[y2kfroguy]

========== OTL ==========
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56415290.lnk moved successfully.
C:\Windows\System32\FlashPlayerCPLApp.cpl moved successfully.
C:\Users\Chris\AppData\Local\hpymvn0d5qgg3vgn7qps5c318q5p moved successfully.
C:\ProgramData\hpymvn0d5qgg3vgn7qps5c318q5p moved successfully.
C:\Users\Chris\AppData\Local\eaobxq8b3hgh6kfp1iyw6q758a4y moved successfully.
C:\ProgramData\eaobxq8b3hgh6kfp1iyw6q758a4y moved successfully.
File C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56415290.lnk not found.
C:\Users\Chris\AppData\Local\6n52nt1d48d174 moved successfully.
C:\ProgramData\6n52nt1d48d174 moved successfully.
========== FILES ==========
File\Folder C:\Users\Chris\AppData\Local\hpymvn0d5qgg3vgn7qps5c318q5p not found.
File\Folder C:\ProgramData\hpymvn0d5qgg3vgn7qps5c318q5p not found.
File\Folder C:\Users\Chris\AppData\Local\eaobxq8b3hgh6kfp1iyw6q758a4y not found.
File\Folder C:\ProgramData\eaobxq8b3hgh6kfp1iyw6q758a4y not found.
File\Folder C:\Users\Chris\AppData\Local\6n52nt1d48d174 not found.
File\Folder C:\ProgramData\6n52nt1d48d174 not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 12242011_140910

[Advertisements]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122404

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

12/24/2011 14:19:32
mbam-log-2011-12-24 (14-19-32).txt

Scan type: Quick scan
Objects scanned: 199399
Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[y2kfroguy]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122404

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

12/24/2011 14:19:32
mbam-log-2011-12-24 (14-19-32).txt

Scan type: Quick scan
Objects scanned: 199399
Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[y2kfroguy]

Unfortunately Vista Security 2012 just popped up again. I am able to get back online only after running FIXNCR.reg and Rkill. Here is the Rkill log


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/25/2011 at 0:03:01.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Chris\AppData\Local\pmi.exe
C:\Windows\System32\grpconv.exe


Rkill completed on 12/25/2011 at 0:03:09.

[y2kfroguy]

....and returned again minutes later


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/25/2011 at 0:08:56.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Chris\AppData\Local\knj.exe


Rkill completed on 12/25/2011 at 0:09:03.

[maliprog]

When does infection comes back? Did you insert USB memory in PC? I'm afraid that this is more then Security 2012 and that you have more infections then one.

Remove your version of Combofix and download new one. Run it like this:

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[y2kfroguy]

The infection comes back when I am browsing the internet. It appears to be random and not related to any certain site. I have not inserted any usb or downloaded any other programs other than instructed by you.

Of note, when I run Combo fix it warns me that Microsoft Security Essentials is running and could interfere with the scan, however as far as I know it is no longer installed. Thank you so much for your help with this I hope we can beat it!




ComboFix 11-12-21.02 - Chris 12/21/2011 19:11:52.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1648 [GMT -6:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB62280$\3801381427
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\keywords
c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
c:\windows\$NtUninstallKB62280$\485945278\L\qnbwvoto
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\system32\asw43CF.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-22 01:39 . 2011-12-22 01:39 -------- d-----w- c:\users\Chris\AppData\Local\temp
2011-12-22 01:39 . 2011-12-22 01:39 -------- d-----w- c:\users\Freenet\AppData\Local\temp
2011-12-22 01:39 . 2011-12-22 01:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-21 02:13 . 2011-12-21 02:13 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F96A5E7E-859C-4727-808A-92ECD7C44E5C}\MpKsl12e0b3a2.sys
2011-12-20 01:50 . 2011-12-20 01:50 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-20 01:45 . 2011-12-22 01:09 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F96A5E7E-859C-4727-808A-92ECD7C44E5C}\offreg.dll
2011-12-20 01:45 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F96A5E7E-859C-4727-808A-92ECD7C44E5C}\mpengine.dll
2011-12-20 00:36 . 2011-12-20 00:36 -------- d-----w- C:\_OTL
2011-12-14 06:25 . 2008-01-21 02:23 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-11 05:03 . 2011-12-15 00:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-11 05:03 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2010-09-23 01:23 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-23 18:55 . 2011-10-23 18:55 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-20 16:42 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-10-20 16:42 . 2009-08-18 16:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-11 06:25 . 2011-10-11 06:25 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E2FD54-3561-48AE-A1F9-9C261107AD3D}\gapaengine.dll
2011-09-30 23:06 . 2011-10-13 03:38 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-13 03:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-13 03:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-13 03:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-13 03:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-13 03:38 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-13 03:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-13 03:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-26 02:40 . 2011-04-23 01:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-14 402832]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
_uninst_56415290.lnk - c:\users\Chris\AppData\Local\temp\_uninst_56415290.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2009-09-04 19:16 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
R1 MpKsl0450a567;MpKsl0450a567;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73A3333A-CC5A-4578-81AA-1F73438DE7B8}\MpKsl0450a567.sys [x]
R1 MpKsl04ad696c;MpKsl04ad696c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33CED062-425D-4950-9D9A-CB0B0EFDAAE1}\MpKsl04ad696c.sys [x]
R1 MpKsl054eedf1;MpKsl054eedf1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F78D488-E291-45B6-9F70-F5ED37A004A4}\MpKsl054eedf1.sys [x]
R1 MpKsl072c5605;MpKsl072c5605;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{055B01A1-A737-4413-A2E0-8F12893E4C44}\MpKsl072c5605.sys [x]
R1 MpKsl07e2723b;MpKsl07e2723b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F12D0D83-F092-4E58-A388-5E8F8013E06D}\MpKsl07e2723b.sys [x]
R1 MpKsl091b0f5e;MpKsl091b0f5e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2C6EC87-716A-4860-8F5C-D73DBCDE0DED}\MpKsl091b0f5e.sys [x]
R1 MpKsl0ab04352;MpKsl0ab04352;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C451466F-6DE2-45E8-BA0B-EA8C507CD7CA}\MpKsl0ab04352.sys [x]
R1 MpKsl11bae039;MpKsl11bae039;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2C424BE-C27A-4CB9-BEAF-F302925C4E4D}\MpKsl11bae039.sys [x]
R1 MpKsl13cbeab6;MpKsl13cbeab6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15068510-A221-4582-B8E3-B171E427B6C4}\MpKsl13cbeab6.sys [x]
R1 MpKsl14587726;MpKsl14587726;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCFC3B5E-D6D7-458C-8209-A96554F22227}\MpKsl14587726.sys [x]
R1 MpKsl145df352;MpKsl145df352;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D29DEF5-CCFB-4811-BA9D-E97151E26F21}\MpKsl145df352.sys [x]
R1 MpKsl17d1ffef;MpKsl17d1ffef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33CED062-425D-4950-9D9A-CB0B0EFDAAE1}\MpKsl17d1ffef.sys [x]
R1 MpKsl1a6d9eee;MpKsl1a6d9eee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{231A49B1-80EF-452A-833D-B6F3762DE435}\MpKsl1a6d9eee.sys [x]
R1 MpKsl1ec972f2;MpKsl1ec972f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AAB2646-6523-41ED-87E4-C4C79DA10567}\MpKsl1ec972f2.sys [x]
R1 MpKsl24bb53be;MpKsl24bb53be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FCC7023-DBE0-4A67-A85D-E07B38757632}\MpKsl24bb53be.sys [x]
R1 MpKsl2653b5af;MpKsl2653b5af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EB1DC3F-16FA-45E0-87BC-782ABD2F9273}\MpKsl2653b5af.sys [x]
R1 MpKsl296d9f62;MpKsl296d9f62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04FB81EC-5F26-4710-A342-93A5305E6E83}\MpKsl296d9f62.sys [x]
R1 MpKsl29890513;MpKsl29890513;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19CBD82-9D3D-44CB-B675-F42AC35BEDE7}\MpKsl29890513.sys [x]
R1 MpKsl29f73266;MpKsl29f73266;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AA1E284-CB69-4C87-A20F-8C56F0E01F68}\MpKsl29f73266.sys [x]
R1 MpKsl2ae3661f;MpKsl2ae3661f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78015E95-CDA3-4363-ACDA-061A77A290C9}\MpKsl2ae3661f.sys [x]
R1 MpKsl2e676c18;MpKsl2e676c18;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A80888C-9BCC-4B5A-91D2-A9C8B2B73610}\MpKsl2e676c18.sys [x]
R1 MpKsl34a24807;MpKsl34a24807;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E1C70B5-8806-46C6-97D9-31C963697847}\MpKsl34a24807.sys [x]
R1 MpKsl35b95aa8;MpKsl35b95aa8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E98B6733-7D44-4563-841B-8FF0EEFF28E9}\MpKsl35b95aa8.sys [x]
R1 MpKsl3618fc94;MpKsl3618fc94;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C1DE2E4-DDE4-4C36-93C3-23CA38DD93CF}\MpKsl3618fc94.sys [x]
R1 MpKsl37beff20;MpKsl37beff20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05797F2A-283A-4D55-A491-B2A464695D3A}\MpKsl37beff20.sys [x]
R1 MpKsl3a7eeb65;MpKsl3a7eeb65;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBF2B626-6D42-4A80-9B2C-A3E0DA73D4C9}\MpKsl3a7eeb65.sys [x]
R1 MpKsl3c8de7c2;MpKsl3c8de7c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C53135E-CC22-4D2E-A5E9-273E9594015F}\MpKsl3c8de7c2.sys [x]
R1 MpKsl3cf5a160;MpKsl3cf5a160;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42856969-046F-4B84-8FB1-224C9CD8FEF9}\MpKsl3cf5a160.sys [x]
R1 MpKsl439c4d58;MpKsl439c4d58;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{002264BC-07EC-44CA-A038-93E26A8A5568}\MpKsl439c4d58.sys [x]
R1 MpKsl442ca00f;MpKsl442ca00f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05797F2A-283A-4D55-A491-B2A464695D3A}\MpKsl442ca00f.sys [x]
R1 MpKsl446d8a4f;MpKsl446d8a4f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7160DB5C-7DE0-4204-BACA-78FD25EC3A68}\MpKsl446d8a4f.sys [x]
R1 MpKsl469ca24f;MpKsl469ca24f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31DF6C0A-6A04-404D-B2F7-1325609A9426}\MpKsl469ca24f.sys [x]
R1 MpKsl476cffeb;MpKsl476cffeb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4C64134-5339-4F39-87DD-0AA86B2BCD32}\MpKsl476cffeb.sys [x]
R1 MpKsl4a0be4b5;MpKsl4a0be4b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04FB81EC-5F26-4710-A342-93A5305E6E83}\MpKsl4a0be4b5.sys [x]
R1 MpKsl4bb5891a;MpKsl4bb5891a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB367FEC-34FD-4D30-82DA-4D2F5399066C}\MpKsl4bb5891a.sys [x]
R1 MpKsl4f7e35d6;MpKsl4f7e35d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42856969-046F-4B84-8FB1-224C9CD8FEF9}\MpKsl4f7e35d6.sys [x]
R1 MpKsl5209c373;MpKsl5209c373;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCC89A97-FE9A-4B04-8DE3-47576D9D01E3}\MpKsl5209c373.sys [x]
R1 MpKsl55efaf91;MpKsl55efaf91;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A5489D6-DBAD-47E3-AF73-86119C1E8837}\MpKsl55efaf91.sys [x]
R1 MpKsl57350dbc;MpKsl57350dbc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{825718BB-C0E0-47BF-929A-82C842D0D327}\MpKsl57350dbc.sys [x]
R1 MpKsl5739cf65;MpKsl5739cf65;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3006A176-E208-4B2B-B824-F79A3CDA50CC}\MpKsl5739cf65.sys [x]
R1 MpKsl5bf8ed06;MpKsl5bf8ed06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DD80D68-1504-4228-8795-82750472FFD0}\MpKsl5bf8ed06.sys [x]
R1 MpKsl5ddccabc;MpKsl5ddccabc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BC30767-DAD6-4A6D-88BA-5B06D59EF051}\MpKsl5ddccabc.sys [x]
R1 MpKsl5f9e99b0;MpKsl5f9e99b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F356C71-42BF-4B32-9F2B-5F279774E848}\MpKsl5f9e99b0.sys [x]
R1 MpKsl60da120f;MpKsl60da120f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF041027-BF65-4FAD-A5F2-AAD159FC4711}\MpKsl60da120f.sys [x]
R1 MpKsl63ababa2;MpKsl63ababa2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE7CD0-4C11-4F65-8B33-0FE534914ABE}\MpKsl63ababa2.sys [x]
R1 MpKsl63c68757;MpKsl63c68757;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73A3333A-CC5A-4578-81AA-1F73438DE7B8}\MpKsl63c68757.sys [x]
R1 MpKsl649653eb;MpKsl649653eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3959439A-FD09-4DC3-AEED-3F23B0E9E68B}\MpKsl649653eb.sys [x]
R1 MpKsl66e834a6;MpKsl66e834a6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{231A49B1-80EF-452A-833D-B6F3762DE435}\MpKsl66e834a6.sys [x]
R1 MpKsl6907c979;MpKsl6907c979;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0314A68-6D35-4ABD-A967-791963B6E608}\MpKsl6907c979.sys [x]
R1 MpKsl6a8a2abc;MpKsl6a8a2abc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE891397-F174-43EB-A370-E184295817AA}\MpKsl6a8a2abc.sys [x]
R1 MpKsl6ad5b5b6;MpKsl6ad5b5b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D23B9EC6-8450-477B-ADCB-FB0628E27C94}\MpKsl6ad5b5b6.sys [x]
R1 MpKsl6b2745f9;MpKsl6b2745f9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2A0BF71-34B9-4E5D-8BB5-CCB7A3B1816B}\MpKsl6b2745f9.sys [x]
R1 MpKsl70a0409b;MpKsl70a0409b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EFCFD4E-9CFA-4808-B842-E730AAE02541}\MpKsl70a0409b.sys [x]
R1 MpKsl70dade98;MpKsl70dade98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8ABB109-E205-4327-AA5B-6815BCB22927}\MpKsl70dade98.sys [x]
R1 MpKsl72935daa;MpKsl72935daa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{700105C8-1B6D-4E2B-93AE-72FA9B6412C5}\MpKsl72935daa.sys [x]
R1 MpKsl7577ff9f;MpKsl7577ff9f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76488854-E3E4-4540-B4A7-B8D4E5845D00}\MpKsl7577ff9f.sys [x]
R1 MpKsl75ed7439;MpKsl75ed7439;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B220448C-EF10-4E19-BF5B-2B69E4F6C90E}\MpKsl75ed7439.sys [x]
R1 MpKsl792ce7c3;MpKsl792ce7c3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7A718D3-043F-4671-848C-909D2DA60910}\MpKsl792ce7c3.sys [x]
R1 MpKsl797875c7;MpKsl797875c7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F12D0D83-F092-4E58-A388-5E8F8013E06D}\MpKsl797875c7.sys [x]
R1 MpKsl79e86464;MpKsl79e86464;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3959439A-FD09-4DC3-AEED-3F23B0E9E68B}\MpKsl79e86464.sys [x]
R1 MpKsl7c05a715;MpKsl7c05a715;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19CBD82-9D3D-44CB-B675-F42AC35BEDE7}\MpKsl7c05a715.sys [x]
R1 MpKsl80a3f0c9;MpKsl80a3f0c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78015E95-CDA3-4363-ACDA-061A77A290C9}\MpKsl80a3f0c9.sys [x]
R1 MpKsl820dda1e;MpKsl820dda1e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C1DE2E4-DDE4-4C36-93C3-23CA38DD93CF}\MpKsl820dda1e.sys [x]
R1 MpKsl83f1e94b;MpKsl83f1e94b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F356C71-42BF-4B32-9F2B-5F279774E848}\MpKsl83f1e94b.sys [x]
R1 MpKsl8923db3a;MpKsl8923db3a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D393F828-4B9E-49B2-A5C6-E3E66E251897}\MpKsl8923db3a.sys [x]
R1 MpKsl8a85876a;MpKsl8a85876a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D29DEF5-CCFB-4811-BA9D-E97151E26F21}\MpKsl8a85876a.sys [x]
R1 MpKsl8cc0486a;MpKsl8cc0486a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3006A176-E208-4B2B-B824-F79A3CDA50CC}\MpKsl8cc0486a.sys [x]
R1 MpKsl8fde8f61;MpKsl8fde8f61;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B220448C-EF10-4E19-BF5B-2B69E4F6C90E}\MpKsl8fde8f61.sys [x]
R1 MpKsl90ff8dc6;MpKsl90ff8dc6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B946628E-6B8E-43E2-9079-D37886C6BEFD}\MpKsl90ff8dc6.sys [x]
R1 MpKsl91c76266;MpKsl91c76266;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBF2B626-6D42-4A80-9B2C-A3E0DA73D4C9}\MpKsl91c76266.sys [x]
R1 MpKsl96f9f579;MpKsl96f9f579;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3274473-3401-4209-8AF6-ED127A45309D}\MpKsl96f9f579.sys [x]
R1 MpKsl98235f0b;MpKsl98235f0b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04F648A4-8262-4F3D-9C66-B856E71B5B6F}\MpKsl98235f0b.sys [x]
R1 MpKsl990d2912;MpKsl990d2912;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29B89742-21FC-4301-B3CD-C7F702C4F46E}\MpKsl990d2912.sys [x]
R1 MpKsla0fa3733;MpKsla0fa3733;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07DD8CA2-392F-4E33-BA8B-72DEFAD914C6}\MpKsla0fa3733.sys [x]
R1 MpKsla59ae932;MpKsla59ae932;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04F648A4-8262-4F3D-9C66-B856E71B5B6F}\MpKsla59ae932.sys [x]
R1 MpKsla69ca89d;MpKsla69ca89d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D23B9EC6-8450-477B-ADCB-FB0628E27C94}\MpKsla69ca89d.sys [x]
R1 MpKsla6eb5529;MpKsla6eb5529;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42856969-046F-4B84-8FB1-224C9CD8FEF9}\MpKsla6eb5529.sys [x]
R1 MpKsla8bd92e0;MpKsla8bd92e0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A80888C-9BCC-4B5A-91D2-A9C8B2B73610}\MpKsla8bd92e0.sys [x]
R1 MpKslaa7e6e21;MpKslaa7e6e21;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{700105C8-1B6D-4E2B-93AE-72FA9B6412C5}\MpKslaa7e6e21.sys [x]
R1 MpKslac3b066d;MpKslac3b066d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5F32350-1217-4952-80E3-186D08A3498D}\MpKslac3b066d.sys [x]
R1 MpKslac9b8d00;MpKslac9b8d00;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A668D94-5376-4165-807A-DC083761217F}\MpKslac9b8d00.sys [x]
R1 MpKslacd27da4;MpKslacd27da4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29B89742-21FC-4301-B3CD-C7F702C4F46E}\MpKslacd27da4.sys [x]
R1 MpKslaebb185f;MpKslaebb185f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F78D488-E291-45B6-9F70-F5ED37A004A4}\MpKslaebb185f.sys [x]
R1 MpKslaef5f872;MpKslaef5f872;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B946628E-6B8E-43E2-9079-D37886C6BEFD}\MpKslaef5f872.sys [x]
R1 MpKslaf814032;MpKslaf814032;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB8B93BB-0C43-441E-AEB7-98C036F6E7A2}\MpKslaf814032.sys [x]
R1 MpKslafb126a7;MpKslafb126a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1D2791E-5C09-4ECB-8DDB-26947C9CFC1C}\MpKslafb126a7.sys [x]
R1 MpKslb692fd8c;MpKslb692fd8c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B60C39E8-43E6-49F2-AF18-3343C49204D0}\MpKslb692fd8c.sys [x]
R1 MpKslb77ce85f;MpKslb77ce85f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCC89A97-FE9A-4B04-8DE3-47576D9D01E3}\MpKslb77ce85f.sys [x]
R1 MpKslb7dafbde;MpKslb7dafbde;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0178A7B-BC44-4E02-9709-9F6EFA52B993}\MpKslb7dafbde.sys [x]
R1 MpKslc0a20516;MpKslc0a20516;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{700105C8-1B6D-4E2B-93AE-72FA9B6412C5}\MpKslc0a20516.sys [x]
R1 MpKslc1491461;MpKslc1491461;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73ADBEF7-C3AC-4470-B4B6-9C3133C1A845}\MpKslc1491461.sys [x]
R1 MpKslc3c3ed30;MpKslc3c3ed30;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C53135E-CC22-4D2E-A5E9-273E9594015F}\MpKslc3c3ed30.sys [x]
R1 MpKslc4f8a70b;MpKslc4f8a70b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EAC248B-4EE6-43C4-8CF1-65216F2D37BD}\MpKslc4f8a70b.sys [x]
R1 MpKslca64f92d;MpKslca64f92d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0669A564-4BCD-4453-BCA6-6DD53627AC52}\MpKslca64f92d.sys [x]
R1 MpKsld1fc301a;MpKsld1fc301a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EFCFD4E-9CFA-4808-B842-E730AAE02541}\MpKsld1fc301a.sys [x]
R1 MpKsld2cd7195;MpKsld2cd7195;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD8905B9-A1CA-4DDD-9179-C6F477D0223B}\MpKsld2cd7195.sys [x]
R1 MpKsld37c3ca9;MpKsld37c3ca9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0314A68-6D35-4ABD-A967-791963B6E608}\MpKsld37c3ca9.sys [x]
R1 MpKsld96ea051;MpKsld96ea051;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51D68E54-8F61-448D-B791-15FCDECCF86D}\MpKsld96ea051.sys [x]
R1 MpKsldad5cb0d;MpKsldad5cb0d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{825718BB-C0E0-47BF-929A-82C842D0D327}\MpKsldad5cb0d.sys [x]
R1 MpKsldd9e3773;MpKsldd9e3773;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19CBD82-9D3D-44CB-B675-F42AC35BEDE7}\MpKsldd9e3773.sys [x]
R1 MpKsle7c1a914;MpKsle7c1a914;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2A0BF71-34B9-4E5D-8BB5-CCB7A3B1816B}\MpKsle7c1a914.sys [x]
R1 MpKsle9d5fb17;MpKsle9d5fb17;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EB1DC3F-16FA-45E0-87BC-782ABD2F9273}\MpKsle9d5fb17.sys [x]
R1 MpKslea202cbf;MpKslea202cbf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC35ACB1-0E1E-452F-9215-62E7ECA2579D}\MpKslea202cbf.sys [x]
R1 MpKsleb09a783;MpKsleb09a783;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAB95F0C-CD21-4F7A-A996-4FDA209EFB39}\MpKsleb09a783.sys [x]
R1 MpKslec7e53c4;MpKslec7e53c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8EADAB6-113A-4648-A9B5-24F16169D0C0}\MpKslec7e53c4.sys [x]
R1 MpKsleda90b15;MpKsleda90b15;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB367FEC-34FD-4D30-82DA-4D2F5399066C}\MpKsleda90b15.sys [x]
R1 MpKslfea38e03;MpKslfea38e03;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33CED062-425D-4950-9D9A-CB0B0EFDAAE1}\MpKslfea38e03.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 freenet;Freenet background service;c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-23 15232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-23 232512]
S1 MpKsl12e0b3a2;MpKsl12e0b3a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F96A5E7E-859C-4727-808A-92ECD7C44E5C}\MpKsl12e0b3a2.sys [2011-12-21 29904]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-14 352144]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-08-01 47360]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - 51847042
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-13 c:\windows\Tasks\HPCeeScheduleForChris.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
2011-12-22 c:\windows\Tasks\User_Feed_Synchronization-{D3D9B8B4-E29C-47D8-BDC9-D29EFDBAE505}.job
- c:\windows\system32\msfeedssync.exe [2011-10-13 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = About:Blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-21 19:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Chris\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-21 19:49:07
ComboFix-quarantined-files.txt 2011-12-22 01:49
ComboFix2.txt 2011-12-14 23:56
ComboFix3.txt 2011-12-14 08:18
.
Pre-Run: 128,517,718,016 bytes free
Post-Run: 128,864,231,424 bytes free
.
- - End Of File - - 89D40987E1D668EB7F9646DA519CCECB

[maliprog]

Please don't use browsers except to answer my posts. Let's play safe. Some of our tools have new versions so let's see what we have now. Combofix found same infection again and removed it.

Step 1

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run as Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Step 2


NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
  "FirewallDisableNotify"=-
  "AntiVirusDisableNotify"=-
  "UpdatesDisableNotify"=-
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
  "AntiVirusOverride"= 0
  "AntiSpywareOverride"= 0
  
  :Files
  ipconfig /flushdns /c
  C:\Users\Chris\AppData\Local\*.exe
  
  :Commands
  [purity]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3


Delete your version of TDSSKiller and download new one.

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

• Extract the zip file to its own folder.
• Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
• Click Start scan to start scanning.
• If infection is detected, the default setting for "action" should be Cure
  
  • (If suspicious file is detected please click on it and change it to Skip).
• Click Continue button
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 4


Delete your version of aswMBR and download new one.

Download aswMBR.exe ( 511KB ) to your desktop.

• Double click the aswMBR.exe to run it
• Click the "Scan" button to start scan
• On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
• Also, ZIP MBR.dat it creates and attach it to your next reply

Step 5

Please don't forget to include these items in your reply:

• Event Viewer Tool log
• OTL fix log
• TDSSKiller log
• aswMBR log

It would be helpful if you could post each log in separate post

[y2kfroguy]

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 29/12/2011 20:47:21

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/12/2011 00:45:00
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 29/12/2011 00:43:07
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX

Log: 'System' Date/Time: 29/12/2011 00:43:07
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Portable Device Enumerator Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 29/12/2011 00:43:07
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.

Log: 'System' Date/Time: 29/12/2011 00:43:07
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Distributed Link Tracking Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 29/12/2011 00:43:07
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

Log: 'System' Date/Time: 29/12/2011 00:43:07
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

Log: 'System' Date/Time: 29/12/2011 00:43:07
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Log: 'System' Date/Time: 29/12/2011 00:43:07
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 29/12/2011 00:43:07
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 29/12/2011 00:43:07
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 29/12/2011 00:43:07
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 29/12/2011 00:43:07
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Freenet background service service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 29/12/2011 00:43:07
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 29/12/2011 00:43:07
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 29/12/2011 00:43:02
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 29/12/2011 00:35:14
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 29/12/2011 00:26:06
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 29/12/2011 00:15:44
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 26/12/2011 05:22:48
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.69 for the Network Card with network address 00242BB8D54A has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/12/2011 01:47:43
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00242BB8D54A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 30/12/2011 01:04:58
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 29/12/2011 23:40:21
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 29/12/2011 23:40:18
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00242BB8D54A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/12/2011 04:51:01
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 29/12/2011 00:40:33
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 29/12/2011 00:39:56
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 29/12/2011 00:39:56
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 29/12/2011 00:12:12
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 28/12/2011 19:06:26
Type: Warning Category: 2
Event: 16 Source: Microsoft-Windows-WindowsUpdateClient
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Log: 'System' Date/Time: 28/12/2011 19:06:06
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 28/12/2011 19:06:02
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00242BB8D54A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 27/12/2011 21:10:05
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 27/12/2011 21:10:02
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00242BB8D54A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 26/12/2011 23:33:40
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 26/12/2011 23:33:36
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00242BB8D54A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 26/12/2011 05:22:48
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 26/12/2011 05:21:16
Type: Warning Category: 2
Event: 16 Source: Microsoft-Windows-WindowsUpdateClient
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Log: 'System' Date/Time: 26/12/2011 05:20:52
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 26/12/2011 05:20:48
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00242BB8D54A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

[y2kfroguy]

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 29/12/2011 20:49:20

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/12/2011 01:04:57
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 2196743

Log: 'Application' Date/Time: 30/12/2011 01:04:57
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 2196743

Log: 'Application' Date/Time: 30/12/2011 01:04:57
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 29/12/2011 23:40:20
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 63399961

Log: 'Application' Date/Time: 29/12/2011 23:40:20
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 63399961

Log: 'Application' Date/Time: 29/12/2011 23:40:20
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 29/12/2011 23:40:18
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 63397840

Log: 'Application' Date/Time: 29/12/2011 23:40:18
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 63397840

Log: 'Application' Date/Time: 29/12/2011 23:40:18
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 29/12/2011 23:40:17
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 63396233

Log: 'Application' Date/Time: 29/12/2011 23:40:17
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 63396233

Log: 'Application' Date/Time: 29/12/2011 23:40:17
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 29/12/2011 06:03:44
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 3651

Log: 'Application' Date/Time: 29/12/2011 06:03:44
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 3651

Log: 'Application' Date/Time: 29/12/2011 06:03:44
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 29/12/2011 06:03:43
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 2496

Log: 'Application' Date/Time: 29/12/2011 06:03:43
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 2496

Log: 'Application' Date/Time: 29/12/2011 06:03:43
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 29/12/2011 06:03:42
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 1404

Log: 'Application' Date/Time: 29/12/2011 06:03:42
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 1404

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/12/2011 23:40:21
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 29/12/2011 23:40:19
Type: Warning Category: 7
Event: 508 Source: ESENT
Windows (2948) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log" at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes succeeded, but took an abnormally long time (63394 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 29/12/2011 23:40:19
Type: Warning Category: 7
Event: 508 Source: ESENT
Windows (2948) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 68870144 (0x00000000041ae000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (63394 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 29/12/2011 00:43:56
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 29/12/2011 00:39:54
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3528557333-1276884114-130164159-1000_Classes:
Process 1768 (\Device\HarddiskVolume1\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-3528557333-1276884114-130164159-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 29/12/2011 00:17:07
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3013 for the Windows Search Service has been suppressed 305 time(s) since 6:12:19 PM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event.

Log: 'Application' Date/Time: 29/12/2011 00:12:15
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3013 for the Windows Search Service has been suppressed 85 time(s) since 3:11:13 PM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event.

Log: 'Application' Date/Time: 28/12/2011 19:06:03
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 27/12/2011 21:11:07
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{s-1-5-21-3528557333-1276884114-130164159-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The filtering was stopped because of a user action, such as stopping the crawl. (0x80040d54)


Log: 'Application' Date/Time: 27/12/2011 21:10:02
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 26/12/2011 23:33:37
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 26/12/2011 05:20:49
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 25/12/2011 15:38:49
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 25/12/2011 05:24:06
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 25/12/2011 05:24:06
Type: Warning Category: 7
Event: 508 Source: ESENT
Windows (3092) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 55025664 (0x000000000347a000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (30656 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 24/12/2011 20:40:52
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3013 for the Windows Search Service has been suppressed 204 time(s) since 2:05:53 PM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event.

Log: 'Application' Date/Time: 24/12/2011 20:11:19
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 24/12/2011 20:04:58
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 24/12/2011 02:23:30
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 23/12/2011 06:31:06
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

[y2kfroguy]

========== OTL ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify deleted successfully.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\"AntiVirusOverride"| 0 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\"AntiSpywareOverride"| 0 /E!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chris\Desktop\cmd.bat deleted successfully.
C:\Users\Chris\Desktop\cmd.txt deleted successfully.
File\Folder C:\Users\Chris\AppData\Local\*.exe not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 12292011_205422

[y2kfroguy]

21:01:34.0762 3060 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:01:35.0402 3060 ============================================================
21:01:35.0402 3060 Current date / time: 2011/12/29 21:01:35.0402
21:01:35.0402 3060 SystemInfo:
21:01:35.0402 3060
21:01:35.0402 3060 OS Version: 6.0.6002 ServicePack: 2.0
21:01:35.0402 3060 Product type: Workstation
21:01:35.0402 3060 ComputerName: CHRIS-PC
21:01:35.0402 3060 UserName: Chris
21:01:35.0402 3060 Windows directory: C:\Windows
21:01:35.0402 3060 System windows directory: C:\Windows
21:01:35.0402 3060 Processor architecture: Intel x86
21:01:35.0402 3060 Number of processors: 2
21:01:35.0402 3060 Page size: 0x1000
21:01:35.0402 3060 Boot type: Normal boot
21:01:35.0402 3060 ============================================================
21:01:36.0946 3060 Initialize success
21:01:41.0205 1412 ============================================================
21:01:41.0205 1412 Scan started
21:01:41.0205 1412 Mode: Manual;
21:01:41.0205 1412 ============================================================
21:01:42.0625 1412 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:01:42.0625 1412 ACPI - ok
21:01:42.0765 1412 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:01:42.0796 1412 adp94xx - ok
21:01:42.0890 1412 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:01:42.0937 1412 adpahci - ok
21:01:42.0984 1412 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:01:42.0999 1412 adpu160m - ok
21:01:43.0062 1412 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:01:43.0062 1412 adpu320 - ok
21:01:43.0280 1412 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:01:43.0296 1412 AFD - ok
21:01:43.0374 1412 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:01:43.0374 1412 agp440 - ok
21:01:43.0467 1412 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:01:43.0483 1412 aic78xx - ok
21:01:43.0608 1412 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
21:01:43.0608 1412 aliide - ok
21:01:43.0748 1412 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:01:43.0748 1412 amdagp - ok
21:01:43.0842 1412 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
21:01:43.0842 1412 amdide - ok
21:01:43.0935 1412 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:01:43.0951 1412 AmdK7 - ok
21:01:43.0998 1412 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:01:43.0998 1412 AmdK8 - ok
21:01:44.0217 1412 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:01:44.0217 1412 arc - ok
21:01:44.0404 1412 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:01:44.0435 1412 arcsas - ok
21:01:44.0654 1412 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:01:44.0654 1412 AsyncMac - ok
21:01:44.0794 1412 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:01:44.0794 1412 atapi - ok
21:01:45.0153 1412 athr (8aefd56986964bbae02b790971f2abaf) C:\Windows\system32\DRIVERS\athr.sys
21:01:45.0247 1412 athr - ok
21:01:45.0496 1412 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:01:45.0512 1412 Beep - ok
21:01:45.0683 1412 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:01:45.0699 1412 blbdrive - ok
21:01:45.0949 1412 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:01:45.0964 1412 bowser - ok
21:01:46.0136 1412 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:01:46.0151 1412 BrFiltLo - ok
21:01:46.0276 1412 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:01:46.0276 1412 BrFiltUp - ok
21:01:46.0479 1412 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:01:46.0495 1412 Brserid - ok
21:01:46.0619 1412 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:01:46.0635 1412 BrSerWdm - ok
21:01:46.0760 1412 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:01:46.0775 1412 BrUsbMdm - ok
21:01:46.0869 1412 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:01:46.0885 1412 BrUsbSer - ok
21:01:47.0072 1412 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:01:47.0072 1412 BTHMODEM - ok
21:01:47.0259 1412 catchme - ok
21:01:47.0384 1412 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:01:47.0399 1412 cdfs - ok
21:01:47.0571 1412 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:01:47.0571 1412 cdrom - ok
21:01:47.0711 1412 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:01:47.0743 1412 circlass - ok
21:01:47.0852 1412 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:01:47.0867 1412 CLFS - ok
21:01:48.0055 1412 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:01:48.0055 1412 CmBatt - ok
21:01:48.0164 1412 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
21:01:48.0164 1412 cmdide - ok
21:01:48.0351 1412 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
21:01:48.0382 1412 CnxtHdAudService - ok
21:01:48.0632 1412 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:01:48.0632 1412 Compbatt - ok
21:01:48.0710 1412 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:01:48.0710 1412 crcdisk - ok
21:01:48.0897 1412 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:01:48.0913 1412 Crusoe - ok
21:01:49.0115 1412 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:01:49.0131 1412 DfsC - ok
21:01:49.0396 1412 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:01:49.0412 1412 disk - ok
21:01:49.0833 1412 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:01:49.0895 1412 Dot4 - ok
21:01:49.0973 1412 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:01:49.0973 1412 Dot4Print - ok
21:01:50.0083 1412 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:01:50.0098 1412 dot4usb - ok
21:01:50.0192 1412 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:01:50.0192 1412 drmkaud - ok
21:01:50.0348 1412 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:01:50.0348 1412 DXGKrnl - ok
21:01:50.0473 1412 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:01:50.0488 1412 E1G60 - ok
21:01:50.0644 1412 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:01:50.0644 1412 Ecache - ok
21:01:50.0738 1412 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:01:50.0769 1412 elxstor - ok
21:01:50.0878 1412 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:01:50.0894 1412 ErrDev - ok
21:01:51.0003 1412 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:01:51.0019 1412 exfat - ok
21:01:51.0097 1412 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:01:51.0097 1412 fastfat - ok
21:01:51.0253 1412 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:01:51.0253 1412 fdc - ok
21:01:51.0362 1412 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:01:51.0362 1412 FileInfo - ok
21:01:51.0424 1412 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:01:51.0424 1412 Filetrace - ok
21:01:51.0471 1412 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:01:51.0487 1412 flpydisk - ok
21:01:51.0533 1412 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:01:51.0533 1412 FltMgr - ok
21:01:51.0736 1412 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:01:51.0736 1412 Fs_Rec - ok
21:01:51.0861 1412 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:01:51.0861 1412 gagp30kx - ok
21:01:51.0970 1412 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:01:51.0970 1412 GEARAspiWDM - ok
21:01:52.0189 1412 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:01:52.0235 1412 HdAudAddService - ok
21:01:52.0391 1412 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:01:52.0454 1412 HDAudBus - ok
21:01:52.0681 1412 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:01:52.0683 1412 HidBth - ok
21:01:52.0823 1412 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:01:52.0825 1412 HidIr - ok
21:01:53.0010 1412 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:01:53.0019 1412 HidUsb - ok
21:01:53.0195 1412 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:01:53.0210 1412 HpCISSs - ok
21:01:53.0478 1412 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:01:53.0490 1412 HpqKbFiltr - ok
21:01:53.0840 1412 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:01:53.0953 1412 HSF_DPV - ok
21:01:54.0126 1412 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:01:54.0171 1412 HSXHWAZL - ok
21:01:54.0346 1412 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:01:54.0413 1412 HTTP - ok
21:01:54.0537 1412 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:01:54.0538 1412 i2omp - ok
21:01:54.0737 1412 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:01:54.0746 1412 i8042prt - ok
21:01:55.0014 1412 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:01:55.0047 1412 iaStorV - ok
21:01:55.0437 1412 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:01:55.0725 1412 igfx - ok
21:01:55.0803 1412 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:01:55.0803 1412 iirsp - ok
21:01:55.0928 1412 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
21:01:55.0928 1412 IntcHdmiAddService - ok
21:01:56.0006 1412 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
21:01:56.0006 1412 intelide - ok
21:01:56.0053 1412 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:01:56.0053 1412 intelppm - ok
21:01:56.0162 1412 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:01:56.0162 1412 IpFilterDriver - ok
21:01:56.0193 1412 IpInIp - ok
21:01:56.0255 1412 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:01:56.0255 1412 IPMIDRV - ok
21:01:56.0302 1412 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:01:56.0318 1412 IPNAT - ok
21:01:56.0396 1412 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:01:56.0396 1412 IRENUM - ok
21:01:56.0458 1412 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:01:56.0458 1412 isapnp - ok
21:01:56.0521 1412 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:01:56.0521 1412 iScsiPrt - ok
21:01:56.0583 1412 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:01:56.0583 1412 iteatapi - ok
21:01:56.0614 1412 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:01:56.0614 1412 iteraid - ok
21:01:56.0645 1412 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:01:56.0661 1412 kbdclass - ok
21:01:56.0708 1412 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
21:01:56.0708 1412 kbdhid - ok
21:01:56.0786 1412 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:01:56.0801 1412 KSecDD - ok
21:01:56.0879 1412 Lavasoft Kernexplorer - ok
21:01:56.0973 1412 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
21:01:56.0989 1412 Lbd - ok
21:01:57.0082 1412 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:01:57.0082 1412 lltdio - ok
21:01:57.0145 1412 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:01:57.0145 1412 LSI_FC - ok
21:01:57.0176 1412 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:01:57.0176 1412 LSI_SAS - ok
21:01:57.0269 1412 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:01:57.0269 1412 LSI_SCSI - ok
21:01:57.0316 1412 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:01:57.0316 1412 luafv - ok
21:01:57.0410 1412 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:01:57.0410 1412 mdmxsdk - ok
21:01:57.0457 1412 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:01:57.0457 1412 megasas - ok
21:01:57.0503 1412 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:01:57.0519 1412 MegaSR - ok
21:01:57.0581 1412 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:01:57.0581 1412 Modem - ok
21:01:57.0644 1412 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:01:57.0644 1412 monitor - ok
21:01:57.0706 1412 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:01:57.0706 1412 mouclass - ok
21:01:57.0753 1412 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:01:57.0753 1412 mouhid - ok
21:01:57.0800 1412 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:01:57.0800 1412 MountMgr - ok
21:01:57.0893 1412 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:01:57.0909 1412 mpio - ok
21:01:58.0003 1412 MpKsl0450a567 - ok
21:01:58.0049 1412 MpKsl04ad696c - ok
21:01:58.0065 1412 MpKsl054eedf1 - ok
21:01:58.0096 1412 MpKsl072c5605 - ok
21:01:58.0112 1412 MpKsl07e2723b - ok
21:01:58.0143 1412 MpKsl091b0f5e - ok
21:01:58.0159 1412 MpKsl0ab04352 - ok
21:01:58.0174 1412 MpKsl11bae039 - ok
21:01:58.0190 1412 MpKsl13cbeab6 - ok
21:01:58.0205 1412 MpKsl14587726 - ok
21:01:58.0205 1412 MpKsl145df352 - ok
21:01:58.0221 1412 MpKsl17d1ffef - ok
21:01:58.0237 1412 MpKsl1a6d9eee - ok
21:01:58.0252 1412 MpKsl1ec972f2 - ok
21:01:58.0252 1412 MpKsl24bb53be - ok
21:01:58.0268 1412 MpKsl2653b5af - ok
21:01:58.0283 1412 MpKsl296d9f62 - ok
21:01:58.0315 1412 MpKsl29890513 - ok
21:01:58.0330 1412 MpKsl29f73266 - ok
21:01:58.0346 1412 MpKsl2ae3661f - ok
21:01:58.0361 1412 MpKsl2e676c18 - ok
21:01:58.0377 1412 MpKsl34a24807 - ok
21:01:58.0377 1412 MpKsl35b95aa8 - ok
21:01:58.0408 1412 MpKsl3618fc94 - ok
21:01:58.0408 1412 MpKsl37beff20 - ok
21:01:58.0424 1412 MpKsl3a7eeb65 - ok
21:01:58.0439 1412 MpKsl3c8de7c2 - ok
21:01:58.0455 1412 MpKsl3cf5a160 - ok
21:01:58.0471 1412 MpKsl439c4d58 - ok
21:01:58.0471 1412 MpKsl442ca00f - ok
21:01:58.0486 1412 MpKsl446d8a4f - ok
21:01:58.0502 1412 MpKsl469ca24f - ok
21:01:58.0517 1412 MpKsl476cffeb - ok
21:01:58.0533 1412 MpKsl4a0be4b5 - ok
21:01:58.0564 1412 MpKsl4bb5891a - ok
21:01:58.0564 1412 MpKsl4f7e35d6 - ok
21:01:58.0580 1412 MpKsl5209c373 - ok
21:01:58.0595 1412 MpKsl55efaf91 - ok
21:01:58.0611 1412 MpKsl57350dbc - ok
21:01:58.0627 1412 MpKsl5739cf65 - ok
21:01:58.0642 1412 MpKsl5bf8ed06 - ok
21:01:58.0658 1412 MpKsl5ddccabc - ok
21:01:58.0658 1412 MpKsl5f9e99b0 - ok
21:01:58.0673 1412 MpKsl60da120f - ok
21:01:58.0705 1412 MpKsl63ababa2 - ok
21:01:58.0705 1412 MpKsl63c68757 - ok
21:01:58.0736 1412 MpKsl649653eb - ok
21:01:58.0798 1412 MpKsl66e834a6 - ok
21:01:58.0814 1412 MpKsl6907c979 - ok
21:01:58.0814 1412 MpKsl6a8a2abc - ok
21:01:58.0829 1412 MpKsl6ad5b5b6 - ok
21:01:58.0845 1412 MpKsl6b2745f9 - ok
21:01:58.0861 1412 MpKsl70a0409b - ok
21:01:58.0876 1412 MpKsl70dade98 - ok
21:01:58.0876 1412 MpKsl72935daa - ok
21:01:58.0892 1412 MpKsl7577ff9f - ok
21:01:58.0907 1412 MpKsl75ed7439 - ok
21:01:58.0923 1412 MpKsl792ce7c3 - ok
21:01:58.0939 1412 MpKsl797875c7 - ok
21:01:58.0939 1412 MpKsl79e86464 - ok
21:01:58.0954 1412 MpKsl7c05a715 - ok
21:01:59.0017 1412 MpKsl80a3f0c9 - ok
21:01:59.0048 1412 MpKsl820dda1e - ok
21:01:59.0063 1412 MpKsl83f1e94b - ok
21:01:59.0079 1412 MpKsl8923db3a - ok
21:01:59.0095 1412 MpKsl8a85876a - ok
21:01:59.0110 1412 MpKsl8cc0486a - ok
21:01:59.0126 1412 MpKsl8fde8f61 - ok
21:01:59.0126 1412 MpKsl90ff8dc6 - ok
21:01:59.0141 1412 MpKsl91c76266 - ok
21:01:59.0157 1412 MpKsl96f9f579 - ok
21:01:59.0173 1412 MpKsl98235f0b - ok
21:01:59.0188 1412 MpKsl990d2912 - ok
21:01:59.0204 1412 MpKsla0fa3733 - ok
21:01:59.0219 1412 MpKsla59ae932 - ok
21:01:59.0235 1412 MpKsla69ca89d - ok
21:01:59.0235 1412 MpKsla6eb5529 - ok
21:01:59.0251 1412 MpKsla8bd92e0 - ok
21:01:59.0266 1412 MpKslaa7e6e21 - ok
21:01:59.0282 1412 MpKslac3b066d - ok
21:01:59.0297 1412 MpKslac9b8d00 - ok
21:01:59.0313 1412 MpKslacd27da4 - ok
21:01:59.0329 1412 MpKslaebb185f - ok
21:01:59.0344 1412 MpKslaef5f872 - ok
21:01:59.0360 1412 MpKslaf814032 - ok
21:01:59.0360 1412 MpKslafb126a7 - ok
21:01:59.0375 1412 MpKslb692fd8c - ok
21:01:59.0391 1412 MpKslb77ce85f - ok
21:01:59.0407 1412 MpKslb7dafbde - ok
21:01:59.0422 1412 MpKslc0a20516 - ok
21:01:59.0438 1412 MpKslc1491461 - ok
21:01:59.0438 1412 MpKslc3c3ed30 - ok
21:01:59.0453 1412 MpKslc4f8a70b - ok
21:01:59.0469 1412 MpKslca64f92d - ok
21:01:59.0485 1412 MpKsld1fc301a - ok
21:01:59.0500 1412 MpKsld2cd7195 - ok
21:01:59.0500 1412 MpKsld37c3ca9 - ok
21:01:59.0531 1412 MpKsld96ea051 - ok
21:01:59.0547 1412 MpKsldad5cb0d - ok
21:01:59.0563 1412 MpKsldd9e3773 - ok
21:01:59.0578 1412 MpKsle7c1a914 - ok
21:01:59.0594 1412 MpKsle9d5fb17 - ok
21:01:59.0609 1412 MpKslea202cbf - ok
21:01:59.0609 1412 MpKsleb09a783 - ok
21:01:59.0625 1412 MpKslec7e53c4 - ok
21:01:59.0641 1412 MpKsleda90b15 - ok
21:01:59.0656 1412 MpKslfea38e03 - ok
21:01:59.0765 1412 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:01:59.0765 1412 mpsdrv - ok
21:01:59.0812 1412 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:01:59.0812 1412 Mraid35x - ok
21:01:59.0859 1412 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:01:59.0859 1412 MRxDAV - ok
21:01:59.0921 1412 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:01:59.0921 1412 mrxsmb - ok
21:01:59.0999 1412 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:01:59.0999 1412 mrxsmb10 - ok
21:02:00.0124 1412 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:02:00.0171 1412 mrxsmb20 - ok
21:02:00.0265 1412 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
21:02:00.0280 1412 msahci - ok
21:02:00.0311 1412 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:02:00.0311 1412 msdsm - ok
21:02:00.0374 1412 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:02:00.0374 1412 Msfs - ok
21:02:00.0421 1412 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:02:00.0421 1412 msisadrv - ok
21:02:00.0545 1412 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:02:00.0545 1412 MSKSSRV - ok
21:02:00.0561 1412 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:02:00.0577 1412 MSPCLOCK - ok
21:02:00.0608 1412 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:02:00.0608 1412 MSPQM - ok
21:02:00.0670 1412 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:02:00.0670 1412 MsRPC - ok
21:02:00.0733 1412 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:02:00.0733 1412 mssmbios - ok
21:02:00.0795 1412 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:02:00.0795 1412 MSTEE - ok
21:02:00.0826 1412 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:02:00.0826 1412 Mup - ok
21:02:00.0889 1412 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:02:00.0889 1412 NativeWifiP - ok
21:02:00.0904 1412 NAVENG - ok
21:02:00.0920 1412 NAVEX15 - ok
21:02:00.0982 1412 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:02:01.0013 1412 NDIS - ok
21:02:01.0076 1412 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:02:01.0076 1412 NdisTapi - ok
21:02:01.0123 1412 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:02:01.0123 1412 Ndisuio - ok
21:02:01.0201 1412 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:02:01.0201 1412 NdisWan - ok
21:02:01.0232 1412 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:02:01.0232 1412 NDProxy - ok
21:02:01.0279 1412 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:02:01.0279 1412 NetBIOS - ok
21:02:01.0341 1412 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:02:01.0341 1412 netbt - ok
21:02:01.0528 1412 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
21:02:01.0606 1412 NETw3v32 - ok
21:02:01.0637 1412 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:02:01.0637 1412 nfrd960 - ok
21:02:01.0700 1412 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:02:01.0700 1412 Npfs - ok
21:02:01.0747 1412 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:02:01.0747 1412 nsiproxy - ok
21:02:01.0825 1412 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:02:01.0856 1412 Ntfs - ok
21:02:01.0934 1412 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:02:01.0934 1412 ntrigdigi - ok
21:02:02.0012 1412 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:02:02.0012 1412 Null - ok
21:02:02.0059 1412 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:02:02.0059 1412 nvraid - ok
21:02:02.0090 1412 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:02:02.0090 1412 nvstor - ok
21:02:02.0137 1412 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:02:02.0152 1412 nv_agp - ok
21:02:02.0199 1412 NwlnkFlt - ok
21:02:02.0230 1412 NwlnkFwd - ok
21:02:02.0308 1412 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
21:02:02.0308 1412 ohci1394 - ok
21:02:02.0371 1412 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:02:02.0386 1412 Parport - ok
21:02:02.0433 1412 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:02:02.0433 1412 partmgr - ok
21:02:02.0495 1412 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:02:02.0495 1412 Parvdm - ok
21:02:02.0558 1412 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:02:02.0558 1412 pci - ok
21:02:02.0620 1412 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
21:02:02.0620 1412 pciide - ok
21:02:02.0667 1412 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:02:02.0667 1412 pcmcia - ok
21:02:02.0792 1412 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
21:02:02.0792 1412 pcouffin - ok
21:02:02.0885 1412 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:02:02.0917 1412 PEAUTH - ok
21:02:03.0088 1412 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:02:03.0088 1412 PptpMiniport - ok
21:02:03.0135 1412 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:02:03.0135 1412 Processor - ok
21:02:03.0229 1412 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:02:03.0229 1412 PSched - ok
21:02:03.0338 1412 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:02:03.0369 1412 ql2300 - ok
21:02:03.0431 1412 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:02:03.0431 1412 ql40xx - ok
21:02:03.0494 1412 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:02:03.0494 1412 QWAVEdrv - ok
21:02:03.0525 1412 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:02:03.0525 1412 RasAcd - ok
21:02:03.0572 1412 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:02:03.0572 1412 Rasl2tp - ok
21:02:03.0634 1412 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:02:03.0634 1412 RasPppoe - ok
21:02:03.0697 1412 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:02:03.0697 1412 RasSstp - ok
21:02:03.0775 1412 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:02:03.0775 1412 rdbss - ok
21:02:03.0821 1412 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:02:03.0821 1412 RDPCDD - ok
21:02:03.0884 1412 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:02:03.0884 1412 rdpdr - ok
21:02:03.0931 1412 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:02:03.0931 1412 RDPENCDD - ok
21:02:03.0993 1412 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:02:03.0993 1412 RDPWD - ok
21:02:04.0149 1412 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:02:04.0149 1412 rspndr - ok
21:02:04.0243 1412 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:02:04.0258 1412 RTL8169 - ok
21:02:04.0321 1412 RTSTOR (08c3394391ab0aff65d75ae65d4207e1) C:\Windows\system32\drivers\RTSTOR.SYS
21:02:04.0321 1412 RTSTOR - ok
21:02:04.0352 1412 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:02:04.0367 1412 sbp2port - ok
21:02:04.0445 1412 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
21:02:04.0445 1412 sdbus - ok
21:02:04.0508 1412 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:02:04.0508 1412 secdrv - ok
21:02:04.0570 1412 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:02:04.0570 1412 Serenum - ok
21:02:04.0633 1412 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:02:04.0633 1412 Serial - ok
21:02:04.0664 1412 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:02:04.0664 1412 sermouse - ok
21:02:04.0742 1412 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:02:04.0742 1412 sffdisk - ok
21:02:04.0789 1412 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:02:04.0789 1412 sffp_mmc - ok
21:02:04.0835 1412 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:02:04.0835 1412 sffp_sd - ok
21:02:04.0898 1412 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:02:04.0898 1412 sfloppy - ok
21:02:04.0976 1412 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:02:04.0976 1412 sisagp - ok
21:02:05.0038 1412 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:02:05.0038 1412 SiSRaid2 - ok
21:02:05.0069 1412 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:02:05.0069 1412 SiSRaid4 - ok
21:02:05.0132 1412 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:02:05.0132 1412 Smb - ok
21:02:05.0225 1412 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:02:05.0225 1412 spldr - ok
21:02:05.0257 1412 SRTSP - ok
21:02:05.0335 1412 SRTSPX - ok
21:02:05.0397 1412 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:02:05.0413 1412 srv - ok
21:02:05.0459 1412 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:02:05.0459 1412 srv2 - ok
21:02:05.0522 1412 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:02:05.0522 1412 srvnet - ok
21:02:05.0600 1412 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
21:02:05.0600 1412 StillCam - ok
21:02:05.0647 1412 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:02:05.0647 1412 swenum - ok
21:02:05.0693 1412 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:02:05.0693 1412 Symc8xx - ok
21:02:05.0725 1412 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:02:05.0725 1412 Sym_hi - ok
21:02:05.0771 1412 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:02:05.0771 1412 Sym_u3 - ok
21:02:05.0834 1412 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
21:02:05.0834 1412 SynTP - ok
21:02:05.0943 1412 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
21:02:05.0974 1412 Tcpip - ok
21:02:06.0083 1412 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
21:02:06.0083 1412 Tcpip6 - ok
21:02:06.0161 1412 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
21:02:06.0161 1412 tcpipreg - ok
21:02:06.0224 1412 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:02:06.0239 1412 TDPIPE - ok
21:02:06.0286 1412 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:02:06.0286 1412 TDTCP - ok
21:02:06.0317 1412 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:02:06.0333 1412 tdx - ok
21:02:06.0380 1412 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:02:06.0380 1412 TermDD - ok
21:02:06.0473 1412 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:02:06.0473 1412 tssecsrv - ok
21:02:06.0520 1412 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:02:06.0520 1412 tunmp - ok
21:02:06.0567 1412 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:02:06.0567 1412 tunnel - ok
21:02:06.0614 1412 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:02:06.0614 1412 uagp35 - ok
21:02:06.0692 1412 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:02:06.0707 1412 udfs - ok
21:02:06.0785 1412 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:02:06.0785 1412 uliagpkx - ok
21:02:06.0832 1412 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:02:06.0848 1412 uliahci - ok
21:02:06.0879 1412 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:02:06.0879 1412 UlSata - ok
21:02:06.0926 1412 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:02:06.0926 1412 ulsata2 - ok
21:02:06.0973 1412 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:02:06.0973 1412 umbus - ok
21:02:07.0051 1412 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:02:07.0051 1412 USBAAPL - ok
21:02:07.0129 1412 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:02:07.0144 1412 usbaudio - ok
21:02:07.0191 1412 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:02:07.0191 1412 usbccgp - ok
21:02:07.0253 1412 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:02:07.0253 1412 usbcir - ok
21:02:07.0332 1412 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:02:07.0332 1412 usbehci - ok
21:02:07.0395 1412 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:02:07.0410 1412 usbhub - ok
21:02:07.0442 1412 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:02:07.0442 1412 usbohci - ok
21:02:07.0504 1412 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:02:07.0504 1412 usbprint - ok
21:02:07.0566 1412 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:02:07.0566 1412 usbscan - ok
21:02:07.0644 1412 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:02:07.0644 1412 USBSTOR - ok
21:02:07.0707 1412 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:02:07.0707 1412 usbuhci - ok
21:02:07.0800 1412 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:02:07.0816 1412 usbvideo - ok
21:02:07.0910 1412 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:02:07.0910 1412 vga - ok
21:02:07.0972 1412 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:02:07.0972 1412 VgaSave - ok
21:02:08.0019 1412 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:02:08.0019 1412 viaagp - ok
21:02:08.0066 1412 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:02:08.0066 1412 ViaC7 - ok
21:02:08.0112 1412 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
21:02:08.0112 1412 viaide - ok
21:02:08.0175 1412 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:02:08.0175 1412 volmgr - ok
21:02:08.0222 1412 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:02:08.0237 1412 volmgrx - ok
21:02:08.0300 1412 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:02:08.0300 1412 volsnap - ok
21:02:08.0346 1412 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:02:08.0347 1412 vsmraid - ok
21:02:08.0420 1412 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:02:08.0420 1412 WacomPen - ok
21:02:08.0467 1412 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:02:08.0467 1412 Wanarp - ok
21:02:08.0498 1412 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:02:08.0498 1412 Wanarpv6 - ok
21:02:08.0576 1412 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:02:08.0576 1412 Wd - ok
21:02:08.0638 1412 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:02:08.0669 1412 Wdf01000 - ok
21:02:08.0763 1412 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:02:08.0794 1412 winachsf - ok
21:02:08.0872 1412 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
21:02:08.0872 1412 WinUSB - ok
21:02:08.0981 1412 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:02:08.0981 1412 WmiAcpi - ok
21:02:09.0153 1412 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:02:09.0153 1412 WpdUsb - ok
21:02:09.0215 1412 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:02:09.0215 1412 ws2ifsl - ok
21:02:09.0278 1412 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:02:09.0278 1412 WSDPrintDevice - ok
21:02:09.0356 1412 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
21:02:09.0356 1412 WudfPf - ok
21:02:09.0449 1412 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:02:09.0449 1412 WUDFRd - ok
21:02:09.0543 1412 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
21:02:09.0543 1412 XAudio - ok
21:02:09.0605 1412 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
21:02:09.0605 1412 yukonwlh - ok
21:02:09.0699 1412 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
21:02:09.0730 1412 \Device\Harddisk0\DR0 - ok
21:02:09.0746 1412 Boot (0x1200) (9dcdaf7f471265c30d24dfcfe84401fc) \Device\Harddisk0\DR0\Partition0
21:02:09.0746 1412 \Device\Harddisk0\DR0\Partition0 - ok
21:02:09.0777 1412 Boot (0x1200) (cb397c5c46b80037603f4951c15cacbc) \Device\Harddisk0\DR0\Partition1
21:02:09.0777 1412 \Device\Harddisk0\DR0\Partition1 - ok
21:02:09.0777 1412 ============================================================
21:02:09.0777 1412 Scan finished
21:02:09.0777 1412 ============================================================
21:02:09.0793 4048 Detected object count: 0
21:02:09.0793 4048 Actual detected object count: 0

[y2kfroguy]

aswMBR version 0.9.9.1116 Copyright© 2011 AVAST Software
Run date: 2011-12-22 00:48:46
-----------------------------
00:48:46.569 OS Version: Windows 6.0.6002 Service Pack 2
00:48:46.569 Number of processors: 2 586 0x170A
00:48:46.571 ComputerName: CHRIS-PC UserName: Chris
00:48:48.839 Initialize success
00:49:34.934 AVAST engine defs: 11122102
00:49:39.714 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:49:39.718 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 3
00:49:41.753 Disk 0 MBR read successfully
00:49:41.757 Disk 0 MBR scan
00:49:41.763 Disk 0 unknown MBR code
00:49:41.768 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294097 MB offset 63
00:49:41.811 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11144 MB offset 602312704
00:49:41.822 Disk 0 scanning sectors +625135616
00:49:41.872 Disk 0 scanning C:\Windows\system32\drivers
00:49:53.090 Service scanning
00:49:55.158 Modules scanning
00:50:02.470 Disk 0 trace - called modules:
00:50:02.498 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
00:50:02.508 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bc93a8]
00:50:02.516 3 CLASSPNP.SYS[807128b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86309b98]
00:50:04.228 AVAST engine scan C:\Windows
00:50:08.888 AVAST engine scan C:\Windows\system32
00:52:44.159 AVAST engine scan C:\Windows\system32\drivers
00:52:59.064 AVAST engine scan C:\Users\Chris
01:21:43.399 AVAST engine scan C:\ProgramData
01:30:19.235 Scan finished successfully
01:31:01.958 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
01:31:01.968 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-29 21:07:23
-----------------------------
21:07:23.340 OS Version: Windows 6.0.6002 Service Pack 2
21:07:23.341 Number of processors: 2 586 0x170A
21:07:23.342 ComputerName: CHRIS-PC UserName: Chris
21:07:24.850 Initialize success
21:07:31.403 AVAST engine defs: 11122901
21:07:37.409 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:07:37.413 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 3
21:07:37.444 Disk 0 MBR read successfully
21:07:37.448 Disk 0 MBR scan
21:07:37.463 Disk 0 unknown MBR code
21:07:37.468 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294097 MB offset 63
21:07:37.502 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11144 MB offset 602312704
21:07:37.520 Disk 0 scanning sectors +625135616
21:07:37.585 Disk 0 scanning C:\Windows\system32\drivers
21:07:48.224 Service scanning
21:07:50.221 Modules scanning
21:07:56.589 Disk 0 trace - called modules:
21:07:56.622 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
21:07:56.631 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861eeac8]
21:07:56.645 3 CLASSPNP.SYS[805db8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84d268d8]
21:07:57.952 AVAST engine scan C:\Windows
21:08:02.091 AVAST engine scan C:\Windows\system32
21:10:29.320 AVAST engine scan C:\Windows\system32\drivers
21:10:42.824 AVAST engine scan C:\Users\Chris
21:12:31.437 File: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\548df0d8-1e84f392 **INFECTED** Win32:FakeAV-CTA [Trj]
21:12:38.680 File: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\141fa5ad-403606fd **INFECTED** Win32:MalOb-GR [Cryp]
21:38:16.218 AVAST engine scan C:\ProgramData
21:44:01.502 Scan finished successfully
21:45:08.835 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
21:45:08.844 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

Attached Files

•  MBR.zip   546bytes   128 downloads

[maliprog]

Hi y2kfroguy,

OK. I think we found source of reinfection. Let's try to remove it now for good. After AVAST boot scan I just need to know if it found and remove all foundings.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :processes
  killallprocesses
  
  :OTL
  
  :Files
  C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\548df0d8-1e84f392
  C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\141fa5ad-403606fd
  
  :Commands
  [emptyjava]
  [emptyflash]
  [reboot]
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.


Step 3

• Run OTL.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 4


Please don't forget to include these items in your reply:

• OTL fix log
• New OTL scan log

It would be helpful if you could post each log in separate post

[maliprog]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.