# I believe I have the bot too...



## kandy123 (Aug 17, 2007)

Good evening. I have an HP pavilion dv5 laptop. It has been having problems the last few days. When it starts on a reboot it gets stuck on the initial HP logo screen before the windows screen. This happens after running scans with Maleware Antispyware and startup repair or when restarting manually. After a while of it sticking I can push the power button and it will then restart fine. I have tried running Maleware in safe mode and have the same problem. Today I recieved an email from Comcast about having a BOT. I tried all the steps they gave but the reboot problem still exists. All the scans show anywhere from 2-7 infections. I have ran the Hijack, DDS, but did not do the Gmer because I was not sure what I was running. Other than the start up issues, everything seems to running fine once I get on. I do have memory error messages at times while on the internet. (line errors). Also, forgot, when running the last startup repair, the comcast guard and features were removed. I am not sure how that happened but that is when I decided I needed to get some help before I crash or worse. Thanks much in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:55:10 PM, on 1/18/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{93EE0E1A-01FE-4CE6-8F36-35FF574A8B6A}: NameServer = 0.0.0.0
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9139 bytes

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 3/11/2011 7:40:52 PM
System Uptime: 1/18/2012 8:45:31 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1435
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | CPU | 911/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 433 GiB total, 375.771 GiB free.
D: is FIXED (NTFS) - 32 GiB total, 1.48 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2DD3B7CA&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2DD3B7CA&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP206: 1/17/2012 7:34:23 PM - Windows Update
RP207: 1/17/2012 11:19:25 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Adobe Shockwave Player 11.6
Agatha Christie - Peril at End House
Alcor Micro USB Card Reader
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
CyberLink DVD Suite
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
DVD Menu Pack for HP MediaSmart Video
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Facebook Video Calling 1.0.0.8953
Farm Frenzy
FATE
FaxRedist
Fences Pro
Final Drive Nitro
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.1.0
HiJackThis
Hoyle Board Games 5
Hoyle Card Games 5
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Photo Creations
HP Power Manager
HP Quick Launch
HP QuickWeb Installer
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
Hulu Desktop
IDT Audio
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 26
Jewel Quest Solitaire 2
LabelPrint
Lexmark Toolbar
LG United Mobile Driver
LightScribe System Software
Magical Jelly Bean KeyFinder
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyHeritage Family Tree Builder
Mystery P.I. - The London Caper
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PowerTeacher Gradebook
QuickTime
Realtek Ethernet Controller Driver
Recovery Manager
RoxioNow Player
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Times Reader
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Families
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
YouTube Downloader 3.4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
1/18/2012 8:46:45 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
1/18/2012 8:46:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/18/2012 8:46:17 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/18/2012 8:46:17 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/18/2012 8:46:13 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/18/2012 8:39:54 PM, Error: Service Control Manager [7034] - The DeviceVM Meta Data Export Service service terminated unexpectedly. It has done this 1 time(s).
1/18/2012 8:35:53 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/18/2012 8:30:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
1/18/2012 8:29:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/18/2012 8:29:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
1/18/2012 8:09:58 AM, Error: Service Control Manager [7030] - The CGPS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/18/2012 5:24:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/18/2012 4:25:55 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2012 4:25:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/18/2012 4:25:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/18/2012 4:25:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/18/2012 4:25:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/18/2012 4:25:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/18/2012 4:25:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/18/2012 4:25:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033c2a9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011812-38703-01.
1/18/2012 4:24:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 CbFs DfsC discache DVMIO eeCtrl IDSVia64 MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2012 4:06:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/18/2012 10:58:53 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 9:33:46 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 8:46:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 8:33:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 8:26:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 8:24:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007045b Error description: A system shutdown is in progress. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
1/17/2012 8:24:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 8:13:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 8:13:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
1/17/2012 8:13:02 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/17/2012 8:13:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
1/17/2012 7:15:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 7:05:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 5:30:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2585542).
1/17/2012 5:25:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 5:20:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 5:07:31 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 4:45:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 11:31:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 11:26:31 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
1/17/2012 11:25:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/17/2012 11:25:55 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/17/2012 11:14:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 10:35:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 10:31:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/17/2012 1:22:21 PM, Error: Service Control Manager [7034] - The lxcr_device service terminated unexpectedly. It has done this 1 time(s).
1/17/2012 1:07:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/16/2012 7:30:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
1/16/2012 7:19:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/16/2012 12:54:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/16/2012 12:03:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/16/2012 11:36:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/15/2012 9:13:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/15/2012 8:02:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/15/2012 4:19:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
1/15/2012 4:09:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/15/2012 11:59:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/15/2012 10:43:05 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/14/2012 7:31:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/14/2012 7:03:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/14/2012 6:52:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/14/2012 6:27:37 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/14/2012 6:02:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/14/2012 3:33:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/14/2012 2:58:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/14/2012 2:38:01 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/14/2012 12:17:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
1/14/2012 12:05:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/13/2012 9:32:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/13/2012 9:01:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/13/2012 7:08:52 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/13/2012 12:49:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
1/13/2012 12:37:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/13/2012 10:45:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/13/2012 10:10:57 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/13/2012 1:24:59 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/12/2012 8:24:59 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/12/2012 7:59:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/12/2012 7:15:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/12/2012 6:15:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/12/2012 4:31:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/12/2012 3:03:23 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
1/12/2012 2:50:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/11/2012 9:16:21 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/11/2012 3:43:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/11/2012 11:47:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/11/2012 11:32:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
1/11/2012 1:57:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514
Run by Kandy at 20:50:30 on 2012-01-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2350 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcrcoms.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Windows\system32\wbem\unsecapp.exe
-netsvcs
C:\Windows\system32\conhost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
BHO: AutorunsDisabled - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5DFFB854-6036-4926-A6BE-C4C734D85557} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5DFFB854-6036-4926-A6BE-C4C734D85557}\C414552514D20534D275962756C6563737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{93EE0E1A-01FE-4CE6-8F36-35FF574A8B6A} : NameServer = 0.0.0.0
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: AutorunsDisabled - No File
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
.
============= SERVICES / DRIVERS ===============
.
R1 CbFs;CbFs;\??\C:\Windows\system32\drivers\cbfs64.sys --> C:\Windows\system32\drivers\cbfs64.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-12-9 89600]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-9-29 338208]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-9 13336]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-9 2533400]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\lgandadb.sys --> C:\Windows\system32\Drivers\lgandadb.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
.
=============== Created Last 30 ================
.
2012-01-19 01:30:17	8602168	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18CD9ADD-7EAB-41A5-923C-FC6B0ACDB934}\mpengine.dll
2012-01-18 18:52:39	--------	d-----w-	C:\Program Files (x86)\Common Files\Symantec Shared
2012-01-18 18:37:57	--------	d-----w-	C:\N360_BACKUP
2012-01-18 18:33:22	--------	d-----w-	C:\Users\Kandy\AppData\Roaming\Tific
2012-01-18 18:33:19	--------	d-----w-	C:\Users\Kandy\AppData\Local\Symantec
2012-01-18 18:31:20	--------	d-----w-	C:\Program Files\Symantec
2012-01-18 18:30:14	--------	d-----w-	C:\Program Files (x86)\Norton Security Suite
2012-01-18 18:29:55	--------	d-----w-	C:\Program Files (x86)\NortonInstaller
2012-01-18 16:40:37	--------	d-----w-	C:\ProgramData\Norton
2012-01-18 13:10:52	--------	d-----w-	C:\Users\Kandy\AppData\Local\ID Vault
2012-01-18 13:10:52	--------	d-----w-	C:\ProgramData\IsolatedStorage
2012-01-18 13:09:47	--------	d-----w-	C:\Users\Kandy\AppData\Roaming\ID Vault
2012-01-18 13:09:06	--------	d-----w-	C:\ProgramData\GID
2012-01-18 13:09:04	--------	d-----w-	C:\Program Files (x86)\SFT
2012-01-18 13:08:40	--------	d-----w-	C:\Program Files (x86)\comcasttb
2012-01-18 13:08:27	--------	d-----w-	C:\Program Files (x86)\CA
2012-01-18 13:07:51	--------	d-----w-	C:\Program Files (x86)\xfin_portal
2012-01-18 13:07:34	--------	d-----w-	C:\Program Files (x86)\Constant Guard Protection Suite
2012-01-18 13:05:29	--------	d-----w-	C:\ProgramData\White Sky, Inc
2012-01-18 03:34:55	20480	----a-w-	C:\Windows\svchost.exe
2012-01-17 22:31:06	314880	----a-w-	C:\Windows\SysWow64\webio.dll
2012-01-17 22:31:06	224768	----a-w-	C:\Windows\SysWow64\schannel.dll
2012-01-17 22:31:05	96768	----a-w-	C:\Windows\SysWow64\sspicli.dll
2012-01-17 22:31:05	22016	----a-w-	C:\Windows\SysWow64\secur32.dll
2012-01-17 22:30:56	395776	----a-w-	C:\Windows\System32\webio.dll
2012-01-17 22:30:55	340992	----a-w-	C:\Windows\System32\schannel.dll
2012-01-17 22:30:54	95600	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2012-01-17 22:30:54	459232	----a-w-	C:\Windows\System32\drivers\cng.sys
2012-01-17 22:30:54	31232	----a-w-	C:\Windows\System32\lsass.exe
2012-01-17 22:30:54	29184	----a-w-	C:\Windows\System32\sspisrv.dll
2012-01-17 22:30:54	28160	----a-w-	C:\Windows\System32\secur32.dll
2012-01-17 22:30:54	152432	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2012-01-17 22:30:54	1447936	----a-w-	C:\Windows\System32\lsasrv.dll
2012-01-17 22:30:54	136192	----a-w-	C:\Windows\System32\sspicli.dll
2012-01-12 22:14:24	34152	----a-w-	C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-01-12 22:14:24	126312	----a-w-	C:\Windows\System32\GEARAspi64.dll
2012-01-12 22:14:24	107368	----a-w-	C:\Windows\SysWow64\GEARAspi.dll
2012-01-12 22:13:13	--------	d-----w-	C:\Program Files\iPod
2012-01-12 22:13:12	--------	d-----w-	C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-12 22:13:11	--------	d-----w-	C:\Program Files\iTunes
2012-01-12 22:13:11	--------	d-----w-	C:\Program Files (x86)\iTunes
2012-01-12 22:11:13	--------	d-----w-	C:\Program Files\Bonjour
2012-01-12 22:11:13	--------	d-----w-	C:\Program Files (x86)\Bonjour
2012-01-11 14:22:28	1572864	----a-w-	C:\Windows\System32\quartz.dll
2012-01-11 14:22:28	1328128	----a-w-	C:\Windows\SysWow64\quartz.dll
2012-01-11 14:22:27	514560	----a-w-	C:\Windows\SysWow64\qdvd.dll
2012-01-11 14:22:26	366592	----a-w-	C:\Windows\System32\qdvd.dll
2012-01-11 14:22:24	1292080	----a-w-	C:\Windows\SysWow64\ntdll.dll
2012-01-11 14:22:23	77312	----a-w-	C:\Windows\System32\packager.dll
2012-01-11 14:22:23	67072	----a-w-	C:\Windows\SysWow64\packager.dll
2012-01-11 14:22:23	1731920	----a-w-	C:\Windows\System32\ntdll.dll
2012-01-07 00:18:58	5425496	----a-w-	C:\Windows\System32\D3DX9_41.dll
2012-01-07 00:06:46	--------	d-----w-	C:\Windows\SysWow64\directx
2012-01-05 21:02:14	--------	d-----w-	C:\Users\Kandy\Davids music
.
==================== Find3M ====================
.
2011-12-26 08:41:02	414368	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 20:24:08	23152	----a-w-	C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09	3145216	----a-w-	C:\Windows\System32\win32k.sys
2011-11-05 05:41:43 1188864	----a-w-	C:\Windows\System32\wininet.dll
2011-11-05 05:32:50	2048	----a-w-	C:\Windows\System32\tzres.dll
2011-11-05 04:35:00	981504	----a-w-	C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47	1638912	----a-w-	C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51	1638912	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20	43520	----a-w-	C:\Windows\System32\csrsrv.dll
2011-06-03 20:25:52	625984	----a-w-	C:\Program Files (x86)\Common Files\ZugoInstaller.exe
2010-07-08 14:37:14	101544	----a-w-	C:\Program Files\Common Files\LinkInstaller.exe
.
============= FINISH: 20:52:36.57 ===============


----------



## kandy123 (Aug 17, 2007)

While I am waiting I thought I would update with new issues. I run scans almost all day to see if it will fix. Today I thought I would try system restore. All my restore points have been erased including the backup to 'out of the box'. Also, my firewall is disabled and when I try to turn it back on it says I am not able. Lastly for today, Microsoft Security Center has a problem and will not open. Thanks much.

Kandy


----------



## kevinf80 (Mar 21, 2006)

Download *RogueKiller* to your desktop


Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type *1* and validate by tapping *Enter*
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 
Please post the contents of the RKreport.txt in your next Reply.

Kevin


----------



## kandy123 (Aug 17, 2007)

Thanks Kevin for helping me out. I know you guys are so busy and successful.

Here is the Roguekill (If I did it correctly.)

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kandy [Admin rights]
Mode: Scan -- Date : 01/19/2012 18:39:38

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{93EE0E1A-01FE-4CE6-8F36-35FF574A8B6A} : NameServer (0.0.0.0) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{93EE0E1A-01FE-4CE6-8F36-35FF574A8B6A} : NameServer (0.0.0.0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
188.119.151.113 www.google-analytics.com.
188.119.151.113 ad-emea.doubleclick.net.
188.119.151.113 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 747bc3ebb45011c3a76199e28d617295
[BSP] 8b2e311d429bae2828f189a9e2172a71 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 208 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 409600 | Size: 465408 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 909410304 | Size: 34380 Mo
3 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 976560128 | Size: 108 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 648629dd17fd7d761d71a782ad0210ce
[BSP] 1ad9b938c8027b17d0a8efd91e65b090 : PiHar MBR Code!
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 208 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 409600 | Size: 465408 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 909410304 | Size: 34380 Mo
3 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 976560128 | Size: 108 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 648629dd17fd7d761d71a782ad0210ce
[BSP] 1ad9b938c8027b17d0a8efd91e65b090 : PiHar MBR Code!
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 208 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 409600 | Size: 465408 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 909410304 | Size: 34380 Mo
3 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 976560128 | Size: 108 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt


----------



## kevinf80 (Mar 21, 2006)

*Please read carefully and follow these steps.*

Download *TDSSKiller* and save it to your Desktop.
Doubleclick on *TDSSKiller.exe* to run the application, then on *Start Scan.*
Click on* "Change parameters"* and place a checkmark next to Verify *Driver Digital Signature* and *Detect TDLFS file system*, then click OK










If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.


----------



## kandy123 (Aug 17, 2007)

Ok. I did this and this time on the automatic reboot, the system came up on its own. Here is the log.

18:53:43.0425 6440	TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
18:53:43.0695 6440	============================================================
18:53:43.0695 6440	Current date / time: 2012/01/19 18:53:43.0695
18:53:43.0695 6440	SystemInfo:
18:53:43.0695 6440	
18:53:43.0695 6440	OS Version: 6.1.7601 ServicePack: 1.0
18:53:43.0695 6440	Product type: Workstation
18:53:43.0695 6440	ComputerName: HP
18:53:43.0695 6440	UserName: Kandy
18:53:43.0695 6440	Windows directory: C:\Windows
18:53:43.0695 6440	System windows directory: C:\Windows
18:53:43.0695 6440	Running under WOW64
18:53:43.0695 6440	Processor architecture: Intel x64
18:53:43.0695 6440	Number of processors: 4
18:53:43.0695 6440	Page size: 0x1000
18:53:43.0695 6440	Boot type: Normal boot
18:53:43.0695 6440	============================================================
18:53:44.0537 6440	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:53:44.0627 6440	Initialize success
18:54:43.0101 5564	============================================================
18:54:43.0101 5564	Scan started
18:54:43.0101 5564	Mode: Manual; SigCheck; TDLFS; 
18:54:43.0101 5564	============================================================
18:54:43.0482 5564	1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:54:43.0622 5564	1394ohci - ok
18:54:43.0682 5564	Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:54:43.0752 5564	Accelerometer - ok
18:54:43.0852 5564	ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:54:43.0912 5564	ACPI - ok
18:54:43.0952 5564	AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:54:44.0052 5564	AcpiPmi - ok
18:54:44.0182 5564	adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:54:44.0242 5564	adp94xx - ok
18:54:44.0352 5564	adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:54:44.0402 5564	adpahci - ok
18:54:44.0442 5564	adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:54:44.0482 5564	adpu320 - ok
18:54:44.0652 5564	AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:54:44.0752 5564	AFD - ok
18:54:44.0912 5564	AgereSoftModem (d7cf6568aa20a5b5cdbfecd097b615db) C:\Windows\system32\DRIVERS\agrsm64.sys
18:54:45.0022 5564	AgereSoftModem - ok
18:54:45.0132 5564	agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:54:45.0162 5564	agp440 - ok
18:54:45.0232 5564	aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:54:45.0262 5564	aliide - ok
18:54:45.0343 5564	amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:54:45.0383 5564	amdide - ok
18:54:45.0443 5564	AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:54:45.0513 5564	AmdK8 - ok
18:54:45.0633 5564	AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:54:45.0683 5564	AmdPPM - ok
18:54:45.0813 5564	amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:54:45.0843 5564	amdsata - ok
18:54:45.0893 5564	amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:54:45.0933 5564	amdsbs - ok
18:54:46.0033 5564	amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:54:46.0063 5564	amdxata - ok
18:54:46.0143 5564	AmUStor (2ebbb690068ee790c77ee4ae41ed777c) C:\Windows\system32\drivers\AmUStor.SYS
18:54:46.0213 5564	AmUStor - ok
18:54:46.0333 5564	Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys
18:54:46.0393 5564	Andbus - ok
18:54:46.0513 5564	AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys
18:54:46.0553 5564	AndDiag - ok
18:54:46.0603 5564	AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys
18:54:46.0653 5564	AndGps - ok
18:54:46.0743 5564	ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys
18:54:46.0793 5564	ANDModem - ok
18:54:46.0843 5564	androidusb (9c1751b2e733471ae07561028b7d2a9b) C:\Windows\system32\Drivers\lgandadb.sys
18:54:46.0903 5564	androidusb - ok
18:54:47.0033 5564	AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:54:47.0213 5564	AppID - ok
18:54:47.0363 5564	arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:54:47.0393 5564	arc - ok
18:54:47.0443 5564	arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:54:47.0503 5564	arcsas - ok
18:54:47.0623 5564	AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:54:47.0723 5564	AsyncMac - ok
18:54:47.0773 5564	atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:54:47.0803 5564	atapi - ok
18:54:47.0973 5564	b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:54:48.0053 5564	b06bdrv - ok
18:54:48.0163 5564	b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:54:48.0233 5564	b57nd60a - ok
18:54:48.0353 5564	Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:54:48.0473 5564	Beep - ok
18:54:48.0583 5564	blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:54:48.0643 5564	blbdrive - ok
18:54:48.0763 5564	bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:54:48.0843 5564	bowser - ok
18:54:48.0953 5564	BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:54:49.0063 5564	BrFiltLo - ok
18:54:49.0163 5564	BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:54:49.0203 5564	BrFiltUp - ok
18:54:49.0263 5564	Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:54:49.0353 5564	Brserid - ok
18:54:49.0463 5564	BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:54:49.0523 5564	BrSerWdm - ok
18:54:49.0553 5564	BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:54:49.0613 5564	BrUsbMdm - ok
18:54:49.0733 5564	BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:54:49.0773 5564	BrUsbSer - ok
18:54:49.0803 5564	BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:54:49.0863 5564	BTHMODEM - ok
18:54:50.0023 5564	CbFs (5fe05bb71c1d0878163334f5c8d99016) C:\Windows\system32\drivers\cbfs64.sys
18:54:50.0103 5564	CbFs - ok
18:54:50.0123 5564	cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:54:50.0253 5564	cdfs - ok
18:54:50.0353 5564	cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:54:50.0414 5564	cdrom - ok
18:54:50.0554 5564	circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:54:50.0624 5564	circlass - ok
18:54:50.0674 5564	CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:54:50.0724 5564	CLFS - ok
18:54:50.0884 5564	clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
18:54:50.0954 5564	clwvd - ok
18:54:51.0074 5564	CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:54:51.0114 5564	CmBatt - ok
18:54:51.0164 5564	cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:54:51.0194 5564	cmdide - ok
18:54:51.0304 5564	CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:54:51.0414 5564	CNG - ok
18:54:51.0524 5564	Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:54:51.0564 5564	Compbatt - ok
18:54:51.0614 5564	CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:54:51.0674 5564	CompositeBus - ok
18:54:51.0794 5564	crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:54:51.0824 5564	crcdisk - ok
18:54:51.0914 5564	DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:54:52.0024 5564	DfsC - ok
18:54:52.0134 5564	discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:54:52.0254 5564	discache - ok
18:54:52.0374 5564	Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:54:52.0414 5564	Disk - ok
18:54:52.0484 5564	drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:54:52.0534 5564	drmkaud - ok
18:54:52.0634 5564	DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
18:54:52.0664 5564	DVMIO - ok
18:54:52.0744 5564	DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:54:52.0834 5564	DXGKrnl - ok
18:54:53.0014 5564	ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:54:53.0174 5564	ebdrv - ok
18:54:53.0325 5564	elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:54:53.0385 5564	elxstor - ok
18:54:53.0485 5564	ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:54:53.0545 5564	ErrDev - ok
18:54:53.0695 5564	exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:54:53.0835 5564	exfat - ok
18:54:53.0865 5564	fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:54:53.0995 5564	fastfat - ok
18:54:54.0105 5564	fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:54:54.0165 5564	fdc - ok
18:54:54.0285 5564	FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:54:54.0325 5564	FileInfo - ok
18:54:54.0355 5564	Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:54:54.0525 5564	Filetrace - ok
18:54:54.0635 5564	flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:54:54.0705 5564	flpydisk - ok
18:54:54.0755 5564	FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:54:54.0855 5564	FltMgr - ok
18:54:54.0965 5564	FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:54:55.0005 5564	FsDepends - ok
18:54:55.0035 5564	Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:54:55.0065 5564	Fs_Rec - ok
18:54:55.0115 5564	fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:54:55.0165 5564	fvevol - ok
18:54:55.0275 5564	gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:54:55.0315 5564	gagp30kx - ok
18:54:55.0355 5564	GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:54:55.0386 5564	GEARAspiWDM - ok
18:54:55.0506 5564	GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\Windows\system32\drivers\GIDv2.sys
18:54:55.0556 5564	GIDv2 - ok
18:54:55.0596 5564	hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:54:55.0676 5564	hcw85cir - ok
18:54:55.0796 5564	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:54:55.0886 5564	HdAudAddService - ok
18:54:55.0916 5564	HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:54:55.0986 5564	HDAudBus - ok
18:54:56.0096 5564	HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:54:56.0126 5564	HECIx64 - ok
18:54:56.0156 5564	HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:54:56.0216 5564	HidBatt - ok
18:54:56.0336 5564	HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:54:56.0396 5564	HidBth - ok
18:54:56.0436 5564	HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:54:56.0506 5564	HidIr - ok
18:54:56.0636 5564	HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:54:56.0686 5564	HidUsb - ok
18:54:56.0896 5564	hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:54:56.0926 5564	hpdskflt - ok
18:54:56.0986 5564	HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:54:57.0026 5564	HpSAMD - ok
18:54:57.0206 5564	HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:54:57.0356 5564	HTTP - ok
18:54:57.0456 5564	hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:54:57.0486 5564	hwpolicy - ok
18:54:57.0536 5564	i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:54:57.0576 5564	i8042prt - ok
18:54:57.0686 5564	iaStor (a5f72bb0d024e7e463344105be613ae4) C:\Windows\system32\DRIVERS\iaStor.sys
18:54:57.0756 5564	iaStor - ok
18:54:57.0876 5564	iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:54:57.0936 5564	iaStorV - ok
18:54:58.0256 5564	igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:54:58.0786 5564	igfx - ok
18:54:58.0886 5564	iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:54:58.0916 5564	iirsp - ok
18:54:58.0986 5564	Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
18:54:59.0046 5564	Impcd - ok
18:54:59.0176 5564	IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:54:59.0246 5564	IntcDAud - ok
18:54:59.0286 5564	intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:54:59.0326 5564	intelide - ok
18:54:59.0436 5564	intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:54:59.0486 5564	intelppm - ok
18:54:59.0556 5564	IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:54:59.0676 5564	IpFilterDriver - ok
18:54:59.0776 5564	IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:54:59.0836 5564	IPMIDRV - ok
18:54:59.0896 5564	IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:55:00.0016 5564	IPNAT - ok
18:55:00.0186 5564	IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:55:00.0246 5564	IRENUM - ok
18:55:00.0286 5564	isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:55:00.0326 5564	isapnp - ok
18:55:00.0436 5564	iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:55:00.0496 5564	iScsiPrt - ok
18:55:00.0696 5564	kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:55:00.0726 5564	kbdclass - ok
18:55:00.0776 5564	kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:55:00.0816 5564	kbdhid - ok
18:55:00.0856 5564	KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:55:00.0906 5564	KSecDD - ok
18:55:00.0996 5564	KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:55:01.0046 5564	KSecPkg - ok
18:55:01.0106 5564	ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:55:01.0226 5564	ksthunk - ok
18:55:01.0407 5564	lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:55:01.0517 5564	lltdio - ok
18:55:01.0677 5564	LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:55:01.0707 5564	LSI_FC - ok
18:55:01.0747 5564	LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:55:01.0777 5564	LSI_SAS - ok
18:55:01.0817 5564	LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:55:01.0847 5564	LSI_SAS2 - ok
18:55:01.0967 5564	LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:55:01.0997 5564	LSI_SCSI - ok
18:55:02.0027 5564	luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:55:02.0157 5564	luafv - ok
18:55:02.0297 5564	megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:55:02.0327 5564	megasas - ok
18:55:02.0357 5564	MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:55:02.0407 5564	MegaSR - ok
18:55:02.0557 5564	Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:55:02.0687 5564	Modem - ok
18:55:02.0787 5564	monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:55:02.0857 5564	monitor - ok
18:55:02.0957 5564	mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:55:02.0997 5564	mouclass - ok
18:55:03.0047 5564	mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:55:03.0097 5564	mouhid - ok
18:55:03.0217 5564	mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:55:03.0257 5564	mountmgr - ok
18:55:03.0297 5564	MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
18:55:03.0347 5564	MpFilter - ok
18:55:03.0387 5564	mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:55:03.0427 5564	mpio - ok
18:55:03.0557 5564	MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:55:03.0587 5564	MpNWMon - ok
18:55:03.0617 5564	mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:55:03.0747 5564	mpsdrv - ok
18:55:03.0857 5564	MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:55:03.0937 5564	MRxDAV - ok
18:55:03.0977 5564	mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:55:04.0047 5564	mrxsmb - ok
18:55:04.0147 5564	mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:55:04.0197 5564	mrxsmb10 - ok
18:55:04.0237 5564	mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:55:04.0277 5564	mrxsmb20 - ok
18:55:04.0327 5564	msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:55:04.0358 5564	msahci - ok
18:55:04.0458 5564	msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:55:04.0498 5564	msdsm - ok
18:55:04.0558 5564	Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:55:04.0658 5564	Msfs - ok
18:55:04.0778 5564	mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:55:04.0888 5564	mshidkmdf - ok
18:55:04.0928 5564	msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:55:04.0968 5564	msisadrv - ok
18:55:05.0078 5564	MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:55:05.0198 5564	MSKSSRV - ok
18:55:05.0228 5564	MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:55:05.0338 5564	MSPCLOCK - ok
18:55:05.0449 5564	MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:55:05.0549 5564	MSPQM - ok
18:55:05.0619 5564	MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:55:05.0679 5564	MsRPC - ok
18:55:05.0789 5564	mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:55:05.0829 5564	mssmbios - ok
18:55:05.0869 5564	MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:55:05.0989 5564	MSTEE - ok
18:55:06.0089 5564	MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:55:06.0139 5564	MTConfig - ok
18:55:06.0169 5564	Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:55:06.0199 5564	Mup - ok
18:55:06.0249 5564	NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:55:06.0349 5564	NativeWifiP - ok
18:55:06.0479 5564	NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:55:06.0569 5564	NDIS - ok
18:55:06.0699 5564	NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:55:06.0799 5564	NdisCap - ok
18:55:06.0839 5564	NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:55:06.0949 5564	NdisTapi - ok
18:55:06.0989 5564	Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:55:07.0089 5564	Ndisuio - ok
18:55:07.0189 5564	NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:55:07.0309 5564	NdisWan - ok
18:55:07.0369 5564	NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:55:07.0479 5564	NDProxy - ok
18:55:07.0579 5564	NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:55:07.0689 5564	NetBIOS - ok
18:55:07.0729 5564	NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:55:07.0869 5564	NetBT - ok
18:55:08.0189 5564	NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
18:55:08.0559 5564	NETw5s64 - ok
18:55:08.0809 5564	netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:55:09.0089 5564	netw5v64 - ok
18:55:09.0409 5564	NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
18:55:09.0869 5564	NETwNs64 - ok
18:55:09.0979 5564	nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:55:10.0009 5564	nfrd960 - ok
18:55:10.0079 5564	NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:55:10.0109 5564	NisDrv - ok
18:55:10.0219 5564	Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:55:10.0349 5564	Npfs - ok
18:55:10.0379 5564	nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:55:10.0469 5564	nsiproxy - ok
18:55:10.0549 5564	Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:55:10.0659 5564	Ntfs - ok
18:55:10.0749 5564	Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:55:10.0869 5564	Null - ok
18:55:10.0919 5564	nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:55:10.0959 5564	nvraid - ok
18:55:11.0069 5564	nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:55:11.0129 5564	nvstor - ok
18:55:11.0179 5564	nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:55:11.0229 5564	nv_agp - ok
18:55:11.0359 5564	ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:55:11.0439 5564	ohci1394 - ok
18:55:11.0569 5564	Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:55:11.0619 5564	Parport - ok
18:55:11.0669 5564	partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:55:11.0719 5564	partmgr - ok
18:55:11.0769 5564	pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:55:11.0819 5564	pci - ok
18:55:11.0909 5564	pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:55:11.0939 5564	pciide - ok
18:55:11.0989 5564	pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:55:12.0039 5564	pcmcia - ok
18:55:12.0069 5564	pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:55:12.0099 5564	pcw - ok
18:55:12.0209 5564	PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:55:12.0349 5564	PEAUTH - ok
18:55:12.0619 5564	PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:55:12.0749 5564	PptpMiniport - ok
18:55:12.0779 5564	Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:55:12.0839 5564	Processor - ok
18:55:12.0969 5564	Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:55:13.0099 5564	Psched - ok
18:55:13.0189 5564	ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:55:13.0279 5564	ql2300 - ok
18:55:13.0369 5564	ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:55:13.0399 5564	ql40xx - ok
18:55:13.0439 5564	QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:55:13.0500 5564	QWAVEdrv - ok
18:55:13.0530 5564	RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:55:13.0630 5564	RasAcd - ok
18:55:13.0770 5564	RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:55:13.0870 5564	RasAgileVpn - ok
18:55:13.0930 5564	Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:55:14.0020 5564	Rasl2tp - ok
18:55:14.0120 5564	RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:55:14.0230 5564	RasPppoe - ok
18:55:14.0270 5564	RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:55:14.0400 5564	RasSstp - ok
18:55:14.0510 5564	rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:55:14.0650 5564	rdbss - ok
18:55:14.0690 5564	rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:55:14.0750 5564	rdpbus - ok
18:55:14.0860 5564	RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:55:14.0970 5564	RDPCDD - ok
18:55:15.0010 5564	RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:55:15.0120 5564	RDPENCDD - ok
18:55:15.0220 5564	RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:55:15.0320 5564	RDPREFMP - ok
18:55:15.0380 5564	RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:55:15.0491 5564	RDPWD - ok
18:55:15.0551 5564	rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:55:15.0601 5564	rdyboost - ok
18:55:15.0731 5564	rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:55:15.0861 5564	rspndr - ok
18:55:15.0901 5564	RTL8167 (6074829c74c5c72ab65ad2cee9c1bb47) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:55:15.0951 5564	RTL8167 - ok
18:55:16.0051 5564	SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:55:16.0081 5564	SASDIFSV - ok
18:55:16.0101 5564	SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:55:16.0131 5564	SASKUTIL - ok
18:55:16.0231 5564	sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:55:16.0271 5564	sbp2port - ok
18:55:16.0311 5564	scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:55:16.0421 5564	scfilter - ok
18:55:16.0551 5564	sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
18:55:16.0631 5564	sdbus - ok
18:55:16.0681 5564	secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:55:16.0791 5564	secdrv - ok
18:55:16.0891 5564	Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:55:16.0921 5564	Serenum - ok
18:55:16.0951 5564	Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:55:16.0991 5564	Serial - ok
18:55:17.0031 5564	sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:55:17.0081 5564	sermouse - ok
18:55:17.0211 5564	sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:55:17.0281 5564	sffdisk - ok
18:55:17.0311 5564	sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:55:17.0361 5564	sffp_mmc - ok
18:55:17.0471 5564	sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:55:17.0521 5564	sffp_sd - ok
18:55:17.0581 5564	sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:55:17.0631 5564	sfloppy - ok
18:55:17.0821 5564	SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:55:17.0861 5564	SiSRaid2 - ok
18:55:17.0891 5564	SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:55:17.0931 5564	SiSRaid4 - ok
18:55:17.0981 5564	Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:55:18.0091 5564	Smb - ok
18:55:18.0231 5564	spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:55:18.0551 5564	spldr - ok
18:55:18.0691 5564	srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:55:18.0781 5564	srv - ok
18:55:18.0911 5564 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:55:18.0991 5564	srv2 - ok
18:55:19.0101 5564	SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:55:19.0161 5564	SrvHsfHDA - ok
18:55:19.0291 5564	SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:55:19.0381 5564	SrvHsfV92 - ok
18:55:19.0511 5564	SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:55:19.0591 5564	SrvHsfWinac - ok
18:55:19.0691 5564	srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:55:19.0761 5564	srvnet - ok
18:55:19.0881 5564	stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:55:19.0921 5564	stexstor - ok
18:55:19.0981 5564	STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys
18:55:20.0071 5564	STHDA - ok
18:55:20.0221 5564	swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:55:20.0251 5564	swenum - ok
18:55:20.0341 5564	SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
18:55:20.0461 5564	SynTP - ok
18:55:20.0611 5564	Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:55:20.0761 5564	Tcpip - ok
18:55:20.0981 5564	TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:55:21.0101 5564	TCPIP6 - ok
18:55:21.0211 5564	tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:55:21.0311 5564	tcpipreg - ok
18:55:21.0361 5564	TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:55:21.0451 5564	TDPIPE - ok
18:55:21.0563 5564	TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:55:21.0643 5564	TDTCP - ok
18:55:21.0693 5564	tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:55:21.0793 5564	tdx - ok
18:55:21.0953 5564	TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:55:22.0023 5564	TermDD - ok
18:55:22.0243 5564	tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:55:22.0363 5564	tssecsrv - ok
18:55:22.0393 5564	TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:55:22.0463 5564	TsUsbFlt - ok
18:55:22.0583 5564	tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:55:22.0713 5564	tunnel - ok
18:55:22.0763 5564	uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:55:22.0813 5564	uagp35 - ok
18:55:22.0933 5564	udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:55:23.0063 5564	udfs - ok
18:55:23.0123 5564	uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:55:23.0163 5564	uliagpkx - ok
18:55:23.0283 5564	umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:55:23.0343 5564	umbus - ok
18:55:23.0393 5564	UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:55:23.0443 5564	UmPass - ok
18:55:23.0573 5564	USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:55:23.0643 5564	USBAAPL64 - ok
18:55:23.0703 5564	usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:55:23.0773 5564	usbaudio - ok
18:55:23.0883 5564	usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:55:23.0943 5564	usbccgp - ok
18:55:24.0053 5564	usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:55:24.0123 5564	usbcir - ok
18:55:24.0163 5564	usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:55:24.0223 5564	usbehci - ok
18:55:24.0323 5564	usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:55:24.0393 5564	usbhub - ok
18:55:24.0443 5564	usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:55:24.0503 5564	usbohci - ok
18:55:24.0603 5564	usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:55:24.0673 5564	usbprint - ok
18:55:24.0703 5564	usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:55:24.0753 5564	usbscan - ok
18:55:24.0853 5564	USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:55:24.0923 5564	USBSTOR - ok
18:55:24.0963 5564	usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:55:25.0003 5564	usbuhci - ok
18:55:25.0123 5564	usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:55:25.0183 5564	usbvideo - ok
18:55:25.0233 5564	vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:55:25.0263 5564	vdrvroot - ok
18:55:25.0373 5564	vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:55:25.0423 5564	vga - ok
18:55:25.0463 5564	VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:55:25.0593 5564	VgaSave - ok
18:55:25.0653 5564	vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:55:25.0713 5564	vhdmp - ok
18:55:25.0803 5564	viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:55:25.0833 5564	viaide - ok
18:55:25.0863 5564	volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:55:25.0893 5564	volmgr - ok
18:55:25.0943 5564	volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:55:25.0993 5564	volmgrx - ok
18:55:26.0083 5564	volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:55:26.0133 5564	volsnap - ok
18:55:26.0183 5564	vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:55:26.0223 5564	vsmraid - ok
18:55:26.0353 5564	vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:55:26.0413 5564	vwifibus - ok
18:55:26.0443 5564	vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:55:26.0514 5564	vwififlt - ok
18:55:26.0635 5564	vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:55:26.0685 5564	vwifimp - ok
18:55:26.0735 5564	WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:55:26.0795 5564	WacomPen - ok
18:55:26.0905 5564	WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:55:27.0025 5564	WANARP - ok
18:55:27.0025 5564	Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:55:27.0125 5564	Wanarpv6 - ok
18:55:27.0195 5564	Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:55:27.0225 5564	Wd - ok
18:55:27.0305 5564	Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:55:27.0365 5564	Wdf01000 - ok
18:55:27.0465 5564	wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\Windows\system32\DRIVERS\WDKMD.sys
18:55:27.0495 5564	wdkmd - ok
18:55:27.0546 5564	WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:55:27.0656 5564	WfpLwf - ok
18:55:27.0776 5564	WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:55:27.0806 5564	WIMMount - ok
18:55:27.0996 5564	WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:55:28.0056 5564	WinUsb - ok
18:55:28.0186 5564	WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:55:28.0236 5564	WmiAcpi - ok
18:55:28.0306 5564	ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:55:28.0416 5564	ws2ifsl - ok
18:55:28.0526 5564	WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:55:28.0646 5564	WudfPf - ok
18:55:28.0766 5564	WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:55:28.0896 5564	WUDFRd - ok
18:55:29.0026 5564	yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:55:29.0096 5564	yukonw7 - ok
18:55:29.0176 5564	MBR (0x1B8) (35a4fa451025305a24e864aaa8e364c9) \Device\Harddisk0\DR0
18:55:29.0206 5564	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:55:29.0206 5564	\Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:55:29.0236 5564	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:55:29.0236 5564	\Device\Harddisk0\DR0 - detected TDSS File System (1)
18:55:29.0266 5564	Boot (0x1200) (6cc633cacf9659960d7d291bc2e8263e) \Device\Harddisk0\DR0\Partition0
18:55:29.0276 5564	\Device\Harddisk0\DR0\Partition0 - ok
18:55:29.0286 5564	Boot (0x1200) (6c64312669ced661972b133046a294c8) \Device\Harddisk0\DR0\Partition1
18:55:29.0286 5564	\Device\Harddisk0\DR0\Partition1 - ok
18:55:29.0326 5564	Boot (0x1200) (1d96079336252f7743eed5a8b5dbbb5a) \Device\Harddisk0\DR0\Partition2
18:55:29.0326 5564	\Device\Harddisk0\DR0\Partition2 - ok
18:55:29.0346 5564	Boot (0x1200) (a41414e267ba3d1a84fde624ab339814) \Device\Harddisk0\DR0\Partition3
18:55:29.0346 5564	\Device\Harddisk0\DR0\Partition3 - ok
18:55:29.0346 5564	============================================================
18:55:29.0346 5564	Scan finished
18:55:29.0346 5564	============================================================
18:55:29.0366 6256	Detected object count: 2
18:55:29.0366 6256	Actual detected object count: 2
18:55:40.0618 6256	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:55:40.0618 6256	\Device\Harddisk0\DR0 - ok
18:55:40.0618 6256	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 
18:55:40.0618 6256	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:55:40.0618 6256	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
18:55:58.0171 6272	Deinitialize success


----------



## kevinf80 (Mar 21, 2006)

Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 *Copy and paste the entire report in your next reply.*

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


----------



## kandy123 (Aug 17, 2007)

Ok, here is this one. Thanks again.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Kandy :: HP [administrator]

1/19/2012 7:15:52 PM
mbam-log-2012-01-19 (19-15-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 194645
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\Temp\wmcexsrona.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


----------



## kevinf80 (Mar 21, 2006)

Quit all running programs and run RogueKiller once again.


For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type *2* and validate by tapping *Enter*
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 

Please post the contents of the RKreport.txt in your next Reply.

Next,

Quit all running programs and run RogueKiller once again.


For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type *3* and validate by tapping *Enter*
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 

Please post the contents of the RKreport.txt in your next Reply.

Next,

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

*Also be aware this scan can take several hours to complete depending on the size of your system.*

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

Let me see the two new logs from RogueKiller and the log from ESET in your reply, also give an update on current issues/concerns....

I`m in the UK, local time for me is 30 mins after midnight, I`m off to bed. The ESET scan will take a few hours to complete, i`ll catch up later.

We`ve made excellent progress!

Kevin


----------



## kandy123 (Aug 17, 2007)

Thank you so much. Have a peaceful sleep and I will update the files in the morning. I am in Tennessee, USA and it is 7:50 pm. I will catch up with you later in the evening tomorrow. You are so gracious to use your gifts to help others.

Thanks again. I will post in the morning.


----------



## kevinf80 (Mar 21, 2006)

OK, post the logs when you`re ready....

Kevin


----------



## kandy123 (Aug 17, 2007)

Good afternoon Kevin. Here are the logs from yesterday.
RK #2
RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kandy [Admin rights]
Mode: Remove -- Date : 01/19/2012 19:43:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{93EE0E1A-01FE-4CE6-8F36-35FF574A8B6A} : NameServer (0.0.0.0) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{93EE0E1A-01FE-4CE6-8F36-35FF574A8B6A} : NameServer (0.0.0.0) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
188.119.151.113 www.google-analytics.com.
188.119.151.113 ad-emea.doubleclick.net.
188.119.151.113 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 747bc3ebb45011c3a76199e28d617295
[BSP] 8b2e311d429bae2828f189a9e2172a71 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 208 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 409600 | Size: 465408 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 909410304 | Size: 34380 Mo
3 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 976560128 | Size: 108 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RK #3

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kandy [Admin rights]
Mode: HOSTSFix -- Date : 01/19/2012 19:44:24

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
188.119.151.113 www.google-analytics.com.
188.119.151.113 ad-emea.doubleclick.net.
188.119.151.113 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.

¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1	localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

EST scan

C:\Program Files (x86)\Common Files\ZugoInstaller.exe	multiple threats
C:\ProgramData\YouTube Downloader\ytd_installer.exe	a variant of Win32/Toolbar.Widgi application
C:\Windows\ServiceProfiles\LocalService\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\502f7dda-45a3fa46	a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows\ServiceProfiles\LocalService\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\81bedde-3a658682	a variant of Java/TrojanDownloader.Agent.NDJ trojan


----------



## kandy123 (Aug 17, 2007)

Sorry, forgot the current issues. So far it seems back to normal. Reboot is working fine. Firewall, it tries to start, asking for permission to change the pc, but then it error messages. Security center is still unable to open. I do have 2 system restore points that have came up when I deleted Java before we began all the scans. Other than that it seems normal.


----------



## kevinf80 (Mar 21, 2006)

Download *OTM by OldTimer*.
*Alternative Mirror 1*
*Alternative Mirror 2*

Save it to your desktop. 
Double click *OTM.exe* to start the tool. Vista or Windows 7 users right click and select Run as Administrator

*Copy* the text from the code box below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
C:\Program Files (x86)\Common Files\ZugoInstaller.exe
C:\ProgramData\YouTube Downloader\ytd_installer.exe
ipconfig /flushdns /c
:Commands
[EmptyTemp]
```

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Please download *Farbar Service Scanner* and run it on the computer with the issue.

[*]Make sure the following options are checked:


*Windows Firewall*
*Security Center*
Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Let me see those two logs please...

Kevin


----------



## kandy123 (Aug 17, 2007)

Ok, here are those:

OTM

All processes killed
========== FILES ==========
C:\Program Files (x86)\Common Files\ZugoInstaller.exe moved successfully.
C:\ProgramData\YouTube Downloader\ytd_installer.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kandy\Desktop\cmd.bat deleted successfully.
C:\Users\Kandy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kandy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1382879 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 1394 bytes

Total Files Cleaned = 1.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 01202012_184046

Farbar: I wasn't sure if I should uncheck the internet service, so I left it checked and checked the other two.

Farbar Service Scanner Version: 18-01-2012 01
Ran by Kandy (administrator) on 20-01-2012 at 18:46:03
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

Firewall Disabled Policy: 
==================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

Make sure to create a new restore point before doing the following:

I`ve attached a zip file, unzip it to your Desktop, nowhere else. You should then have 3 .reg files and 1 .bat file on your Desktop.

*mpssvc.reg 
bfe.reg
wscsvc.reg
start_services.bat*

Run each in turn by double clicking the file, agree any alerts and merges, after running the final .bat file re-boot and tell me what issues remain....


----------



## kandy123 (Aug 17, 2007)

I am not exactly sure how to create a restore point. Is it a system backup or restore point of drivers with protection or something else? I have Windows 7 home.


----------



## kandy123 (Aug 17, 2007)

I think I got that restore. Either way I did the zip and ran the 4 in order. I did not have any alerts or messages but I did go ahead and reboot afterwards. I am not sure how to tell if the 'bot' is still around or affecting me since the reboots were going well since the yesterday. The new things is before the last set of instructions I noticed two new files, desktop.ini on my desktop. They are transparent. I am not sure where they came from. After this reboot, I still have those two and Thumbs.db, also transparent. Not sure if those are an issue or not and whether I should delete them. The Security center came up and seems to be working but the Firewall will still not turn on. It says, "WF can't change some of your settings. Error code 0x8007042c." It also says Security center can not turn it on to do it manually.

Thanks.


----------



## kevinf80 (Mar 21, 2006)

Create a new restore point Windows 7:

1. Select > Start > Right-click on Computer and go to Properties.
2. Next click on the System Protection link in lefthand pane.
3. The System Properties dialog screen opens up and you will want to click on Create.
4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.
5. You should see the message "The restore point was created successfully.

Kevin


----------



## kandy123 (Aug 17, 2007)

Good Morning Kevin. The only other issues last night. When I plugged in an ipod touch Security center detected 2 threats with Java and removed them. I also ran a quick Maleware first and it showed clean. I then ran the EST again and it showed clean until it finished, which by then I plugged the Ipod to charge and it showed the following. Is my Ipod the infection?

C:\_OTM\MovedFiles\01202012_184046\C_Program Files (x86)\Common Files\ZugoInstaller.exe	multiple threats
C:\_OTM\MovedFiles\01202012_184046\C_ProgramData\YouTube Downloader\ytd_installer.exe	a variant of Win32/Toolbar.Widgi application


----------



## kevinf80 (Mar 21, 2006)

Hello kandy123,

Those two files you show in last reply are contaned in the _OTM\Movedfiles folder and are quite safe. Regarding Java, your version is outdated and vulnerable to or already maybe exploited. Do this:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. 
For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. 
The most current version of Sun Java is: Java Runtime Environment Version 6 Update 30.


 Go to *Sun Java*
 Select *Windows 7/XP/Vista/2000/2003/2008* If using 64 bit OS Select *Information about the 64-bit Java plug-in* and follow prompts
 Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
 Reboot your computer

In an earlier reply you mentioned that security center needed to be turned on, if that is still the case, do this:

Select > start > in the search box type *services.msc* agree or ok any alerts, in the new window scroll to "Security Center" that should be started and in Automatic. If not, do this:

Right click on *Security Center* and select *Properties* in the new window change the "Startup Type" to "Automatic (Delayed start)" select > apply > OK. Also click on start to start up that service.

Can you give me an update on how your system is responding, also what issues or concerns remain.

Thanks,

Kevin


----------



## kandy123 (Aug 17, 2007)

So far, everything looks good since the EST is fine. I updated with the new Java but had already uninstalled the old a few days back when the virus kept coming up. 

Security center has been up since yesterday, it is the Firewall that won't work. I followed your instructions for the security center to try and start the firewall but even in services.msc it says that it cannot open.

That is all that I see.


----------



## kevinf80 (Mar 21, 2006)

Please download *Farbar Service Scanner* and run it on the computer with the issue.

If you still have FSS.exe just re-run that, no need to d/l again.

*Make sure the following options are checked:*

*Windows Firewall*
Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Let me also know if you have any other issues or concerns...

Kevin


----------



## kandy123 (Aug 17, 2007)

Ok, Here is that log:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Kandy (administrator) on 21-01-2012 at 17:59:13
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy: 
==================


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

Open Notepad, check the Format Menu and make sure Word Wrap is NOT selected. Then copy and paste the following from inside the code box to Notepad:


```
sc config MpsSvc start= auto
sc config KeyIso start= auto
sc config BFE start= auto
sc config FwcAgent start= auto
net stop MpsSvc 
net start MpsSvc
net stop KeyIso
net start KeyIso 
net stop BFE 
net start BFE 
net stop FwcAgent 
net start FwcAgent
```
Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files.
Next navigate to your desktop, and enter the file name *fixme.bat*, and click Save.

You should now find a new file on your desktop named *fixme.bat*. Double click on *fixme.bat*. Windows 7 or Vista users right click and select "Run as Administrator" agree any alerts.

Then reboot, is Firewall active?


----------



## kandy123 (Aug 17, 2007)

No, that did not work. When I go from the Action center it says it change the settings. When I go from services.msc it says: Windows could not start Window Firewall service on the local computer. Error 1068 the dependency service or group failed to start.


----------



## kevinf80 (Mar 21, 2006)

Re-Run Farbar Service Scanner again, ensure Windows Firewall is checked, then select scan, post that log please...

Kevin


----------



## kandy123 (Aug 17, 2007)

Farbar Service Scanner Version: 18-01-2012 01
Ran by Kandy (administrator) on 21-01-2012 at 20:12:11
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy: 
==================


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

Can you go to services.msc again and check that bfe (Base Filter Engine) is running and set to "Automatic" for start up type


----------



## kandy123 (Aug 17, 2007)

It is set to automatic. On the left side payne it showed the 'start' button. I pushed it and it says it cannot be started. Acces is denied. But in the list, the information is what you asked, 'automatic.'


----------



## kevinf80 (Mar 21, 2006)

OK, do this :-

Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste *sfc /scannow *> then enter. Type exit when its finished and re-boot your PC. See if that helps.

To get report, at command promt type or copy and paste:
*findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt*


----------



## kandy123 (Aug 17, 2007)

I ran the scan and rebooted. No change to firewall. It did make my text size change to the smaller font. I tried to run the command prompt. When I typed it in the search box I got a bleep of the command prompt than it disappeared. When I typed it into the command prompt, I got nothing. The cursor just blinks.


----------



## kevinf80 (Mar 21, 2006)

I dont understand your reply, what did you type into the Search Box? To get to the command prompt with elevated permission follow instruction in reply #31...


----------



## kandy123 (Aug 17, 2007)

After I rebooted, I typed the long "findstr" in the windows search box in the start menu, right under all programs. That is when it listed the command. I then clicked it and all I got was a flicker of the command prompt box, which disappeared. Then I reread the post to see if I did something incorrect. I thought I read it wrong and I was to type the 'findstr' in the command prompt window where I had started the scan. When I reran the scan, rebooted, then typed the command in the command prompt window, I got nothing but a blinking cursor. I will retry the instructions again and see.


----------



## kevinf80 (Mar 21, 2006)

OK, try running this tool and see if it helps, make sure to only check (tick) the options I ask for:

Download Windows Repair http://majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html by Tweaking.com and unzip the contents into a newly created folder on your desktop.

Now run Repair_Windows.exe from that folder.


 Go to Start Repairs tab.
 Choose "Custom Mode" and press "Start".
 Create a System Restore point if prompted.
 In the Custom Mode window, select the following repair options:

*Repair Windows Firewall*
*Remove Policies Set By Infections*

Now click the Start button
 Be patient while the tool repairs the selected items.
 If asked to reboot the computer for the changes to take affect, make sure other tasks in the program are not still running before accepting to restart.

Let me know if that helps,

Kevin


----------



## kandy123 (Aug 17, 2007)

No sweetie, that did not work.


----------



## kevinf80 (Mar 21, 2006)

Select start > type *gpedit.msc* into the search box and tap enter or select OK. In the new window expand the following by clicking on the triangle to the left of the entry:

Computer Configuration > Windows Settings > Security Settings > Windows Firewall and Advanced Security > Finally select "Windows Firewall with Advanced Security. Look to the Righthand pane, what do you see there regarding the fire wall, Can you use the Snipping Tool from the Accessories folder and take a screen shot.


----------



## kandy123 (Aug 17, 2007)

When I type that in, it says no matches.


----------



## kandy123 (Aug 17, 2007)

I took a snapshot but how do I load it here?


----------



## kandy123 (Aug 17, 2007)

OK trying this out. Here is the screen shot when I tried the gpedit.


----------



## kevinf80 (Mar 21, 2006)

Hit the reply button under this answer, scroll down to "Manage Attachments" in the new window select "Browse" go to the snap shot, then click on upload, then at the top select close this window... then submit reply


----------



## kandy123 (Aug 17, 2007)

Kevin,
Our posts might have crossed in replying. Right now, the fixes for the Firewall have not worked and the last scan you asked for, gpedit, was not found. I do not mind waiting patiently since I believe the severity of my issues is over. It seems like all else is working fine except for the Firewall. I did want to touch basis so you will not close me out due to inactivity. I am not sure how long you guys have to close a problem. Thank you so much for all your help now and later. You are a blessing to those of us, myself especially, who do not have the knowledge or gifts that you do in pcs.


----------



## kevinf80 (Mar 21, 2006)

Hiya kandy,

I can only apologize, I did not receive any notifications after my last post so never checked the thread. OK run FSS again as follows please...

Please download *Farbar Service Scanner* and run it on the computer with the issue.

Make sure the following options are checked:

*Internet Services*
*Windows Firewall*
*Security Center*
Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Kevin


----------



## kandy123 (Aug 17, 2007)

No need to apologize. I am cool with waiting. Here is the log:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Kandy (administrator) on 24-01-2012 at 19:00:18
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy: 
==================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

Do the following:

Click Start and in "Search Box" type in:
*regedit*
Press Enter.

Registry editor will open.
Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on BFE key, click "Permissions"
Click on Add button, type Everyone and click OK.
Now click once on Everyone
Below, in "Permissions" pane checkmark "Allow" in "Full control" row.
Click "Apply" then "OK".

Close regedit and go back to your Desktop find *start_services.bat* Right click on it, click "Run As Administrator" to run the fix. Agree any alerts, then re-boot.

If you dont have that batch file go to reply #16, it will be in the attached .zip file,

Check FW status?


----------



## kandy123 (Aug 17, 2007)

Kevin

That did fix the firewall. Thanks. I also attached a photo of my desktop. Assuming that all is clear now, will you let me know what items off the desktop I can delete? I am mostly concerned about the .ini and the wheel looking icons.

Again, thanks so much for all your help.

Greatly appreciate it.

Kandy


----------



## kevinf80 (Mar 21, 2006)

Good to hear the FW is up and running, was a bit of a journey but we got there in the end.... OK do this please:

Double click *OTM.exe* to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....


*Copy* the text from the code box below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
:Commands
[ClearAllRestorePoints]
[EmptyTemp]
```

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

Save that log as the next command will remove OTM and all associate files/folders

Next,


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself. *Any tools/logs remaining on the Desktop can be deleted.*

These can be deleted or dragged to recycle bin:

*RogueKiller
RKQuarantine folder
All RKReport.txt files
Farbar System Scanner
Any .zip .reg .bat files we created*

Next,

Remove ESET online scanner:


 Click Start, type *Uninstall a Program* into the Search programs and files box, and then press ENTER.
 Click to select *ESET Online Scanner* from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall *ESETonline Scanner*, only re-boot if prompted.

Next,

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select "Run as Administartor"
 If prompted, click "Yes" to reboot.
Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

Let me see the log from OTM, tell me if the above completed OK. Let me know if the transparent files have gone from your Desktop. Let me know if you have any remaining issues or concerns...

Kevin...


----------



## kandy123 (Aug 17, 2007)

All seems good from this point. Thanks so much again for all your help. Here is the log:

All processes killed
========== FILES ==========
========== COMMANDS ==========

Restore point Set: OTM Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kandy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 2027 bytes
->Flash cache emptied: 470 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132550 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 01252012_160210


----------



## kevinf80 (Mar 21, 2006)

Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.

Here are some tips to reduce the potential for malware infection in the future:

*Make proper use of your antivirus and firewall*

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, *NEVER* turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use *WinPatrol* This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained *Here*

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by *Secunia*, available *Here* Before clicking the *Start* scan button, please check the box for the option *Enable thorough system inspection*. Just below the "Scan Options:" section, you'll see the status of what's currently processing....








...when the scan completes, the message "Detection completed successfully" will appear in the *Programs/Result* section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

*Use a safer web browser*

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

*Firefox*,

*Opera*, and

*Chrome*.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial *HERE* which will help you to make IE *MUCH* safer.

These *browser add-ons* will help to make your browser safer:

*Web of Trust* warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for *Firefox* and *Internet Explorer*.

*Green* to go, 
*Yellow* for caution, and 
*Red* to stop.

Available for *Firefox* only. *NoScript* helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at *THIS* article.

Here a couple of links by two security experts that will give some excellent tips and advice.

*So how did I get infected in the first place by Tony Klein*

*How to prevent Malware by Miekiemoes*

Finally this link *HERE* will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the Mark Solved tab at the top of the thread,

Take care,

Kevin


----------



## kandy123 (Aug 17, 2007)

You are beautiful. I was going to ask for preventive suggestions but was not sure you could offer them. I have done pretty well over the years until my kiddos started surfing the net. Then it got harder to keep the infection clean. Many thanks again. Have a wonderful night/evening.

Kandy


----------



## kevinf80 (Mar 21, 2006)

You are very welcome Kandy, know what you mean about the kids, well mine are supposed to be adults. I guess age is just a number. 
Its 2am local time for me, sleepy time me thinks,

Take care,

Kevin


----------

