melissa728

Things are looking good so far. I updated java as suggested. Thanks for your help!

Nothing has resurfaced since yesterday, the Malwarebytes scan this morning was clean. Fingers crossed that Combofix did the trick? Thanks so much for your advice. Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2011.12.31.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Owner :: OWNER-PC [administrator] 12/31/2011 8:38:04 AM mbam-log-2011-12-31 (08-38-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 170550 Time elapsed: 8 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

ComboFix log: ComboFix 11-12-30.01 - Owner 12/30/2011 16:09:23.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1976.1303 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Owner\AppData\Local\dplayx.dll c:\users\Owner\AppData\Roaming\.# c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{0ee7986d-1ae1-49ff-a47e-ede12a1cdc41} c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{0ee7986d-1ae1-49ff-a47e-ede12a1cdc41}\chrome.manifest c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{0ee7986d-1ae1-49ff-a47e-ede12a1cdc41}\chrome\xulcache.jar c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{0ee7986d-1ae1-49ff-a47e-ede12a1cdc41}\defaults\preferences\xulcache.js c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{0ee7986d-1ae1-49ff-a47e-ede12a1cdc41}\install.rdf c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{739e5045-3e93-44f7-95bf-81a18c6f6715} c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{739e5045-3e93-44f7-95bf-81a18c6f6715}\chrome.manifest c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{739e5045-3e93-44f7-95bf-81a18c6f6715}\chrome\xulcache.jar c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{739e5045-3e93-44f7-95bf-81a18c6f6715}\defaults\preferences\xulcache.js c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{739e5045-3e93-44f7-95bf-81a18c6f6715}\install.rdf c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{d25b6369-9c10-4b75-b820-d5f1a6a17408} c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{d25b6369-9c10-4b75-b820-d5f1a6a17408}\chrome.manifest c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{d25b6369-9c10-4b75-b820-d5f1a6a17408}\chrome\xulcache.jar c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{d25b6369-9c10-4b75-b820-d5f1a6a17408}\defaults\preferences\xulcache.js c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{d25b6369-9c10-4b75-b820-d5f1a6a17408}\install.rdf c:\users\Owner\Documents\~WRL0066.tmp c:\users\Owner\Documents\~WRL2427.tmp c:\users\Owner\Documents\~WRL2953.tmp c:\users\Owner\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 ))))))))))))))))))))))))))))))) . . 2011-12-30 21:22 . 2011-12-30 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-30 13:04 . 2011-12-30 13:04 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FC0D351-C6F6-4E5B-A739-E86695FB0BE0}\offreg.dll 2011-12-30 06:31 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FC0D351-C6F6-4E5B-A739-E86695FB0BE0}\mpengine.dll 2011-12-30 05:03 . 2011-12-30 05:06 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2011-12-30 03:45 . 2011-12-30 03:45 -------- d-----w- C:\_OTL 2011-12-27 14:46 . 2011-12-27 14:46 -------- d-----r- c:\users\Owner\AppData\Local\MicrosoftNT 2011-12-23 04:01 . 2011-12-27 13:39 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps 2011-12-20 18:39 . 2011-12-28 13:50 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-12-20 18:39 . 2011-12-20 18:39 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-12-20 18:38 . 2011-12-20 18:59 -------- d-----w- c:\programdata\Hitman Pro 2011-12-20 18:29 . 2011-12-23 22:49 -------- d-----w- c:\users\Owner\AppData\Local\NPE 2011-12-20 18:29 . 2011-12-20 18:30 -------- d-----w- c:\programdata\Norton 2011-12-15 12:17 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-12-15 12:17 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-12-15 12:17 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-12-15 12:17 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll 2011-12-15 12:17 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-12-15 12:17 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-15 12:17 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll 2011-12-13 12:26 . 2011-12-13 12:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 04:39 . 2011-05-17 15:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-06-17 16:40 . 2011-06-17 16:40 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-05-15 00:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-21 68856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040] "RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456] "Skytel"="Skytel.exe" [2007-11-21 1826816] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-17 30192] "Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568] "Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-07-31 1626112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 135664] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-06-17 30192] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 135664] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880] S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 90585919 *Deregistered* - 90585919 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 16:55] . 2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 16:55] . 2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000Core.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 02:47] . 2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000UA.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 02:47] . 2011-12-23 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job - c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2011-12-20 18:32] . 2011-12-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-22 18:32] . 2011-12-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-22 18:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.mail.com/ mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_5735 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.mail.com/ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-30 16:22 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2011-12-30 16:27:59 ComboFix-quarantined-files.txt 2011-12-30 21:27 . Pre-Run: 15,700,066,304 bytes free Post-Run: 17,797,734,400 bytes free . - - End Of File - - 56820C1FA8EB93EB7CB68985E3A5ABCB

Ran TDSSKiller log: 11:08:01.0546 5884 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16 11:08:02.0485 5884 ============================================================ 11:08:02.0486 5884 Current date / time: 2011/12/30 11:08:02.0485 11:08:02.0486 5884 SystemInfo: 11:08:02.0486 5884 11:08:02.0486 5884 OS Version: 6.0.6002 ServicePack: 2.0 11:08:02.0486 5884 Product type: Workstation 11:08:02.0486 5884 ComputerName: OWNER-PC 11:08:02.0487 5884 UserName: Owner 11:08:02.0487 5884 Windows directory: C:\Windows 11:08:02.0487 5884 System windows directory: C:\Windows 11:08:02.0487 5884 Processor architecture: Intel x86 11:08:02.0487 5884 Number of processors: 2 11:08:02.0487 5884 Page size: 0x1000 11:08:02.0487 5884 Boot type: Normal boot 11:08:02.0487 5884 ============================================================ 11:08:04.0161 5884 Initialize success 11:08:12.0954 4804 ============================================================ 11:08:12.0954 4804 Scan started 11:08:12.0954 4804 Mode: Manual; SigCheck; TDLFS; 11:08:12.0954 4804 ============================================================ 11:08:15.0082 4804 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 11:08:15.0396 4804 ACPI - ok 11:08:15.0676 4804 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 11:08:15.0825 4804 adp94xx - ok 11:08:15.0918 4804 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 11:08:16.0053 4804 adpahci - ok 11:08:16.0129 4804 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 11:08:16.0266 4804 adpu160m - ok 11:08:16.0319 4804 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 11:08:16.0426 4804 adpu320 - ok 11:08:16.0486 4804 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 11:08:16.0808 4804 AFD - ok 11:08:16.0948 4804 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys 11:08:17.0299 4804 AgereSoftModem - ok 11:08:17.0320 4804 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 11:08:17.0402 4804 agp440 - ok 11:08:17.0433 4804 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 11:08:17.0530 4804 aic78xx - ok 11:08:17.0578 4804 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 11:08:17.0698 4804 aliide - ok 11:08:17.0747 4804 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 11:08:17.0814 4804 amdagp - ok 11:08:17.0838 4804 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 11:08:17.0932 4804 amdide - ok 11:08:17.0964 4804 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 11:08:18.0199 4804 AmdK7 - ok 11:08:18.0225 4804 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 11:08:18.0341 4804 AmdK8 - ok 11:08:18.0383 4804 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 11:08:18.0478 4804 arc - ok 11:08:18.0514 4804 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 11:08:18.0611 4804 arcsas - ok 11:08:18.0680 4804 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 11:08:18.0827 4804 AsyncMac - ok 11:08:18.0875 4804 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 11:08:18.0960 4804 atapi - ok 11:08:19.0032 4804 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys 11:08:19.0319 4804 athr - ok 11:08:19.0364 4804 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys 11:08:19.0484 4804 b57nd60x - ok 11:08:19.0522 4804 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 11:08:19.0662 4804 Beep - ok 11:08:19.0723 4804 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 11:08:19.0883 4804 blbdrive - ok 11:08:19.0925 4804 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 11:08:20.0052 4804 bowser - ok 11:08:20.0084 4804 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 11:08:20.0282 4804 BrFiltLo - ok 11:08:20.0305 4804 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 11:08:20.0434 4804 BrFiltUp - ok 11:08:20.0474 4804 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 11:08:20.0778 4804 Brserid - ok 11:08:20.0818 4804 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 11:08:21.0013 4804 BrSerWdm - ok 11:08:21.0045 4804 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 11:08:21.0207 4804 BrUsbMdm - ok 11:08:21.0221 4804 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 11:08:21.0388 4804 BrUsbSer - ok 11:08:21.0419 4804 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 11:08:21.0592 4804 BTHMODEM - ok 11:08:21.0637 4804 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 11:08:21.0702 4804 cdfs - ok 11:08:21.0760 4804 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 11:08:21.0889 4804 cdrom - ok 11:08:21.0939 4804 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 11:08:22.0090 4804 circlass - ok 11:08:22.0165 4804 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 11:08:22.0268 4804 CLFS - ok 11:08:22.0319 4804 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 11:08:22.0420 4804 CmBatt - ok 11:08:22.0450 4804 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 11:08:22.0536 4804 cmdide - ok 11:08:22.0551 4804 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 11:08:22.0612 4804 Compbatt - ok 11:08:22.0639 4804 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 11:08:22.0701 4804 crcdisk - ok 11:08:22.0740 4804 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 11:08:22.0841 4804 Crusoe - ok 11:08:22.0973 4804 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 11:08:23.0145 4804 DfsC - ok 11:08:23.0225 4804 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 11:08:23.0332 4804 disk - ok 11:08:23.0438 4804 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys 11:08:23.0602 4804 DKbFltr - ok 11:08:23.0754 4804 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 11:08:23.0913 4804 drmkaud - ok 11:08:23.0960 4804 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 11:08:24.0040 4804 DXGKrnl - ok 11:08:24.0073 4804 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 11:08:24.0211 4804 E1G60 - ok 11:08:24.0288 4804 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 11:08:24.0405 4804 Ecache - ok 11:08:24.0532 4804 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 11:08:24.0670 4804 elxstor - ok 11:08:24.0847 4804 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 11:08:24.0984 4804 ErrDev - ok 11:08:25.0078 4804 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 11:08:25.0245 4804 exfat - ok 11:08:25.0306 4804 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 11:08:25.0426 4804 fastfat - ok 11:08:25.0492 4804 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 11:08:25.0615 4804 fdc - ok 11:08:25.0739 4804 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 11:08:25.0837 4804 FileInfo - ok 11:08:25.0882 4804 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 11:08:26.0012 4804 Filetrace - ok 11:08:26.0164 4804 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 11:08:26.0280 4804 flpydisk - ok 11:08:26.0744 4804 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 11:08:26.0820 4804 FltMgr - ok 11:08:26.0963 4804 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 11:08:27.0063 4804 Fs_Rec - ok 11:08:27.0105 4804 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 11:08:27.0172 4804 gagp30kx - ok 11:08:27.0269 4804 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 11:08:27.0461 4804 HdAudAddService - ok 11:08:27.0542 4804 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 11:08:27.0721 4804 HDAudBus - ok 11:08:27.0793 4804 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 11:08:27.0966 4804 HidBth - ok 11:08:28.0090 4804 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 11:08:28.0237 4804 HidIr - ok 11:08:28.0313 4804 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 11:08:28.0454 4804 HidUsb - ok 11:08:28.0487 4804 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 11:08:28.0590 4804 HpCISSs - ok 11:08:28.0635 4804 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 11:08:28.0782 4804 HSFHWAZL - ok 11:08:28.0847 4804 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 11:08:29.0124 4804 HSF_DPV - ok 11:08:29.0179 4804 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 11:08:29.0383 4804 HTTP - ok 11:08:29.0441 4804 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 11:08:29.0529 4804 i2omp - ok 11:08:29.0574 4804 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 11:08:29.0704 4804 i8042prt - ok 11:08:29.0752 4804 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 11:08:29.0882 4804 iaStorV - ok 11:08:30.0279 4804 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys 11:08:30.0953 4804 igfx - ok 11:08:31.0080 4804 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 11:08:31.0169 4804 iirsp - ok 11:08:31.0213 4804 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys 11:08:31.0323 4804 int15 - ok 11:08:31.0417 4804 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys 11:08:31.0653 4804 IntcAzAudAddService - ok 11:08:31.0690 4804 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 11:08:31.0778 4804 intelide - ok 11:08:31.0811 4804 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 11:08:31.0902 4804 intelppm - ok 11:08:31.0939 4804 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:08:32.0086 4804 IpFilterDriver - ok 11:08:32.0105 4804 IpInIp - ok 11:08:32.0144 4804 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 11:08:32.0255 4804 IPMIDRV - ok 11:08:32.0285 4804 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 11:08:32.0393 4804 IPNAT - ok 11:08:32.0421 4804 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys 11:08:32.0577 4804 irda - ok 11:08:32.0615 4804 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 11:08:32.0711 4804 IRENUM - ok 11:08:32.0752 4804 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 11:08:32.0818 4804 isapnp - ok 11:08:32.0866 4804 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 11:08:32.0905 4804 iScsiPrt - ok 11:08:32.0942 4804 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 11:08:33.0032 4804 iteatapi - ok 11:08:33.0070 4804 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 11:08:33.0158 4804 iteraid - ok 11:08:33.0182 4804 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 11:08:33.0290 4804 kbdclass - ok 11:08:33.0322 4804 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 11:08:33.0422 4804 kbdhid - ok 11:08:33.0481 4804 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 11:08:33.0605 4804 KSecDD - ok 11:08:33.0653 4804 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 11:08:33.0760 4804 lltdio - ok 11:08:33.0821 4804 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 11:08:33.0931 4804 LSI_FC - ok 11:08:33.0965 4804 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 11:08:34.0090 4804 LSI_SAS - ok 11:08:34.0128 4804 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 11:08:34.0225 4804 LSI_SCSI - ok 11:08:34.0257 4804 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 11:08:34.0340 4804 luafv - ok 11:08:34.0379 4804 MBAMSwissArmy - ok 11:08:34.0475 4804 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 11:08:34.0565 4804 megasas - ok 11:08:34.0601 4804 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 11:08:34.0770 4804 MegaSR - ok 11:08:34.0817 4804 mfeavfk (c97cbfd71c1c215150a3b3e55f77a7a3) C:\Windows\system32\drivers\mfeavfk.sys 11:08:34.0844 4804 mfeavfk - ok 11:08:34.0878 4804 mfebopk (5447338b83a1a2354fb2fea7604387fd) C:\Windows\system32\drivers\mfebopk.sys 11:08:34.0903 4804 mfebopk - ok 11:08:34.0944 4804 mfehidk (6c9a6ed60b8fc3baf72fe1b1d096445b) C:\Windows\system32\drivers\mfehidk.sys 11:08:34.0974 4804 mfehidk - ok 11:08:35.0009 4804 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\Windows\system32\drivers\mferkdk.sys 11:08:35.0035 4804 mferkdk - ok 11:08:35.0067 4804 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys 11:08:35.0094 4804 mfesmfk - ok 11:08:35.0131 4804 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 11:08:35.0209 4804 Modem - ok 11:08:35.0247 4804 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 11:08:35.0324 4804 monitor - ok 11:08:35.0365 4804 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 11:08:35.0458 4804 mouclass - ok 11:08:35.0483 4804 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 11:08:35.0587 4804 mouhid - ok 11:08:35.0620 4804 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 11:08:35.0706 4804 MountMgr - ok 11:08:35.0759 4804 MPFP (96cf5286bc370b558735a7b891232d92) C:\Windows\system32\Drivers\Mpfp.sys 11:08:35.0788 4804 MPFP - ok 11:08:35.0827 4804 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 11:08:35.0921 4804 mpio - ok 11:08:35.0952 4804 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 11:08:36.0090 4804 mpsdrv - ok 11:08:36.0131 4804 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 11:08:36.0220 4804 Mraid35x - ok 11:08:36.0286 4804 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 11:08:36.0480 4804 MRxDAV - ok 11:08:36.0530 4804 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:08:36.0646 4804 mrxsmb - ok 11:08:36.0702 4804 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:08:36.0817 4804 mrxsmb10 - ok 11:08:36.0835 4804 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:08:36.0961 4804 mrxsmb20 - ok 11:08:37.0017 4804 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 11:08:37.0106 4804 msahci - ok 11:08:37.0151 4804 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 11:08:37.0276 4804 msdsm - ok 11:08:37.0312 4804 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 11:08:37.0429 4804 Msfs - ok 11:08:37.0456 4804 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 11:08:37.0519 4804 msisadrv - ok 11:08:37.0574 4804 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 11:08:37.0679 4804 MSKSSRV - ok 11:08:37.0712 4804 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 11:08:37.0837 4804 MSPCLOCK - ok 11:08:37.0870 4804 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 11:08:37.0960 4804 MSPQM - ok 11:08:38.0019 4804 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 11:08:38.0084 4804 MsRPC - ok 11:08:38.0118 4804 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 11:08:38.0162 4804 mssmbios - ok 11:08:38.0266 4804 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 11:08:38.0372 4804 MSTEE - ok 11:08:38.0408 4804 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 11:08:38.0472 4804 Mup - ok 11:08:38.0543 4804 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 11:08:38.0658 4804 NativeWifiP - ok 11:08:38.0717 4804 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 11:08:38.0822 4804 NDIS - ok 11:08:38.0861 4804 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 11:08:38.0955 4804 NdisTapi - ok 11:08:38.0991 4804 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 11:08:39.0098 4804 Ndisuio - ok 11:08:39.0153 4804 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 11:08:39.0300 4804 NdisWan - ok 11:08:39.0332 4804 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 11:08:39.0425 4804 NDProxy - ok 11:08:39.0455 4804 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 11:08:39.0545 4804 NetBIOS - ok 11:08:39.0602 4804 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 11:08:39.0764 4804 netbt - ok 11:08:39.0853 4804 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 11:08:39.0949 4804 nfrd960 - ok 11:08:40.0026 4804 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 11:08:40.0122 4804 Npfs - ok 11:08:40.0154 4804 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys 11:08:40.0292 4804 NSCIRDA - ok 11:08:40.0322 4804 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 11:08:40.0444 4804 nsiproxy - ok 11:08:40.0533 4804 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 11:08:40.0744 4804 Ntfs - ok 11:08:40.0832 4804 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys 11:08:40.0933 4804 NTIDrvr - ok 11:08:40.0983 4804 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 11:08:41.0179 4804 ntrigdigi - ok 11:08:41.0231 4804 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys 11:08:41.0326 4804 NuidFltr - ok 11:08:41.0368 4804 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 11:08:41.0492 4804 Null - ok 11:08:41.0621 4804 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 11:08:41.0738 4804 nvraid - ok 11:08:41.0783 4804 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 11:08:41.0887 4804 nvstor - ok 11:08:41.0920 4804 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 11:08:42.0000 4804 nv_agp - ok 11:08:42.0019 4804 NwlnkFlt - ok 11:08:42.0049 4804 NwlnkFwd - ok 11:08:42.0097 4804 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys 11:08:42.0201 4804 ohci1394 - ok 11:08:42.0259 4804 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 11:08:42.0435 4804 Parport - ok 11:08:42.0476 4804 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 11:08:42.0587 4804 partmgr - ok 11:08:42.0630 4804 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 11:08:42.0754 4804 Parvdm - ok 11:08:42.0816 4804 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 11:08:42.0920 4804 pci - ok 11:08:42.0955 4804 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 11:08:43.0041 4804 pciide - ok 11:08:43.0083 4804 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys 11:08:43.0157 4804 pcmcia - ok 11:08:43.0232 4804 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 11:08:43.0472 4804 PEAUTH - ok 11:08:43.0589 4804 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 11:08:43.0722 4804 PptpMiniport - ok 11:08:43.0768 4804 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 11:08:43.0865 4804 Processor - ok 11:08:43.0938 4804 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 11:08:44.0057 4804 PSched - ok 11:08:44.0112 4804 PSDFilter (1dcbb35090cc4b2bd3d661e6089523c6) C:\Windows\system32\DRIVERS\psdfilter.sys 11:08:44.0170 4804 PSDFilter - ok 11:08:44.0201 4804 PSDNServ (e26e46d619469964ac3609620f443867) C:\Windows\system32\DRIVERS\PSDNServ.sys 11:08:44.0257 4804 PSDNServ - ok 11:08:44.0288 4804 psdvdisk (3e1d134af2806867d06047c4cc33cc65) C:\Windows\system32\DRIVERS\PSDVdisk.sys 11:08:44.0358 4804 psdvdisk - ok 11:08:44.0439 4804 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 11:08:44.0645 4804 ql2300 - ok 11:08:44.0684 4804 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 11:08:44.0802 4804 ql40xx - ok 11:08:44.0849 4804 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 11:08:45.0024 4804 QWAVEdrv - ok 11:08:45.0075 4804 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 11:08:45.0219 4804 RasAcd - ok 11:08:45.0291 4804 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:08:45.0416 4804 Rasl2tp - ok 11:08:45.0516 4804 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 11:08:45.0649 4804 RasPppoe - ok 11:08:45.0697 4804 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 11:08:45.0792 4804 RasSstp - ok 11:08:45.0850 4804 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 11:08:45.0991 4804 rdbss - ok 11:08:46.0060 4804 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:08:46.0173 4804 RDPCDD - ok 11:08:46.0257 4804 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 11:08:46.0377 4804 rdpdr - ok 11:08:46.0397 4804 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 11:08:46.0494 4804 RDPENCDD - ok 11:08:46.0541 4804 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 11:08:46.0701 4804 RDPWD - ok 11:08:46.0807 4804 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 11:08:46.0898 4804 rspndr - ok 11:08:46.0950 4804 RTSTOR (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS 11:08:47.0075 4804 RTSTOR - ok 11:08:47.0122 4804 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 11:08:47.0212 4804 sbp2port - ok 11:08:47.0277 4804 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 11:08:47.0443 4804 sdbus - ok 11:08:47.0507 4804 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 11:08:47.0679 4804 secdrv - ok 11:08:47.0735 4804 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 11:08:47.0913 4804 Serenum - ok 11:08:47.0951 4804 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 11:08:48.0119 4804 Serial - ok 11:08:48.0155 4804 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 11:08:48.0279 4804 sermouse - ok 11:08:48.0425 4804 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 11:08:48.0503 4804 sffdisk - ok 11:08:48.0529 4804 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 11:08:48.0636 4804 sffp_mmc - ok 11:08:48.0682 4804 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 11:08:48.0789 4804 sffp_sd - ok 11:08:48.0826 4804 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 11:08:49.0008 4804 sfloppy - ok 11:08:49.0108 4804 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 11:08:49.0198 4804 sisagp - ok 11:08:49.0235 4804 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 11:08:49.0353 4804 SiSRaid2 - ok 11:08:49.0383 4804 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 11:08:49.0498 4804 SiSRaid4 - ok 11:08:49.0586 4804 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 11:08:49.0724 4804 Smb - ok 11:08:49.0825 4804 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 11:08:49.0919 4804 spldr - ok 11:08:49.0983 4804 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 11:08:50.0168 4804 srv - ok 11:08:50.0221 4804 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 11:08:50.0392 4804 srv2 - ok 11:08:50.0438 4804 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 11:08:50.0545 4804 srvnet - ok 11:08:50.0648 4804 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 11:08:50.0711 4804 swenum - ok 11:08:50.0776 4804 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 11:08:50.0866 4804 Symc8xx - ok 11:08:50.0900 4804 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 11:08:50.0989 4804 Sym_hi - ok 11:08:51.0025 4804 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 11:08:51.0114 4804 Sym_u3 - ok 11:08:51.0167 4804 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys 11:08:51.0236 4804 SynTP - ok 11:08:51.0363 4804 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 11:08:51.0559 4804 Tcpip - ok 11:08:51.0623 4804 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 11:08:51.0721 4804 Tcpip6 - ok 11:08:51.0789 4804 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 11:08:51.0941 4804 tcpipreg - ok 11:08:51.0983 4804 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 11:08:52.0105 4804 TDPIPE - ok 11:08:52.0139 4804 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 11:08:52.0253 4804 TDTCP - ok 11:08:52.0318 4804 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 11:08:52.0455 4804 tdx - ok 11:08:52.0511 4804 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 11:08:52.0608 4804 TermDD - ok 11:08:52.0725 4804 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys 11:08:52.0775 4804 TrueSight ( UnsignedFile.Multi.Generic ) - warning 11:08:52.0775 4804 TrueSight - detected UnsignedFile.Multi.Generic (1) 11:08:52.0844 4804 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:08:52.0980 4804 tssecsrv - ok 11:08:53.0012 4804 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 11:08:53.0156 4804 tunmp - ok 11:08:53.0208 4804 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 11:08:53.0345 4804 tunnel - ok 11:08:53.0382 4804 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 11:08:53.0455 4804 uagp35 - ok 11:08:53.0506 4804 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys 11:08:53.0570 4804 UBHelper - ok 11:08:53.0631 4804 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 11:08:53.0743 4804 udfs - ok 11:08:53.0868 4804 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 11:08:53.0934 4804 uliagpkx - ok 11:08:53.0976 4804 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 11:08:54.0088 4804 uliahci - ok 11:08:54.0123 4804 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 11:08:54.0269 4804 UlSata - ok 11:08:54.0301 4804 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 11:08:54.0398 4804 ulsata2 - ok 11:08:54.0438 4804 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 11:08:54.0537 4804 umbus - ok 11:08:54.0612 4804 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 11:08:54.0732 4804 usbaudio - ok 11:08:54.0768 4804 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 11:08:54.0879 4804 usbccgp - ok 11:08:54.0914 4804 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 11:08:55.0042 4804 usbcir - ok 11:08:55.0096 4804 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 11:08:55.0223 4804 usbehci - ok 11:08:55.0259 4804 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 11:08:55.0428 4804 usbhub - ok 11:08:55.0464 4804 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 11:08:55.0622 4804 usbohci - ok 11:08:55.0674 4804 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 11:08:55.0811 4804 usbprint - ok 11:08:55.0870 4804 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 11:08:55.0998 4804 usbscan - ok 11:08:56.0034 4804 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:08:56.0174 4804 USBSTOR - ok 11:08:56.0219 4804 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 11:08:56.0343 4804 usbuhci - ok 11:08:56.0387 4804 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 11:08:56.0578 4804 usbvideo - ok 11:08:56.0630 4804 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 11:08:56.0745 4804 vga - ok 11:08:56.0785 4804 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 11:08:56.0893 4804 VgaSave - ok 11:08:56.0937 4804 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 11:08:57.0017 4804 viaagp - ok 11:08:57.0060 4804 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 11:08:57.0160 4804 ViaC7 - ok 11:08:57.0199 4804 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 11:08:57.0306 4804 viaide - ok 11:08:57.0350 4804 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 11:08:57.0418 4804 volmgr - ok 11:08:57.0482 4804 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 11:08:57.0599 4804 volmgrx - ok 11:08:57.0681 4804 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 11:08:57.0762 4804 volsnap - ok 11:08:57.0809 4804 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 11:08:57.0980 4804 vsmraid - ok 11:08:58.0115 4804 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 11:08:58.0344 4804 WacomPen - ok 11:08:58.0443 4804 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 11:08:58.0597 4804 Wanarp - ok 11:08:58.0635 4804 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 11:08:58.0691 4804 Wanarpv6 - ok 11:08:58.0748 4804 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 11:08:58.0843 4804 Wd - ok 11:08:58.0921 4804 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 11:08:59.0069 4804 Wdf01000 - ok 11:08:59.0236 4804 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 11:08:59.0447 4804 winachsf - ok 11:08:59.0657 4804 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 11:08:59.0735 4804 WmiAcpi - ok 11:08:59.0913 4804 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 11:09:00.0078 4804 WpdUsb - ok 11:09:00.0147 4804 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 11:09:00.0261 4804 ws2ifsl - ok 11:09:00.0380 4804 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:09:00.0527 4804 WUDFRd - ok 11:09:00.0631 4804 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys 11:09:00.0737 4804 yukonwlh - ok 11:09:00.0792 4804 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0 11:09:02.0638 4804 \Device\Harddisk0\DR0 - ok 11:09:02.0676 4804 Boot (0x1200) (dd7135c8c40ba84eeecd3600268e932e) \Device\Harddisk0\DR0\Partition0 11:09:02.0678 4804 \Device\Harddisk0\DR0\Partition0 - ok 11:09:02.0706 4804 Boot (0x1200) (44cc9adfe5beddbea61922cfb7321598) \Device\Harddisk0\DR0\Partition1 11:09:02.0708 4804 \Device\Harddisk0\DR0\Partition1 - ok 11:09:02.0714 4804 ============================================================ 11:09:02.0715 4804 Scan finished 11:09:02.0715 4804 ============================================================ 11:09:02.0749 4772 Detected object count: 1 11:09:02.0749 4772 Actual detected object count: 1 11:09:08.0750 4772 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user 11:09:08.0750 4772 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:09:37.0636 5088 Deinitialize success

Problem came back this afternoon while computer was idle, this time as "Vista Security 2012" would not let me open any programs except under administrator. I used Rkill then ran the OTL Fix and Rogue Killer as suggested in last post. logs are below. Is there any hope for me? OTL Log: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EarthLink Installer deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. C:\Users\Owner\AppData\Local\0cj4j72iaj0f64pcnog7780iq253whs21n4w moved successfully. C:\ProgramData\0cj4j72iaj0f64pcnog7780iq253whs21n4w moved successfully. C:\ProgramData\24n6x508x8iac5v17p5yu moved successfully. File C:\Users\Owner\AppData\Local\0cj4j72iaj0f64pcnog7780iq253whs21n4w not found. File C:\ProgramData\0cj4j72iaj0f64pcnog7780iq253whs21n4w not found. C:\Users\Owner\AppData\Local\24n6x508x8iac5v17p5yu moved successfully. File C:\ProgramData\24n6x508x8iac5v17p5yu not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 134 bytes ->Flash cache emptied: 75 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Owner ->Temp folder emptied: 502447924 bytes ->Temporary Internet Files folder emptied: 265960722 bytes ->Java cache emptied: 71289531 bytes ->FireFox cache emptied: 55792690 bytes ->Google Chrome cache emptied: 14709524 bytes ->Flash cache emptied: 3107727 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 294229 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 364810520 bytes RecycleBin emptied: 2209977 bytes Total Files Cleaned = 1,221.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12292011_224549 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\mcafee_3V9uHeAQrQOd0Oj not found! File\Folder C:\Windows\temp\mcafee_qilu1CUzKUVMweO not found! File\Folder C:\Windows\temp\mcmsc_bj6bTeqLUqpMdoL not found! File\Folder C:\Windows\temp\mcmsc_cBT76hCsfllemqZ not found! File\Folder C:\Windows\temp\mcmsc_IZahwDmJQC320Vc not found! File\Folder C:\Windows\temp\mcmsc_rCsK4wJpCN9hR64 not found! C:\Windows\temp\sqlite_BEMAoinean3lFRG moved successfully. C:\Windows\temp\sqlite_iLvEQVj29GeHAfv moved successfully. File\Folder C:\Windows\temp\WFV4411.tmp not found! Registry entries deleted on Reboot... RogueKiller Log: RogueKiller V6.2.1 [12/28/2011] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Scan -- Date : 12/30/2011 00:06:02 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 6 ¤¤¤ [sUSP PATH] winupd.job : C:\Users\Owner\AppData\Local\Temp:winupd.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ::1 localhost 127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 4e5e9a983d263312a3beae5de5a3749c [bSP] a680517eeb201dde44f5a1267eaa0e5d : MBR Code unknown Partition table: 0 - [XXXXXX] NTFS [HIDDEN!] Offset (sectors): 2048 | Size: 10485 Mo 1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 20482048 | Size: 74781 Mo 2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 166539264 | Size: 74771 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt Rkill log I ran just before OTL AND RogueKiller: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 12/29/2011 at 22:39:04. Operating System: Windows Vista Home Premium Processes terminated by Rkill or while it was running: C:\Users\Owner\AppData\Local\men.exe C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe Rkill completed on 12/29/2011 at 22:39:42.

Thanks a lot. I used unhide and my start menu is mostly restored. I scanned with OTL, the reports are attached. A Malwarebytes scan this morning returned nothing so I will see if anything pops up at night as that has been the problem, malware seemingly removed then reappearing overnight or the next day. Extras.Txt OTL.Txt

I've been battling some nasty malware that refuses to be detected/removed for about a week now. I've scanned with Malwarebytes, Hitman Pro 3.5, Norton Power Eraser, TDSS Killer, and Rkill both in normal operation and in Safe Mode everyday for the last few days. Each time I scan I find 10-20 Trojans and other malicious files which are then removed and my computer seems to work normally again, only to have the problem resurface overnight while the computer is sleeping. I keep getting the Vista Antivirus 2012 popups and warnings, and at the onset had the Google redirect problem although that has not resurfaced. Today I started getting warnings about RAM memory shortages and Hard disk errors, then everything went haywire. I lost some desktop shortcuts, all the items pinned to the top of the start menu, everything to the left of the start menu where control panel, recent items, etc. shortcuts are, as well as everything on the quick launch menu. I'd really like to restore the start menu. Below is the DDS log from today and I have the other logs from Malwarebytes and the other scanners from recent scans if they would be helpful. Thanks in advance for your help! I'd like to beat the crap out of whoever writes malware. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_22 Run by Owner at 9:46:49 on 2011-12-27 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1976.908 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\agrsmsvc.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe C:\Program Files\Acer\Empowering Technology\Service\ETService.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Windows\system32\rundll32.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\RtHDVCpl.exe C:\Windows\system32\igfxsrvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Windows\servicing\TrustedInstaller.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.mail.com/ uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_5735 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_5735 mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_5735 uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey mRun: [bkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [skytel] Skytel.exe mRun: [LManager] c:\progra~1\launch~1\LManager.exe mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe mRun: [eRecoveryService] mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [EarthLink Installer] " /C mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{2CD27639-DCA6-41FF-8BEA-DC71C2582462} : DhcpNameServer = 192.168.2.1 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\y66jd7st.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.mail.com/ FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\y66jd7st.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\y66jd7st.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\users\owner\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071505000011.dll . ============= SERVICES / DRIVERS =============== . R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-30 201320] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-30 79304] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-30 35240] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-30 40488] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-30 33832] . =============== Created Last 30 ================ . 2011-12-27 14:46:53 -------- d-----r- c:\users\owner\appdata\local\MicrosoftNT 2011-12-27 14:35:35 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c2039a05-ff2e-4346-9e1d-5221d285e1f1}\offreg.dll 2011-12-27 10:32:26 35840 --sh--w- c:\users\owner\appdata\local\dplayx.dll 2011-12-27 06:51:01 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c2039a05-ff2e-4346-9e1d-5221d285e1f1}\mpengine.dll 2011-12-23 04:01:55 -------- d-----w- c:\users\owner\appdata\local\CrashDumps 2011-12-20 18:39:19 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-12-20 18:39:13 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-12-20 18:38:11 -------- d-----w- c:\programdata\Hitman Pro 2011-12-20 18:29:44 -------- d-----w- c:\users\owner\appdata\local\NPE 2011-12-20 18:29:43 -------- d-----w- c:\programdata\Norton 2011-12-15 12:17:46 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-12-15 12:17:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-12-15 12:17:38 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-12-15 12:17:30 429056 ----a-w- c:\windows\system32\EncDec.dll 2011-12-15 12:17:27 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2011-12-15 12:17:22 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-15 12:17:08 2048 ----a-w- c:\windows\system32\tzres.dll 2011-12-13 12:26:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec 2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 9:54:16.11 ===============