 17:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]

2013-07-12 18:25 1104384 ----a-w- c:\users\Melissa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-31 23:39 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-14 09:24]

.

2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-20 01:18]

.

2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-20 01:18]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.windstream.net/

mStart Page = hxxp://my.att.net

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

HKLM-Run-Windstream_BCUC_McciTrayApp - c:\program files\Windstream_BCUC\McciTrayApp.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-Facebook Update - c:\users\Melissa\AppData\Local\Facebook\Update\FacebookUpdate.exe

MSConfigStartUp-ShopAtHomeWatcher - c:\users\Melissa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe

MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe

AddRemove-sp41121 - c:\hp\Softpaq\sp41121\sp41121.exe

AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe

AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - f:\youtube downloader\uninstall.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-08-17 12:21

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]

"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2013-08-17 12:23:33

ComboFix-quarantined-files.txt 2013-08-17 17:23

.

Pre-Run: 375,732,121,600 bytes free

Post-Run: 375,712,022,528 bytes free

.

- - End Of File - - CC8B5062E6EB1211F73DFA42B2EDDAE8

03BA8F890B47C0BE359A4D5A636D214D

OTL Log below.

OTL logfile created on: 8/17/2013 3:56:47 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Melissa\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 60.19% Memory free

3.99 Gb Paging File | 3.03 Gb Available in Paging File | 76.04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455.60 Gb Total Space | 350.65 Gb Free Space | 76.96% Space Free | Partition Type: NTFS

Drive D: | 10.16 Gb Total Space | 1.38 Gb Free Space | 13.58% Space Free | Partition Type: NTFS

Computer Name: MELISSA-PC | User Name: Melissa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Melissa\Desktop\OTL.scr (OldTimer Tools)

PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe (McAfee, Inc.)

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found

DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found

DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found

DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (catchme) -- C:\Users\Melissa\AppData\Local\Temp\catchme.sys File not found

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)

DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)

DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.att.net/search/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{A4546B8C-BED8-45A9-80AD-394B3EA7DFA3}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd

IE - HKLM\..\SearchScopes\{B9A4F4FA-0026-4A20-B16B-93EE28301616}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

[2009/11/04 17:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Extensions

[2009/11/04 17:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Melissa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Docs = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Gmail = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/09/05 19:27:59 | 000,001,144 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 208.43.47.212 a1n.review.zdnet.com

O1 - Hosts: 208.43.47.212 d1n.reviews.cnet.com

O1 - Hosts: 208.43.47.212 reviewn.2009softwarereviews.com

O1 - Hosts: 208.43.47.212 reviewsn.download.com

O1 - Hosts: 208.43.47.212 reviewsn.pcadvisor.co.uk

O1 - Hosts: 208.43.47.212 reviewsn.pcpro.co.uk

O1 - Hosts: 208.43.47.212 reviewsn.techradar.com

O1 - Hosts: 208.43.47.212 reviewsn.riverstreams.co.uk

O1 - Hosts: 208.43.47.212 reviewsn.pcmag.com

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [sunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windstream_BCUC_McciTrayApp] "C:\Program Files\Windstream_BCUC\McciTrayApp.exe" File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA76CB46-2C32-4956-B29B-876E2B444942}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/05/05 12:45:51 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\Shell\AutoRun\command - "" = F:\Autorun.exe /run

O33 - MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\Shell\Shell00\Command - "" = F:\Autorun.exe /run

O33 - MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\Shell\Shell01\Command - "" = F:\Autorun.exe /action

O33 - MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\Shell\Shell02\Command - "" = F:\Autorun.exe /uninstall

O33 - MountPoints2\{6dd31614-c7ba-11de-b3f0-001e903545ef}\Shell - "" = AutoRun

O33 - MountPoints2\{6dd31614-c7ba-11de-b3f0-001e903545ef}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe - (McAfee, Inc.)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe - ()

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Facebook Update - hkey= - key= - File not found

MsConfig - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)

MsConfig - StartUpReg: ShopAtHomeWatcher - hkey= - key= - File not found

MsConfig - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Melissa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

MsConfig - StartUpReg: Weather - hkey= - key= - File not found

MsConfig - State: "startup" - 2

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/16 13:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013/08/16 13:34:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/08/16 13:29:53 | 000,000,000 | ---D | C] -- C:\Combo-Fix4974C

[2013/08/16 13:28:40 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2013/08/16 13:04:20 | 000,000,000 | ---D | C] -- C:\Combo-Fix

[2013/08/16 12:35:56 | 005,105,208 | R--- | C] (Swearware) -- C:\Users\Melissa\Desktop\Combo-Fix.exe

[2013/08/15 22:24:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/08/15 22:24:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/08/15 22:24:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/08/15 22:24:06 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/08/15 22:23:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/08/15 22:08:56 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Melissa\Desktop\tdsskiller.exe

[2013/08/15 14:08:41 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Desktop\RK_Quarantine

[2013/08/15 04:21:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.scr

[2013/08/15 04:16:59 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Desktop\Before posting for Malware Removal help__files

[2013/08/14 16:30:06 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Apple

[2013/08/14 15:16:52 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\ElevatedDiagnostics

[2013/08/14 04:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2013/08/14 04:34:42 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/08/14 04:33:56 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/08/14 04:33:56 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/08/14 04:33:56 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/08/14 04:24:38 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/08/14 04:24:38 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/08/14 04:23:19 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Adobe

[2013/08/14 04:00:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/08/14 04:00:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/08/14 04:00:47 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/08/14 04:00:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/08/14 04:00:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/08/14 04:00:45 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/08/14 04:00:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/08/14 04:00:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/08/13 20:31:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2013/08/13 20:31:28 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2013/08/13 20:31:27 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2013/08/13 15:42:26 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Melissa\Desktop\ATF-Cleaner.exe

[2013/08/13 13:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\YTD Toolbar

[2013/08/13 13:23:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2013/08/13 12:38:17 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2013/08/13 03:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013/08/12 02:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013/08/12 02:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/08/12 02:09:39 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Documents\Downloads

[2013/08/12 01:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2013/08/12 01:18:51 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2013/08/12 01:04:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/17 03:52:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/08/17 03:52:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/08/17 03:52:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/08/17 03:52:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/08/17 03:52:07 | 2011,639,808 | -HS- | M] () -- C:\hiberfil.sys

[2013/08/17 03:33:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/08/17 03:12:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/08/16 13:40:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/08/16 12:35:57 | 005,105,208 | R--- | M] (Swearware) -- C:\Users\Melissa\Desktop\Combo-Fix.exe

[2013/08/16 00:31:15 | 000,007,052 | ---- | M] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat

[2013/08/15 22:08:32 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Melissa\Desktop\tdsskiller.exe

[2013/08/15 14:07:37 | 000,920,576 | ---- | M] () -- C:\Users\Melissa\Desktop\RogueKiller.exe

[2013/08/15 04:21:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.scr

[2013/08/15 04:17:00 | 000,052,816 | ---- | M] () -- C:\Users\Melissa\Desktop\Before posting for Malware Removal help_.htm

[2013/08/14 04:33:10 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/08/14 04:32:57 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/08/14 04:32:57 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/08/14 04:32:55 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/08/14 04:32:51 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2013/08/14 04:32:50 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2013/08/14 04:24:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/08/14 04:24:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/08/14 04:03:31 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/08/14 04:03:31 | 000,104,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/08/13 15:57:16 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013/08/13 15:42:26 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Melissa\Desktop\ATF-Cleaner.exe

[2013/08/13 15:28:55 | 000,666,633 | ---- | M] () -- C:\Users\Melissa\Desktop\AdwCleaner.exe

[2013/08/13 13:35:50 | 000,000,359 | ---- | M] () -- C:\prefs.js

[2013/08/12 02:10:30 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/08/11 22:48:16 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/07/31 18:39:42 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/07/24 21:32:35 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/07/24 21:25:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/07/24 21:24:39 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/07/24 21:24:24 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/07/24 21:23:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/07/24 21:23:27 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/07/24 21:22:35 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/07/24 21:22:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/16 13:40:15 | 000,001,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2013/08/16 13:34:12 | 2011,639,808 | -HS- | C] () -- C:\hiberfil.sys

[2013/08/15 22:24:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/08/15 22:24:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/08/15 22:24:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/08/15 22:24:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/08/15 22:24:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/08/15 14:08:04 | 000,920,576 | ---- | C] () -- C:\Users\Melissa\Desktop\RogueKiller.exe

[2013/08/15 04:16:57 | 000,052,816 | ---- | C] () -- C:\Users\Melissa\Desktop\Before posting for Malware Removal help_.htm

[2013/08/14 04:24:39 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/08/13 15:28:55 | 000,666,633 | ---- | C] () -- C:\Users\Melissa\Desktop\AdwCleaner.exe

[2013/08/13 13:27:05 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2013/08/12 02:10:30 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/08/12 01:28:53 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk

[2013/08/11 22:48:16 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2009/06/20 08:23:14 | 000,012,326 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\wklnhst.dat

[2008/11/01 11:57:39 | 000,009,216 | ---- | C] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/09/30 13:04:17 | 000,024,206 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\UserTile.png

[2008/09/24 14:46:02 | 000,007,052 | ---- | C] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2009/11/20 19:46:54 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\gtk-2.0

[2009/10/26 00:09:47 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\PeerNetworking

[2009/08/22 14:51:43 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\PlayFirst

[2013/08/11 22:11:00 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Sammsoft

[2008/09/23 16:56:08 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Snapfish

[2013/08/12 23:06:44 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Spotify

[2009/06/20 08:23:15 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Template

[2010/04/21 17:20:34 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\W Photo Studio Viewer

[2009/10/09 16:47:09 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WeatherBug

[2008/12/21 10:48:08 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WildTangent

[2009/05/15 14:55:13 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2013/08/13 15:29:56 | 000,008,379 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2013/08/13 15:30:49 | 000,007,840 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2008/05/05 12:45:51 | 000,000,074 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2008/05/05 13:21:36 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010/09/28 18:56:28 | 000,000,045 | ---- | M] () -- C:\error.log

[2010/02/17 01:54:18 | 000,000,250 | ---- | M] () -- C:\FINIS_IT.TXT

[2013/08/17 03:52:07 | 2011,639,808 | -HS- | M] () -- C:\hiberfil.sys

[2009/06/30 10:09:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/06/30 10:09:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2013/08/17 03:52:05 | 2325,491,712 | -HS- | M] () -- C:\pagefile.sys

[2013/08/13 13:35:50 | 000,000,359 | ---- | M] () -- C:\prefs.js

[2009/05/15 15:05:00 | 000,000,574 | ---- | M] () -- C:\RHDSetup.log

[2013/06/14 09:51:17 | 000,000,000 | ---- | M] () -- C:\search.sqlite

[2013/08/15 22:14:39 | 000,118,516 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_15.08.2013_22.09.55_log.txt

[2009/05/16 11:00:17 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log

[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\* >

[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/24 21:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/07/24 21:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >