Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winupd.exe virus seems to have started my problems [Solved]

Started by moordogck , Jan 19 2012 08:40 PM

  • This topic is locked This topic is locked

#1
moordogck
Posted 19 January 2012 - 08:40 PM

moordogck

    Member

  • Member
  • PipPip
  • 37 posts
Hello,

2 nights ago I was watching some videos on the internet, it asked me to download real player, (not sure if that has anything to do with it) after a few minutes I got a pop up that asked me if I wanted to let winupdt.exe run, I suspected it wasn't a good thing and X out of it, a few minutes later I got the same pop up, I minimized the window and continued watching, the next morningI noticed it was still there and annoyed by it I clicked ok, huge mistake, right after that I got a blue screen from windows that said it had to reboot, can't rememer well what it says but on the bottom there is a count down, something about windows crashing then it reboots, when it's loading windows the same thing happens all over again, I did a system restore using the last restore point from 1/1/12 I was then able to get into windows the regular way then I got a pop up from system check saying that my hard drive was managed and that I had to run a system diagnostic utility, I closed that down and restarted the computer, since then I haven't been able to get into windows the regular way, only using safe mode, if I go in the regular way it does the same thing as before, while loading it crashes and reboots.

I downloaded malaware and ran that a few times, it detected a few viruses, I removed them, a few hours after I ran that again and it detected 2 more, I removed those too, just now I ran it once again and now it detected 7, something called svchost.exe and a few others under the temp folder.

I also downloaded comodo but I haven't been able to run that one, it's asking me to install it but I try then it tells me I have to remove the comodo firewall first and I can't do any of that from safe mode, so I'm stuck, today I downloaded OTL and here is my report.

I appreciate any help.

Thank you!

OTL logfile created on: 1/19/2012 8:51:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Amy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 57.11% Memory free
7.60 Gb Paging File | 5.99 Gb Available in Paging File | 78.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 4.00 Gb Free Space | 6.83% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 185.60 Gb Free Space | 46.71% Space Free | Partition Type: NTFS

Computer Name: AMY-LAPTOP | User Name: Amy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 20:51:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
PRC - [2011/02/02 20:40:40 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
PRC - [2011/02/02 20:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/19 18:59:00 | 002,779,416 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/11/23 05:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2009/10/09 08:52:16 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/16 19:06:00 | 000,033,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/09/17 15:55:57 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/04/16 18:09:06 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/19 18:59:16 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/01 13:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/08 13:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
DRV:64bit: - [2010/03/08 13:03:54 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcUsbMdmV64.sys -- (HtcUsbMdmV64)
DRV:64bit: - [2010/01/25 18:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/10/12 07:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/07 20:37:50 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/25 19:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/09/17 15:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/16 09:47:00 | 000,267,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/17 12:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/16 23:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/16 19:06:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/25 21:35:16 | 000,431,488 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CryptOSD.sys -- (CryptOSD)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 10:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 16:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/05/20 17:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/11/02 14:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...39&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/08/20 19:54:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/08/20 19:54:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Amy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Amy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/25 00:39:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/18 17:40:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/11 22:50:46 | 000,000,000 | ---D | M]

[2010/09/07 14:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Extensions
[2012/01/18 18:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\o13ts3w2.default\extensions
[2012/01/18 18:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\o13ts3w2.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/04/15 14:01:10 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\o13ts3w2.default\extensions\[email protected]
[2011/04/15 14:01:11 | 000,001,919 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\o13ts3w2.default\searchplugins\bing-zugo.xml
[2011/11/09 16:04:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/17 14:57:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/09 16:04:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/09 21:36:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/01/09 21:36:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript File not found
O4 - Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DCE44C4-1BD9-4701-AACF-80244AF7AC53}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{06bebcbf-c73d-11df-bd2e-b8ac6f4f1d1e}\Shell - "" = AutoRun
O33 - MountPoints2\{06bebcbf-c73d-11df-bd2e-b8ac6f4f1d1e}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{2d664c33-b525-11df-bd4a-b8ac6f4f1d1e}\Shell - "" = AutoRun
O33 - MountPoints2\{2d664c33-b525-11df-bd4a-b8ac6f4f1d1e}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{b5244add-234c-11e0-9e1a-b8ac6f4f1d1e}\Shell - "" = AutoRun
O33 - MountPoints2\{b5244add-234c-11e0-9e1a-b8ac6f4f1d1e}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 20:51:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2012/01/18 23:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/18 23:30:32 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/18 23:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/18 23:25:26 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Amy\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/18 23:06:28 | 084,892,048 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2012/01/18 22:49:10 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/01/18 21:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/01/18 19:46:24 | 085,869,232 | ---- | C] (COMODO) -- C:\Users\Amy\Desktop\cispremium_installer.exe
[2012/01/18 19:40:31 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\Comodo
[2012/01/18 18:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/01/18 18:57:17 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/18 18:56:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/01/18 18:55:14 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012/01/18 16:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/01/18 16:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/01/18 16:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/01/18 16:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012/01/18 15:27:48 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/01/18 14:04:54 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Malwarebytes
[2012/01/18 14:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/18 13:12:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/18 12:35:03 | 000,000,000 | ---D | C] -- C:\DataSafeOnline
[1 C:\Program Files (x86)\Common Files\*.tmp files -> C:\Program Files (x86)\Common Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/19 20:51:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2012/01/19 20:43:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 20:43:04 | 3061,190,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/18 23:50:37 | 329,686,176 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/18 23:47:49 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/18 23:46:29 | 000,731,936 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/01/18 23:30:33 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/18 23:30:17 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Amy\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/18 23:11:45 | 084,892,048 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2012/01/18 22:52:05 | 000,099,402 | ---- | M] () -- C:\Users\Amy\AppData\Local\census.cache
[2012/01/18 22:52:02 | 000,065,446 | ---- | M] () -- C:\Users\Amy\AppData\Local\ars.cache
[2012/01/18 22:45:51 | 000,000,036 | ---- | M] () -- C:\Users\Amy\AppData\Local\housecall.guid.cache
[2012/01/18 19:48:07 | 085,869,232 | ---- | M] (COMODO) -- C:\Users\Amy\Desktop\cispremium_installer.exe
[2012/01/18 19:00:49 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 19:00:49 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 18:57:38 | 000,000,400 | ---- | M] () -- C:\ProgramData\yYHT7FtHFlbus6
[2012/01/18 18:57:19 | 000,000,176 | ---- | M] () -- C:\ProgramData\~yYHT7FtHFlbus6r
[2012/01/18 18:57:18 | 000,000,679 | ---- | M] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/18 18:57:18 | 000,000,655 | ---- | M] () -- C:\Users\Amy\Desktop\System Check.lnk
[2012/01/18 18:53:54 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/18 18:36:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/18 18:06:17 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-523418443-3151567346-3494081869-1000UA.job
[2012/01/18 16:44:46 | 000,001,071 | ---- | M] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/01/18 15:23:47 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/18 14:28:56 | 000,000,512 | ---- | M] () -- C:\Users\Amy\Desktop\MBR.dat
[2012/01/13 20:09:14 | 000,000,182 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\wklnhst.dat
[2012/01/01 20:06:46 | 000,738,704 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/01 20:06:46 | 000,632,636 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/01 20:06:46 | 000,110,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/01 13:41:33 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-523418443-3151567346-3494081869-1000Core.job
[1 C:\Program Files (x86)\Common Files\*.tmp files -> C:\Program Files (x86)\Common Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/18 23:50:37 | 329,686,176 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/18 23:30:33 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/18 22:52:05 | 000,099,402 | ---- | C] () -- C:\Users\Amy\AppData\Local\census.cache
[2012/01/18 22:52:02 | 000,065,446 | ---- | C] () -- C:\Users\Amy\AppData\Local\ars.cache
[2012/01/18 22:45:51 | 000,000,036 | ---- | C] () -- C:\Users\Amy\AppData\Local\housecall.guid.cache
[2012/01/18 18:57:19 | 000,000,176 | ---- | C] () -- C:\ProgramData\~yYHT7FtHFlbus6r
[2012/01/18 18:57:18 | 000,000,679 | ---- | C] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/18 18:57:18 | 000,000,655 | ---- | C] () -- C:\Users\Amy\Desktop\System Check.lnk
[2012/01/18 18:57:13 | 000,000,400 | ---- | C] () -- C:\ProgramData\yYHT7FtHFlbus6
[2012/01/18 16:47:16 | 000,731,936 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/01/18 16:44:46 | 000,001,071 | ---- | C] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/01/18 14:28:56 | 000,000,512 | ---- | C] () -- C:\Users\Amy\Desktop\MBR.dat
[2011/04/15 14:01:14 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/01/11 18:50:53 | 000,000,182 | ---- | C] () -- C:\Users\Amy\AppData\Roaming\wklnhst.dat
[2010/08/13 14:29:35 | 000,006,144 | ---- | C] () -- C:\Users\Amy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 23:04:26 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/06/01 20:46:02 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/06/01 10:16:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/31 15:43:43 | 000,076,800 | ---- | C] () -- C:\Windows\SysWow64\spekekit_bak.dll
[2010/02/15 09:50:25 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/02/15 09:50:25 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/02/15 08:29:20 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/10/07 20:34:52 | 000,874,032 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2009/10/07 20:34:52 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/10/07 20:34:52 | 000,049,712 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/10/07 19:36:18 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/10/07 19:36:18 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/05/31 17:08:33 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\111 Pix Ltd
[2010/08/31 12:48:16 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Blackberry Desktop
[2011/11/29 20:12:05 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Canon
[2012/01/18 18:19:59 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\PCDr
[2011/04/15 14:17:05 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\PhotoScape
[2010/08/31 12:45:40 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Research In Motion
[2011/12/23 21:36:36 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Smilebox
[2010/08/26 12:38:25 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Softplicity
[2011/12/29 16:04:17 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Spotify
[2011/01/11 18:51:01 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Template
[2010/05/31 17:29:50 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\WildTangent
[2012/01/18 15:23:47 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/01/03 12:58:47 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/18 18:53:54 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 1/19/2012 8:51:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Amy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 57.11% Memory free
7.60 Gb Paging File | 5.99 Gb Available in Paging File | 78.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 4.00 Gb Free Space | 6.83% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 185.60 Gb Free Space | 46.71% Space Free | Partition Type: NTFS

Computer Name: AMY-LAPTOP | User Name: Amy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java™ 6 Update 16 (64-bit)
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82ED9FB2-55AF-4A61-A6F3-506CEE112779}" = Motorola Mobile Drivers Installation 4.7.1
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Dell Support Center" = Dell Support Center
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 24
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8865B208-4759-4308-8DB5-3C18D2F568E2}" = CrazyTalk for Skype
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Complete Care Consumer Service Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"COMODO GeekBuddy" = COMODO GeekBuddy
"Dell Webcam Central" = Dell Webcam Central
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"FoxTab PDF Converter" = FoxTab PDF Converter
"GoToAssist" = GoToAssist Corporate
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HTC_WModemDriver" = WModem Driver Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Search Toolbar" = Search Toolbar
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Smilebox" = Smilebox
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/25/2011 1:46:45 PM | Computer Name = Amy-Laptop | Source = PC-Doctor | ID = 1
Description = (8908) Asapi: (13:46:45:4010)(8908) libMatrix.profiler.ProfilerSnapshots
- Error -- 446 getDirectoryContents(C:\ProgramData\PCDr\5830/hardware) failed

Error - 6/25/2011 1:46:45 PM | Computer Name = Amy-Laptop | Source = PC-Doctor | ID = 1
Description = (8908) Asapi: (13:46:45:4530)(8908) libMatrix.profiler.ProfilerSnapshots
- Error -- 348 getDirectoryContents(C:\ProgramData\PCDr\5830/software) failed

Error - 6/25/2011 1:46:45 PM | Computer Name = Amy-Laptop | Source = PC-Doctor | ID = 1
Description = (8908) Asapi: (13:46:45:4530)(8908) libMatrix.profiler.ProfilerSnapshots
- Error -- 446 getDirectoryContents(C:\ProgramData\PCDr\5830/software) failed

Error - 6/25/2011 1:46:45 PM | Computer Name = Amy-Laptop | Source = PC-Doctor | ID = 1
Description = (8908) Asapi: (13:46:45:5010)(8908) libMatrix.profiler.ProfilerSnapshots
- Error -- 348 getDirectoryContents(C:\ProgramData\PCDr\5830/smartdata) failed

Error - 6/25/2011 1:46:45 PM | Computer Name = Amy-Laptop | Source = PC-Doctor | ID = 1
Description = (8908) Asapi: (13:46:45:5010)(8908) libMatrix.profiler.ProfilerSnapshots
- Error -- 446 getDirectoryContents(C:\ProgramData\PCDr\5830/smartdata) failed

Error - 6/25/2011 1:46:45 PM | Computer Name = Amy-Laptop | Source = PC-Doctor | ID = 1
Description = (8908) Asapi: (13:46:45:5090)(8908) libMatrix.profiler.ProfilerSnapshots
- Error -- 348 getDirectoryContents(C:\ProgramData\PCDr\5830/performance) failed


Error - 6/25/2011 1:46:45 PM | Computer Name = Amy-Laptop | Source = PC-Doctor | ID = 1
Description = (8908) Asapi: (13:46:45:5090)(8908) libMatrix.profiler.ProfilerSnapshots
- Error -- 446 getDirectoryContents(C:\ProgramData\PCDr\5830/performance) failed


Error - 6/28/2011 9:44:32 AM | Computer Name = Amy-Laptop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 6/28/2011 9:46:42 AM | Computer Name = Amy-Laptop | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 6/28/2011 12:47:37 PM | Computer Name = Amy-Laptop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 5.0.0.4183 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c9c Start
Time: 01cc359075885b86 Termination Time: 23 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 4ea6a6c7-a1a6-11e0-b8ac-b8ac6f4f1d1e

[ System Events ]
Error - 1/19/2012 9:43:26 PM | Computer Name = Amy-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:40:29 AM on ?1/?19/?2012 was unexpected.

Error - 1/19/2012 9:43:43 PM | Computer Name = Amy-Laptop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cmdGuard discache spldr Wanarpv6

Error - 1/19/2012 9:43:57 PM | Computer Name = Amy-Laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error
Code: 21

Error - 1/19/2012 9:44:09 PM | Computer Name = Amy-Laptop | Source = DCOM | ID = 10005
Description =

Error - 1/19/2012 9:44:16 PM | Computer Name = Amy-Laptop | Source = DCOM | ID = 10005
Description =

Error - 1/19/2012 9:44:19 PM | Computer Name = Amy-Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/19/2012 9:44:22 PM | Computer Name = Amy-Laptop | Source = DCOM | ID = 10005
Description =

Error - 1/19/2012 9:44:21 PM | Computer Name = Amy-Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/19/2012 9:44:23 PM | Computer Name = Amy-Laptop | Source = DCOM | ID = 10005
Description =

Error - 1/19/2012 9:44:23 PM | Computer Name = Amy-Laptop | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068


< End of report >

Edited by moordogck, 19 January 2012 - 08:49 PM.

  • 0

Advertisements

#2
maliprog
Posted 20 January 2012 - 12:41 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello moordogck and welcome to my office here at G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
moordogck
Posted 21 January 2012 - 11:00 AM

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hello maliprog! thanks so much for replying :)

This is the log for TDSSKiller

11:51:26.0706 2880 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
11:51:27.0173 2880 ============================================================
11:51:27.0173 2880 Current date / time: 2012/01/21 11:51:27.0173
11:51:27.0173 2880 SystemInfo:
11:51:27.0173 2880
11:51:27.0173 2880 OS Version: 6.1.7601 ServicePack: 1.0
11:51:27.0173 2880 Product type: Workstation
11:51:27.0173 2880 ComputerName: AMY-LAPTOP
11:51:27.0173 2880 UserName: Amy
11:51:27.0173 2880 Windows directory: C:\Windows
11:51:27.0173 2880 System windows directory: C:\Windows
11:51:27.0173 2880 Running under WOW64
11:51:27.0173 2880 Processor architecture: Intel x64
11:51:27.0173 2880 Number of processors: 4
11:51:27.0173 2880 Page size: 0x1000
11:51:27.0173 2880 Boot type: Safe boot with network
11:51:27.0174 2880 ============================================================
11:51:28.0641 2880 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:51:28.0744 2880 Initialize success
11:51:36.0250 2872 ============================================================
11:51:36.0250 2872 Scan started
11:51:36.0250 2872 Mode: Manual;
11:51:36.0250 2872 ============================================================
11:51:39.0102 2872 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:51:39.0106 2872 1394ohci - ok
11:51:39.0163 2872 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:51:39.0167 2872 ACPI - ok
11:51:39.0192 2872 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:51:39.0193 2872 AcpiPmi - ok
11:51:39.0253 2872 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:51:39.0259 2872 adp94xx - ok
11:51:39.0307 2872 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:51:39.0311 2872 adpahci - ok
11:51:39.0355 2872 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:51:39.0357 2872 adpu320 - ok
11:51:39.0472 2872 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:51:39.0478 2872 AFD - ok
11:51:39.0566 2872 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:51:39.0568 2872 agp440 - ok
11:51:39.0601 2872 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:51:39.0602 2872 aliide - ok
11:51:39.0629 2872 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:51:39.0630 2872 amdide - ok
11:51:39.0693 2872 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:51:39.0695 2872 AmdK8 - ok
11:51:39.0732 2872 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:51:39.0734 2872 AmdPPM - ok
11:51:39.0793 2872 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:51:39.0795 2872 amdsata - ok
11:51:39.0813 2872 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:51:39.0816 2872 amdsbs - ok
11:51:39.0846 2872 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:51:39.0847 2872 amdxata - ok
11:51:39.0927 2872 ApfiltrService (8b522286c8d6a20133d12225b7759596) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:51:39.0929 2872 ApfiltrService - ok
11:51:39.0996 2872 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:51:40.0005 2872 AppID - ok
11:51:40.0098 2872 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:51:40.0099 2872 arc - ok
11:51:40.0124 2872 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:51:40.0126 2872 arcsas - ok
11:51:40.0164 2872 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:51:40.0165 2872 AsyncMac - ok
11:51:40.0205 2872 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:51:40.0206 2872 atapi - ok
11:51:40.0305 2872 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:51:40.0311 2872 b06bdrv - ok
11:51:40.0356 2872 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:51:40.0359 2872 b57nd60a - ok
11:51:40.0434 2872 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
11:51:40.0435 2872 BCM42RLY - ok
11:51:40.0528 2872 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:51:40.0554 2872 BCM43XX - ok
11:51:40.0713 2872 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:51:40.0714 2872 Beep - ok
11:51:40.0806 2872 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:51:40.0807 2872 blbdrive - ok
11:51:40.0918 2872 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:51:40.0920 2872 bowser - ok
11:51:40.0953 2872 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:51:40.0954 2872 BrFiltLo - ok
11:51:40.0982 2872 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:51:40.0983 2872 BrFiltUp - ok
11:51:41.0037 2872 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:51:41.0043 2872 Brserid - ok
11:51:41.0069 2872 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:51:41.0071 2872 BrSerWdm - ok
11:51:41.0111 2872 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:51:41.0118 2872 BrUsbMdm - ok
11:51:41.0177 2872 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:51:41.0178 2872 BrUsbSer - ok
11:51:41.0230 2872 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
11:51:41.0231 2872 BTCFilterService - ok
11:51:41.0296 2872 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:51:41.0298 2872 BTHMODEM - ok
11:51:41.0412 2872 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:51:41.0414 2872 cdfs - ok
11:51:41.0504 2872 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:51:41.0506 2872 cdrom - ok
11:51:41.0562 2872 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:51:41.0564 2872 circlass - ok
11:51:41.0634 2872 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:51:41.0644 2872 CLFS - ok
11:51:41.0787 2872 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:51:41.0788 2872 CmBatt - ok
11:51:41.0861 2872 cmderd (fa26df95bfbeccbd44c961834789c549) C:\Windows\system32\DRIVERS\cmderd.sys
11:51:41.0861 2872 cmderd - ok
11:51:41.0951 2872 cmdGuard (efd76d1c9a28b75ff05b23cb0e7f79cd) C:\Windows\system32\DRIVERS\cmdguard.sys
11:51:41.0957 2872 cmdGuard - ok
11:51:42.0000 2872 cmdHlp (4b5b1688ab86ebced4bef8d337e9a722) C:\Windows\system32\DRIVERS\cmdhlp.sys
11:51:42.0000 2872 cmdHlp - ok
11:51:42.0040 2872 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:51:42.0041 2872 cmdide - ok
11:51:42.0091 2872 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:51:42.0096 2872 CNG - ok
11:51:42.0146 2872 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:51:42.0147 2872 Compbatt - ok
11:51:42.0202 2872 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:51:42.0203 2872 CompositeBus - ok
11:51:42.0240 2872 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:51:42.0241 2872 crcdisk - ok
11:51:42.0336 2872 CryptOSD (0d7f96af026d7c1afde2a83980a65018) C:\Windows\system32\DRIVERS\CryptOSD.sys
11:51:42.0342 2872 CryptOSD - ok
11:51:42.0420 2872 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
11:51:42.0424 2872 CtClsFlt - ok
11:51:42.0522 2872 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:51:42.0524 2872 DfsC - ok
11:51:42.0554 2872 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:51:42.0555 2872 discache - ok
11:51:42.0639 2872 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:51:42.0640 2872 Disk - ok
11:51:42.0678 2872 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
11:51:42.0683 2872 Dot4 - ok
11:51:42.0732 2872 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
11:51:42.0733 2872 Dot4Print - ok
11:51:42.0784 2872 Dot4Scan (488669cd1cd3bdcfdd9a5fda72209069) C:\Windows\system32\DRIVERS\Dot4Scan.sys
11:51:42.0785 2872 Dot4Scan - ok
11:51:42.0844 2872 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
11:51:42.0845 2872 dot4usb - ok
11:51:42.0924 2872 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:51:42.0925 2872 drmkaud - ok
11:51:42.0990 2872 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:51:43.0002 2872 DXGKrnl - ok
11:51:43.0101 2872 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:51:43.0140 2872 ebdrv - ok
11:51:43.0305 2872 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:51:43.0311 2872 elxstor - ok
11:51:43.0349 2872 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:51:43.0350 2872 ErrDev - ok
11:51:43.0404 2872 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:51:43.0406 2872 exfat - ok
11:51:43.0444 2872 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:51:43.0446 2872 fastfat - ok
11:51:43.0524 2872 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:51:43.0525 2872 fdc - ok
11:51:43.0587 2872 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:51:43.0588 2872 FileInfo - ok
11:51:43.0613 2872 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:51:43.0615 2872 Filetrace - ok
11:51:43.0652 2872 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:51:43.0653 2872 flpydisk - ok
11:51:43.0716 2872 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:51:43.0719 2872 FltMgr - ok
11:51:43.0763 2872 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:51:43.0764 2872 FsDepends - ok
11:51:43.0784 2872 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:51:43.0784 2872 Fs_Rec - ok
11:51:43.0849 2872 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:51:43.0852 2872 fvevol - ok
11:51:43.0880 2872 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:51:43.0882 2872 gagp30kx - ok
11:51:43.0934 2872 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:51:43.0935 2872 GEARAspiWDM - ok
11:51:44.0019 2872 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:51:44.0020 2872 hcw85cir - ok
11:51:44.0086 2872 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:51:44.0087 2872 HDAudBus - ok
11:51:44.0121 2872 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:51:44.0122 2872 HECIx64 - ok
11:51:44.0156 2872 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:51:44.0157 2872 HidBatt - ok
11:51:44.0181 2872 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:51:44.0183 2872 HidBth - ok
11:51:44.0230 2872 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:51:44.0248 2872 HidIr - ok
11:51:44.0276 2872 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:51:44.0277 2872 HidUsb - ok
11:51:44.0328 2872 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:51:44.0329 2872 HpSAMD - ok
11:51:44.0377 2872 HtcUsbMdmV64 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys
11:51:44.0379 2872 HtcUsbMdmV64 - ok
11:51:44.0427 2872 HtcVCom32 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcVComV64.sys
11:51:44.0429 2872 HtcVCom32 - ok
11:51:44.0505 2872 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:51:44.0514 2872 HTTP - ok
11:51:44.0550 2872 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:51:44.0551 2872 hwpolicy - ok
11:51:44.0589 2872 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:51:44.0590 2872 i8042prt - ok
11:51:44.0684 2872 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:51:44.0689 2872 iaStorV - ok
11:51:44.0853 2872 igfx (404548917acaaa314165c2882b045c94) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:51:45.0010 2872 igfx - ok
11:51:45.0130 2872 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:51:45.0132 2872 iirsp - ok
11:51:45.0183 2872 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
11:51:45.0186 2872 Impcd - ok
11:51:45.0247 2872 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
11:51:45.0247 2872 inspect - ok
11:51:45.0338 2872 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys
11:51:45.0359 2872 IntcAzAudAddService - ok
11:51:45.0386 2872 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:51:45.0389 2872 IntcDAud - ok
11:51:45.0429 2872 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:51:45.0430 2872 intelide - ok
11:51:45.0475 2872 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:51:45.0476 2872 intelppm - ok
11:51:45.0517 2872 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:51:45.0519 2872 IpFilterDriver - ok
11:51:45.0581 2872 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:51:45.0583 2872 IPMIDRV - ok
11:51:45.0631 2872 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:51:45.0633 2872 IPNAT - ok
11:51:45.0747 2872 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:51:45.0748 2872 IRENUM - ok
11:51:45.0789 2872 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:51:45.0790 2872 isapnp - ok
11:51:45.0850 2872 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:51:45.0854 2872 iScsiPrt - ok
11:51:45.0896 2872 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:51:45.0897 2872 kbdclass - ok
11:51:45.0948 2872 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:51:45.0950 2872 kbdhid - ok
11:51:46.0015 2872 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:51:46.0016 2872 KSecDD - ok
11:51:46.0052 2872 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:51:46.0054 2872 KSecPkg - ok
11:51:46.0107 2872 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:51:46.0108 2872 ksthunk - ok
11:51:46.0218 2872 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:51:46.0235 2872 lltdio - ok
11:51:46.0301 2872 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:51:46.0305 2872 LSI_FC - ok
11:51:46.0338 2872 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:51:46.0339 2872 LSI_SAS - ok
11:51:46.0380 2872 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:51:46.0381 2872 LSI_SAS2 - ok
11:51:46.0402 2872 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:51:46.0405 2872 LSI_SCSI - ok
11:51:46.0456 2872 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:51:46.0458 2872 luafv - ok
11:51:46.0500 2872 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:51:46.0501 2872 megasas - ok
11:51:46.0554 2872 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:51:46.0557 2872 MegaSR - ok
11:51:46.0631 2872 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:51:46.0633 2872 Modem - ok
11:51:46.0670 2872 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:51:46.0671 2872 monitor - ok
11:51:46.0710 2872 motccgp - ok
11:51:46.0773 2872 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
11:51:46.0773 2872 motccgpfl - ok
11:51:46.0835 2872 MotDev (3cc500c9b0e4d476802d277353cb2c89) C:\Windows\system32\DRIVERS\motodrv.sys
11:51:46.0837 2872 MotDev - ok
11:51:46.0875 2872 motmodem - ok
11:51:46.0902 2872 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
11:51:46.0903 2872 MotoSwitchService - ok
11:51:46.0938 2872 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
11:51:46.0939 2872 Motousbnet - ok
11:51:46.0993 2872 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
11:51:46.0994 2872 motusbdevice - ok
11:51:47.0052 2872 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:51:47.0053 2872 mouclass - ok
11:51:47.0117 2872 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:51:47.0122 2872 mouhid - ok
11:51:47.0164 2872 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:51:47.0166 2872 mountmgr - ok
11:51:47.0202 2872 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:51:47.0204 2872 mpio - ok
11:51:47.0245 2872 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:51:47.0246 2872 mpsdrv - ok
11:51:47.0313 2872 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:51:47.0316 2872 MRxDAV - ok
11:51:47.0363 2872 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:51:47.0365 2872 mrxsmb - ok
11:51:47.0412 2872 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:51:47.0416 2872 mrxsmb10 - ok
11:51:47.0442 2872 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:51:47.0444 2872 mrxsmb20 - ok
11:51:47.0487 2872 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:51:47.0488 2872 msahci - ok
11:51:47.0530 2872 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:51:47.0532 2872 msdsm - ok
11:51:47.0588 2872 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:51:47.0589 2872 Msfs - ok
11:51:47.0654 2872 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:51:47.0655 2872 mshidkmdf - ok
11:51:47.0669 2872 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:51:47.0670 2872 msisadrv - ok
11:51:47.0746 2872 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:51:47.0748 2872 MSKSSRV - ok
11:51:47.0760 2872 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:51:47.0761 2872 MSPCLOCK - ok
11:51:47.0803 2872 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:51:47.0804 2872 MSPQM - ok
11:51:47.0844 2872 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:51:47.0849 2872 MsRPC - ok
11:51:47.0896 2872 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:51:47.0897 2872 mssmbios - ok
11:51:47.0948 2872 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:51:47.0950 2872 MSTEE - ok
11:51:47.0979 2872 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:51:47.0981 2872 MTConfig - ok
11:51:48.0008 2872 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:51:48.0022 2872 Mup - ok
11:51:48.0112 2872 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:51:48.0115 2872 NativeWifiP - ok
11:51:48.0185 2872 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:51:48.0195 2872 NDIS - ok
11:51:48.0234 2872 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:51:48.0235 2872 NdisCap - ok
11:51:48.0291 2872 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:51:48.0306 2872 NdisTapi - ok
11:51:48.0371 2872 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:51:48.0372 2872 Ndisuio - ok
11:51:48.0420 2872 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:51:48.0422 2872 NdisWan - ok
11:51:48.0467 2872 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:51:48.0469 2872 NDProxy - ok
11:51:48.0500 2872 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:51:48.0515 2872 NetBIOS - ok
11:51:48.0577 2872 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:51:48.0581 2872 NetBT - ok
11:51:48.0720 2872 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:51:48.0721 2872 nfrd960 - ok
11:51:48.0739 2872 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:51:48.0740 2872 Npfs - ok
11:51:48.0800 2872 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:51:48.0801 2872 nsiproxy - ok
11:51:48.0913 2872 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:51:48.0940 2872 Ntfs - ok
11:51:48.0984 2872 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:51:48.0985 2872 Null - ok
11:51:49.0024 2872 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:51:49.0026 2872 nvraid - ok
11:51:49.0077 2872 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:51:49.0079 2872 nvstor - ok
11:51:49.0162 2872 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:51:49.0179 2872 nv_agp - ok
11:51:49.0235 2872 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:51:49.0241 2872 ohci1394 - ok
11:51:49.0333 2872 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:51:49.0335 2872 Parport - ok
11:51:49.0408 2872 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:51:49.0410 2872 partmgr - ok
11:51:49.0481 2872 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:51:49.0484 2872 pci - ok
11:51:49.0507 2872 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:51:49.0508 2872 pciide - ok
11:51:49.0566 2872 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:51:49.0571 2872 pcmcia - ok
11:51:49.0641 2872 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:51:49.0642 2872 pcw - ok
11:51:49.0692 2872 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:51:49.0700 2872 PEAUTH - ok
11:51:49.0936 2872 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:51:49.0941 2872 PptpMiniport - ok
11:51:49.0979 2872 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:51:49.0981 2872 Processor - ok
11:51:50.0132 2872 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:51:50.0134 2872 Psched - ok
11:51:50.0174 2872 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:51:50.0176 2872 PxHlpa64 - ok
11:51:50.0220 2872 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:51:50.0237 2872 ql2300 - ok
11:51:50.0256 2872 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:51:50.0270 2872 ql40xx - ok
11:51:50.0322 2872 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:51:50.0324 2872 QWAVEdrv - ok
11:51:50.0368 2872 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:51:50.0369 2872 RasAcd - ok
11:51:50.0445 2872 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:51:50.0446 2872 RasAgileVpn - ok
11:51:50.0517 2872 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:51:50.0519 2872 Rasl2tp - ok
11:51:50.0547 2872 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:51:50.0550 2872 RasPppoe - ok
11:51:50.0600 2872 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:51:50.0602 2872 RasSstp - ok
11:51:50.0644 2872 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:51:50.0647 2872 rdbss - ok
11:51:50.0668 2872 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:51:50.0669 2872 rdpbus - ok
11:51:50.0700 2872 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:51:50.0701 2872 RDPCDD - ok
11:51:50.0763 2872 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:51:50.0764 2872 RDPENCDD - ok
11:51:50.0815 2872 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:51:50.0816 2872 RDPREFMP - ok
11:51:50.0863 2872 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:51:50.0866 2872 RDPWD - ok
11:51:50.0935 2872 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:51:50.0941 2872 rdyboost - ok
11:51:51.0022 2872 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
11:51:51.0024 2872 RimUsb - ok
11:51:51.0083 2872 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
11:51:51.0095 2872 RimVSerPort - ok
11:51:51.0164 2872 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
11:51:51.0165 2872 ROOTMODEM - ok
11:51:51.0279 2872 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:51:51.0281 2872 rspndr - ok
11:51:51.0356 2872 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys
11:51:51.0359 2872 RSUSBSTOR - ok
11:51:51.0589 2872 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:51:51.0593 2872 RTL8167 - ok
11:51:51.0656 2872 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:51:51.0659 2872 sbp2port - ok
11:51:51.0840 2872 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:51:51.0842 2872 scfilter - ok
11:51:51.0966 2872 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:51:51.0967 2872 secdrv - ok
11:51:52.0064 2872 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:51:52.0065 2872 Serenum - ok
11:51:52.0114 2872 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:51:52.0129 2872 Serial - ok
11:51:52.0174 2872 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:51:52.0176 2872 sermouse - ok
11:51:52.0245 2872 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:51:52.0246 2872 sffdisk - ok
11:51:52.0293 2872 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:51:52.0294 2872 sffp_mmc - ok
11:51:52.0327 2872 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:51:52.0328 2872 sffp_sd - ok
11:51:52.0364 2872 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:51:52.0365 2872 sfloppy - ok
11:51:52.0445 2872 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:51:52.0447 2872 SiSRaid2 - ok
11:51:52.0488 2872 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:51:52.0489 2872 SiSRaid4 - ok
11:51:52.0555 2872 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:51:52.0577 2872 Smb - ok
11:51:52.0753 2872 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:51:52.0755 2872 spldr - ok
11:51:52.0860 2872 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:51:52.0867 2872 srv - ok
11:51:52.0916 2872 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:51:52.0923 2872 srv2 - ok
11:51:52.0945 2872 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:51:52.0948 2872 srvnet - ok
11:51:53.0019 2872 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:51:53.0021 2872 stexstor - ok
11:51:53.0107 2872 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:51:53.0108 2872 swenum - ok
11:51:53.0347 2872 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:51:53.0404 2872 Tcpip - ok
11:51:53.0548 2872 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:51:53.0560 2872 TCPIP6 - ok
11:51:53.0665 2872 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:51:53.0667 2872 tcpipreg - ok
11:51:53.0737 2872 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:51:53.0739 2872 TDPIPE - ok
11:51:53.0764 2872 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:51:53.0765 2872 TDTCP - ok
11:51:53.0829 2872 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:51:53.0831 2872 tdx - ok
11:51:53.0884 2872 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:51:53.0885 2872 TermDD - ok
11:51:54.0087 2872 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:51:54.0088 2872 tssecsrv - ok
11:51:54.0170 2872 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:51:54.0185 2872 TsUsbFlt - ok
11:51:54.0269 2872 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:51:54.0271 2872 tunnel - ok
11:51:54.0317 2872 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:51:54.0319 2872 uagp35 - ok
11:51:54.0365 2872 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:51:54.0369 2872 udfs - ok
11:51:54.0462 2872 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:51:54.0463 2872 uliagpkx - ok
11:51:54.0522 2872 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:51:54.0523 2872 umbus - ok
11:51:54.0553 2872 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:51:54.0554 2872 UmPass - ok
11:51:54.0658 2872 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
11:51:54.0659 2872 usbbus - ok
11:51:54.0702 2872 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:51:54.0704 2872 usbccgp - ok
11:51:54.0775 2872 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:51:54.0777 2872 usbcir - ok
11:51:54.0812 2872 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
11:51:54.0813 2872 UsbDiag - ok
11:51:54.0851 2872 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:51:54.0852 2872 usbehci - ok
11:51:54.0905 2872 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:51:54.0909 2872 usbhub - ok
11:51:54.0927 2872 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
11:51:54.0929 2872 USBModem - ok
11:51:54.0973 2872 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:51:54.0974 2872 usbohci - ok
11:51:54.0997 2872 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:51:54.0998 2872 usbprint - ok
11:51:55.0043 2872 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
11:51:55.0045 2872 USBSTOR - ok
11:51:55.0077 2872 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:51:55.0078 2872 usbuhci - ok
11:51:55.0319 2872 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:51:55.0322 2872 usbvideo - ok
11:51:55.0524 2872 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:51:55.0525 2872 vdrvroot - ok
11:51:55.0693 2872 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:51:55.0694 2872 vga - ok
11:51:55.0835 2872 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:51:55.0836 2872 VgaSave - ok
11:51:55.0883 2872 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:51:55.0886 2872 vhdmp - ok
11:51:55.0976 2872 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:51:55.0977 2872 viaide - ok
11:51:56.0028 2872 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:51:56.0029 2872 volmgr - ok
11:51:56.0081 2872 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:51:56.0085 2872 volmgrx - ok
11:51:56.0136 2872 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:51:56.0139 2872 volsnap - ok
11:51:56.0238 2872 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:51:56.0241 2872 vsmraid - ok
11:51:56.0287 2872 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:51:56.0288 2872 vwifibus - ok
11:51:56.0324 2872 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:51:56.0325 2872 vwififlt - ok
11:51:56.0364 2872 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:51:56.0364 2872 vwifimp - ok
11:51:56.0401 2872 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:51:56.0403 2872 WacomPen - ok
11:51:56.0478 2872 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:51:56.0480 2872 WANARP - ok
11:51:56.0484 2872 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:51:56.0484 2872 Wanarpv6 - ok
11:51:56.0563 2872 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:51:56.0564 2872 Wd - ok
11:51:56.0641 2872 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:51:56.0648 2872 Wdf01000 - ok
11:51:56.0755 2872 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:51:56.0767 2872 WfpLwf - ok
11:51:56.0796 2872 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:51:56.0797 2872 WIMMount - ok
11:51:56.0882 2872 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:51:56.0884 2872 WinUsb - ok
11:51:56.0987 2872 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:51:56.0988 2872 WmiAcpi - ok
11:51:57.0086 2872 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:51:57.0088 2872 ws2ifsl - ok
11:51:57.0155 2872 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:51:57.0157 2872 WudfPf - ok
11:51:57.0201 2872 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:51:57.0204 2872 WUDFRd - ok
11:51:57.0277 2872 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
11:51:57.0348 2872 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:51:57.0349 2872 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:51:57.0381 2872 Boot (0x1200) (ce5930b5af712151cfbbdaa1e8996462) \Device\Harddisk0\DR0\Partition0
11:51:57.0382 2872 \Device\Harddisk0\DR0\Partition0 - ok
11:51:57.0409 2872 Boot (0x1200) (5fbeec304255b89f9f44bfbc42ea0a09) \Device\Harddisk0\DR0\Partition1
11:51:57.0410 2872 \Device\Harddisk0\DR0\Partition1 - ok
11:51:57.0424 2872 Boot (0x1200) (0cd7312e57ebff130a363159847c5400) \Device\Harddisk0\DR0\Partition2
11:51:57.0426 2872 \Device\Harddisk0\DR0\Partition2 - ok
11:51:57.0429 2872 ============================================================
11:51:57.0429 2872 Scan finished
11:51:57.0429 2872 ============================================================
11:51:57.0467 2972 Detected object count: 1
11:51:57.0467 2972 Actual detected object count: 1
11:54:12.0440 2972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
11:54:12.0441 2972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
  • 0

#4
moordogck
Posted 21 January 2012 - 11:07 AM

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
maliprog on the second step it says to disable the antivirus, I had downloaded Comodo which never worked and downloaded trenmicro but I don't even see it installed, I'm in safemode right now since I can't get into windows the regular way, is there any other way I can make sure no antivirus is running? my tray icon only shows 3 basic icons, volume, wireless and the flag from windows that indicates I have things to take care of "PC issues".

thank you
  • 0

#5
maliprog
Posted 21 January 2012 - 02:25 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi moordogck,

Before you continue with Step 2 can you run TDSSKiller one more time but this time make sure you select Cure and remove infection. Post log after the scan please like you did last time.

After you Cure infection try to restart Windows in Normal mode. Hopefully you will be able to disable your antivirus and run Combofix.
  • 0

#6
moordogck
Posted 21 January 2012 - 11:17 PM

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hello maliprog, I ran it again and did what you said and I was able to get into windows the normal way again, it doesnt look the same as it used to but it hasn't kicked me out, the bad part is that after I did the scan I forgot to click on report, right after it was done I got a pop up telling me to reboot and I clicked that first, then it was too late to get my report, I did another scan and got a report for you, of course this one doesn't say anything about the one that I used the "cure" on, I'm sorry about that. :unsure:

TDSSKiller

00:05:45.0503 4440 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
00:05:45.0909 4440 ============================================================
00:05:45.0909 4440 Current date / time: 2012/01/22 00:05:45.0909
00:05:45.0909 4440 SystemInfo:
00:05:45.0909 4440
00:05:45.0909 4440 OS Version: 6.1.7601 ServicePack: 1.0
00:05:45.0909 4440 Product type: Workstation
00:05:45.0909 4440 ComputerName: AMY-LAPTOP
00:05:45.0909 4440 UserName: Amy
00:05:45.0909 4440 Windows directory: C:\Windows
00:05:45.0909 4440 System windows directory: C:\Windows
00:05:45.0909 4440 Running under WOW64
00:05:45.0909 4440 Processor architecture: Intel x64
00:05:45.0909 4440 Number of processors: 4
00:05:45.0909 4440 Page size: 0x1000
00:05:45.0909 4440 Boot type: Normal boot
00:05:45.0909 4440 ============================================================
00:05:52.0227 4440 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:05:53.0241 4440 Initialize success
00:06:49.0385 5180 ============================================================
00:06:49.0385 5180 Scan started
00:06:49.0385 5180 Mode: Manual;
00:06:49.0385 5180 ============================================================
00:07:04.0018 5180 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:07:04.0065 5180 1394ohci - ok
00:07:05.0750 5180 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:07:05.0765 5180 ACPI - ok
00:07:07.0263 5180 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:07:07.0263 5180 AcpiPmi - ok
00:07:10.0274 5180 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:07:10.0305 5180 adp94xx - ok
00:07:11.0444 5180 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:07:11.0444 5180 adpahci - ok
00:07:12.0848 5180 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:07:12.0879 5180 adpu320 - ok
00:07:14.0299 5180 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
00:07:15.0266 5180 AFD - ok
00:07:16.0545 5180 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:07:16.0717 5180 agp440 - ok
00:07:17.0980 5180 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:07:18.0167 5180 aliide - ok
00:07:18.0589 5180 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:07:18.0760 5180 amdide - ok
00:07:20.0570 5180 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:07:20.0601 5180 AmdK8 - ok
00:07:20.0975 5180 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:07:21.0007 5180 AmdPPM - ok
00:07:22.0317 5180 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:07:22.0379 5180 amdsata - ok
00:07:23.0783 5180 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:07:23.0815 5180 amdsbs - ok
00:07:25.0078 5180 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:07:25.0078 5180 amdxata - ok
00:07:26.0186 5180 ApfiltrService (8b522286c8d6a20133d12225b7759596) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:07:26.0186 5180 ApfiltrService - ok
00:07:27.0481 5180 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:07:27.0496 5180 AppID - ok
00:07:29.0009 5180 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:07:30.0632 5180 arc - ok
00:07:31.0833 5180 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:07:31.0911 5180 arcsas - ok
00:07:33.0455 5180 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:07:33.0471 5180 AsyncMac - ok
00:07:34.0220 5180 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:07:34.0220 5180 atapi - ok
00:07:36.0263 5180 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:07:36.0295 5180 b06bdrv - ok
00:07:37.0761 5180 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:07:37.0777 5180 b57nd60a - ok
00:07:40.0210 5180 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
00:07:48.0915 5180 BCM42RLY - ok
00:07:53.0704 5180 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
00:07:53.0735 5180 BCM43XX - ok
00:07:55.0155 5180 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:07:55.0171 5180 Beep - ok
00:07:56.0481 5180 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:07:56.0777 5180 blbdrive - ok
00:07:58.0322 5180 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:07:58.0337 5180 bowser - ok
00:07:59.0227 5180 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:07:59.0258 5180 BrFiltLo - ok
00:08:00.0381 5180 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:08:00.0459 5180 BrFiltUp - ok
00:08:01.0442 5180 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:08:01.0473 5180 Brserid - ok
00:08:02.0206 5180 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:08:02.0331 5180 BrSerWdm - ok
00:08:03.0251 5180 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:08:03.0267 5180 BrUsbMdm - ok
00:08:03.0907 5180 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:08:03.0938 5180 BrUsbSer - ok
00:08:04.0702 5180 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
00:08:04.0733 5180 BTCFilterService - ok
00:08:05.0685 5180 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:08:05.0701 5180 BTHMODEM - ok
00:08:06.0512 5180 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:08:06.0527 5180 cdfs - ok
00:08:07.0058 5180 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:08:07.0073 5180 cdrom - ok
00:08:07.0791 5180 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:08:07.0838 5180 circlass - ok
00:08:08.0431 5180 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:08:08.0446 5180 CLFS - ok
00:08:10.0272 5180 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:08:10.0287 5180 CmBatt - ok
00:08:10.0911 5180 cmderd (fa26df95bfbeccbd44c961834789c549) C:\Windows\system32\DRIVERS\cmderd.sys
00:08:10.0911 5180 cmderd - ok
00:08:11.0972 5180 cmdGuard (efd76d1c9a28b75ff05b23cb0e7f79cd) C:\Windows\system32\DRIVERS\cmdguard.sys
00:08:11.0972 5180 cmdGuard - ok
00:08:13.0438 5180 cmdHlp (4b5b1688ab86ebced4bef8d337e9a722) C:\Windows\system32\DRIVERS\cmdhlp.sys
00:08:13.0438 5180 cmdHlp - ok
00:08:14.0156 5180 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:08:14.0452 5180 cmdide - ok
00:08:15.0794 5180 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
00:08:15.0810 5180 CNG - ok
00:08:16.0605 5180 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:08:16.0605 5180 Compbatt - ok
00:08:17.0416 5180 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:08:17.0416 5180 CompositeBus - ok
00:08:17.0931 5180 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:08:17.0978 5180 crcdisk - ok
00:08:19.0413 5180 CryptOSD (0d7f96af026d7c1afde2a83980a65018) C:\Windows\system32\DRIVERS\CryptOSD.sys
00:08:19.0429 5180 CryptOSD - ok
00:08:20.0646 5180 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
00:08:20.0739 5180 CtClsFlt - ok
00:08:21.0566 5180 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:08:21.0660 5180 DfsC - ok
00:08:22.0658 5180 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:08:22.0658 5180 discache - ok
00:08:27.0151 5180 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:08:27.0166 5180 Disk - ok
00:08:28.0820 5180 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
00:08:28.0898 5180 Dot4 - ok
00:08:29.0631 5180 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
00:08:29.0647 5180 Dot4Print - ok
00:08:32.0018 5180 Dot4Scan (488669cd1cd3bdcfdd9a5fda72209069) C:\Windows\system32\DRIVERS\Dot4Scan.sys
00:08:32.0143 5180 Dot4Scan - ok
00:08:33.0328 5180 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
00:08:33.0531 5180 dot4usb - ok
00:08:35.0091 5180 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:08:35.0091 5180 drmkaud - ok
00:08:35.0840 5180 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:08:35.0856 5180 DXGKrnl - ok
00:08:38.0149 5180 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:08:38.0352 5180 ebdrv - ok
00:08:39.0022 5180 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:08:39.0038 5180 elxstor - ok
00:08:39.0912 5180 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:08:39.0927 5180 ErrDev - ok
00:08:40.0754 5180 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:08:40.0770 5180 exfat - ok
00:08:41.0347 5180 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:08:41.0347 5180 fastfat - ok
00:08:42.0330 5180 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:08:42.0345 5180 fdc - ok
00:08:42.0595 5180 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:08:42.0626 5180 FileInfo - ok
00:08:42.0907 5180 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:08:42.0922 5180 Filetrace - ok
00:08:43.0297 5180 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:08:43.0297 5180 flpydisk - ok
00:08:43.0749 5180 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:08:43.0765 5180 FltMgr - ok
00:08:44.0295 5180 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:08:44.0311 5180 FsDepends - ok
00:08:44.0638 5180 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:08:44.0638 5180 Fs_Rec - ok
00:08:45.0013 5180 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:08:45.0013 5180 fvevol - ok
00:08:45.0746 5180 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:08:45.0777 5180 gagp30kx - ok
00:08:46.0464 5180 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:08:46.0479 5180 GEARAspiWDM - ok
00:08:49.0272 5180 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:08:49.0303 5180 hcw85cir - ok
00:08:49.0896 5180 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:08:50.0005 5180 HDAudBus - ok
00:08:50.0442 5180 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
00:08:50.0442 5180 HECIx64 - ok
00:08:50.0691 5180 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:08:50.0722 5180 HidBatt - ok
00:08:50.0956 5180 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:08:50.0972 5180 HidBth - ok
00:08:51.0144 5180 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:08:51.0206 5180 HidIr - ok
00:08:51.0580 5180 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
00:08:51.0596 5180 HidUsb - ok
00:08:51.0892 5180 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:08:51.0908 5180 HpSAMD - ok
00:08:52.0953 5180 HtcUsbMdmV64 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys
00:08:53.0000 5180 HtcUsbMdmV64 - ok
00:08:53.0889 5180 HtcVCom32 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcVComV64.sys
00:08:53.0952 5180 HtcVCom32 - ok
00:08:54.0888 5180 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:08:54.0934 5180 HTTP - ok
00:08:55.0449 5180 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:08:55.0512 5180 hwpolicy - ok
00:08:55.0995 5180 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:08:56.0011 5180 i8042prt - ok
00:08:56.0728 5180 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:08:56.0744 5180 iaStorV - ok
00:08:59.0786 5180 igfx (404548917acaaa314165c2882b045c94) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:08:59.0989 5180 igfx - ok
00:09:00.0582 5180 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:09:00.0597 5180 iirsp - ok
00:09:01.0221 5180 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
00:09:01.0252 5180 Impcd - ok
00:09:02.0188 5180 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
00:09:02.0188 5180 inspect - ok
00:09:03.0249 5180 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys
00:09:03.0358 5180 IntcAzAudAddService - ok
00:09:04.0497 5180 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:09:04.0497 5180 IntcDAud - ok
00:09:05.0433 5180 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:09:05.0480 5180 intelide - ok
00:09:06.0260 5180 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:09:06.0260 5180 intelppm - ok
00:09:08.0335 5180 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:09:08.0335 5180 IpFilterDriver - ok
00:09:08.0974 5180 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:09:08.0990 5180 IPMIDRV - ok
00:09:09.0879 5180 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:09:09.0957 5180 IPNAT - ok
00:09:11.0080 5180 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:09:11.0096 5180 IRENUM - ok
00:09:11.0564 5180 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:09:11.0580 5180 isapnp - ok
00:09:11.0814 5180 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:09:11.0829 5180 iScsiPrt - ok
00:09:12.0126 5180 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:09:12.0126 5180 kbdclass - ok
00:09:12.0469 5180 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:09:12.0484 5180 kbdhid - ok
00:09:13.0374 5180 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
00:09:13.0389 5180 KSecDD - ok
00:09:13.0998 5180 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
00:09:14.0013 5180 KSecPkg - ok
00:09:14.0668 5180 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:09:14.0684 5180 ksthunk - ok
00:09:15.0261 5180 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:09:15.0261 5180 lltdio - ok
00:09:16.0072 5180 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:09:16.0072 5180 LSI_FC - ok
00:09:16.0306 5180 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:09:16.0322 5180 LSI_SAS - ok
00:09:16.0650 5180 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:09:16.0665 5180 LSI_SAS2 - ok
00:09:16.0977 5180 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:09:17.0008 5180 LSI_SCSI - ok
00:09:17.0133 5180 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:09:17.0133 5180 luafv - ok
00:09:17.0320 5180 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:09:17.0352 5180 megasas - ok
00:09:17.0632 5180 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:09:17.0648 5180 MegaSR - ok
00:09:17.0835 5180 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:09:17.0835 5180 Modem - ok
00:09:18.0054 5180 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:09:18.0054 5180 monitor - ok
00:09:18.0709 5180 motccgp - ok
00:09:18.0990 5180 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
00:09:18.0990 5180 motccgpfl - ok
00:09:19.0286 5180 MotDev (3cc500c9b0e4d476802d277353cb2c89) C:\Windows\system32\DRIVERS\motodrv.sys
00:09:19.0302 5180 MotDev - ok
00:09:20.0128 5180 motmodem - ok
00:09:21.0564 5180 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
00:09:21.0579 5180 MotoSwitchService - ok
00:09:22.0609 5180 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
00:09:22.0609 5180 Motousbnet - ok
00:09:23.0202 5180 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
00:09:23.0217 5180 motusbdevice - ok
00:09:23.0888 5180 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
00:09:23.0950 5180 mouclass - ok
00:09:24.0996 5180 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:09:25.0198 5180 mouhid - ok
00:09:25.0822 5180 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:09:25.0838 5180 mountmgr - ok
00:09:26.0696 5180 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:09:26.0727 5180 mpio - ok
00:09:27.0554 5180 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:09:27.0554 5180 mpsdrv - ok
00:09:28.0568 5180 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:09:28.0646 5180 MRxDAV - ok
00:09:29.0098 5180 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:09:29.0114 5180 mrxsmb - ok
00:09:29.0364 5180 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:09:29.0551 5180 mrxsmb10 - ok
00:09:30.0424 5180 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:09:30.0440 5180 mrxsmb20 - ok
00:09:31.0126 5180 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:09:31.0126 5180 msahci - ok
00:09:31.0548 5180 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:09:31.0594 5180 msdsm - ok
00:09:32.0780 5180 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:09:32.0780 5180 Msfs - ok
00:09:33.0544 5180 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:09:33.0560 5180 mshidkmdf - ok
00:09:34.0402 5180 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:09:34.0418 5180 msisadrv - ok
00:09:35.0042 5180 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:09:35.0167 5180 MSKSSRV - ok
00:09:36.0196 5180 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:09:36.0259 5180 MSPCLOCK - ok
00:09:37.0522 5180 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:09:37.0569 5180 MSPQM - ok
00:09:38.0334 5180 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:09:38.0349 5180 MsRPC - ok
00:09:38.0958 5180 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:09:38.0958 5180 mssmbios - ok
00:09:39.0582 5180 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:09:39.0613 5180 MSTEE - ok
00:09:39.0831 5180 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:09:39.0847 5180 MTConfig - ok
00:09:40.0221 5180 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:09:40.0237 5180 Mup - ok
00:09:41.0079 5180 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:09:41.0157 5180 NativeWifiP - ok
00:09:42.0717 5180 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:09:42.0764 5180 NDIS - ok
00:09:43.0544 5180 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:09:43.0653 5180 NdisCap - ok
00:09:44.0386 5180 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:09:44.0402 5180 NdisTapi - ok
00:09:45.0307 5180 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:09:45.0322 5180 Ndisuio - ok
00:09:46.0414 5180 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:09:46.0430 5180 NdisWan - ok
00:09:47.0413 5180 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:09:47.0460 5180 NDProxy - ok
00:09:48.0255 5180 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:09:48.0255 5180 NetBIOS - ok
00:09:48.0552 5180 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:09:48.0583 5180 NetBT - ok
00:09:49.0566 5180 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:09:49.0566 5180 nfrd960 - ok
00:09:49.0893 5180 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:09:49.0909 5180 Npfs - ok
00:09:50.0580 5180 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:09:50.0658 5180 nsiproxy - ok
00:09:51.0547 5180 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:09:51.0562 5180 Ntfs - ok
00:09:52.0171 5180 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:09:52.0186 5180 Null - ok
00:09:53.0029 5180 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:09:53.0044 5180 nvraid - ok
00:09:53.0793 5180 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:09:53.0809 5180 nvstor - ok
00:09:54.0979 5180 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:09:55.0306 5180 nv_agp - ok
00:09:56.0149 5180 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:09:56.0227 5180 ohci1394 - ok
00:09:56.0742 5180 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:09:56.0991 5180 Parport - ok
00:09:57.0678 5180 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:09:57.0693 5180 partmgr - ok
00:09:57.0990 5180 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:09:58.0021 5180 pci - ok
00:09:58.0754 5180 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:09:58.0785 5180 pciide - ok
00:09:59.0394 5180 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:09:59.0425 5180 pcmcia - ok
00:10:00.0330 5180 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:10:00.0330 5180 pcw - ok
00:10:01.0250 5180 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:10:01.0281 5180 PEAUTH - ok
00:10:02.0030 5180 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:10:02.0046 5180 PptpMiniport - ok
00:10:03.0309 5180 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:10:03.0824 5180 Processor - ok
00:10:04.0791 5180 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:10:04.0791 5180 Psched - ok
00:10:05.0556 5180 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
00:10:05.0556 5180 PxHlpa64 - ok
00:10:06.0320 5180 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:10:06.0351 5180 ql2300 - ok
00:10:06.0741 5180 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:10:06.0757 5180 ql40xx - ok
00:10:07.0131 5180 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:10:07.0147 5180 QWAVEdrv - ok
00:10:07.0787 5180 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:10:07.0802 5180 RasAcd - ok
00:10:08.0457 5180 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:10:08.0473 5180 RasAgileVpn - ok
00:10:09.0393 5180 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:10:09.0409 5180 Rasl2tp - ok
00:10:10.0064 5180 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:10:10.0095 5180 RasPppoe - ok
00:10:11.0016 5180 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:10:11.0031 5180 RasSstp - ok
00:10:11.0983 5180 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:10:12.0030 5180 rdbss - ok
00:10:12.0529 5180 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:10:12.0545 5180 rdpbus - ok
00:10:13.0574 5180 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:10:13.0590 5180 RDPCDD - ok
00:10:14.0276 5180 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:10:14.0292 5180 RDPENCDD - ok
00:10:15.0618 5180 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:10:15.0805 5180 RDPREFMP - ok
00:10:17.0022 5180 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:10:17.0037 5180 RDPWD - ok
00:10:17.0895 5180 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:10:17.0895 5180 rdyboost - ok
00:10:19.0799 5180 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
00:10:19.0908 5180 RimUsb - ok
00:10:20.0329 5180 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
00:10:20.0329 5180 RimVSerPort - ok
00:10:20.0625 5180 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
00:10:20.0657 5180 ROOTMODEM - ok
00:10:21.0561 5180 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:10:21.0577 5180 rspndr - ok
00:10:22.0310 5180 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys
00:10:22.0326 5180 RSUSBSTOR - ok
00:10:23.0714 5180 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:10:23.0730 5180 RTL8167 - ok
00:10:24.0463 5180 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:10:24.0479 5180 sbp2port - ok
00:10:24.0744 5180 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:10:24.0775 5180 scfilter - ok
00:10:26.0491 5180 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:10:26.0507 5180 secdrv - ok
00:10:27.0489 5180 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:10:27.0505 5180 Serenum - ok
00:10:28.0285 5180 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:10:28.0301 5180 Serial - ok
00:10:28.0815 5180 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:10:28.0862 5180 sermouse - ok
00:10:28.0971 5180 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:10:28.0987 5180 sffdisk - ok
00:10:29.0003 5180 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:10:29.0003 5180 sffp_mmc - ok
00:10:29.0143 5180 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:10:29.0143 5180 sffp_sd - ok
00:10:29.0377 5180 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:10:29.0408 5180 sfloppy - ok
00:10:29.0627 5180 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:10:29.0783 5180 SiSRaid2 - ok
00:10:30.0001 5180 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:10:30.0017 5180 SiSRaid4 - ok
00:10:30.0781 5180 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:10:30.0859 5180 Smb - ok
00:10:31.0982 5180 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:10:32.0123 5180 spldr - ok
00:10:32.0934 5180 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:10:32.0949 5180 srv - ok
00:10:34.0010 5180 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:10:34.0010 5180 srv2 - ok
00:10:35.0227 5180 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:10:35.0227 5180 srvnet - ok
00:10:36.0569 5180 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:10:36.0584 5180 stexstor - ok
00:10:37.0458 5180 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:10:37.0473 5180 swenum - ok
00:10:38.0721 5180 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:10:38.0753 5180 Tcpip - ok
00:10:40.0874 5180 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:10:40.0890 5180 TCPIP6 - ok
00:10:41.0717 5180 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:10:41.0732 5180 tcpipreg - ok
00:10:42.0419 5180 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:10:42.0543 5180 TDPIPE - ok
00:10:43.0589 5180 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:10:43.0620 5180 TDTCP - ok
00:10:44.0244 5180 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:10:44.0244 5180 tdx - ok
00:10:46.0116 5180 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:10:46.0256 5180 TermDD - ok
00:10:47.0442 5180 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:10:47.0473 5180 tssecsrv - ok
00:10:48.0362 5180 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:10:48.0378 5180 TsUsbFlt - ok
00:10:49.0860 5180 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:10:49.0860 5180 tunnel - ok
00:10:50.0796 5180 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:10:51.0233 5180 uagp35 - ok
00:10:52.0543 5180 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:10:52.0777 5180 udfs - ok
00:10:54.0119 5180 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:10:54.0197 5180 uliagpkx - ok
00:10:54.0899 5180 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:10:54.0930 5180 umbus - ok
00:10:55.0819 5180 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:10:55.0881 5180 UmPass - ok
00:10:56.0693 5180 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
00:10:56.0771 5180 usbbus - ok
00:10:57.0722 5180 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:10:57.0738 5180 usbccgp - ok
00:10:58.0845 5180 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:10:58.0861 5180 usbcir - ok
00:10:59.0781 5180 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
00:10:59.0891 5180 UsbDiag - ok
00:11:00.0405 5180 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:11:00.0483 5180 usbehci - ok
00:11:01.0607 5180 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:11:01.0700 5180 usbhub - ok
00:11:02.0215 5180 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
00:11:02.0277 5180 USBModem - ok
00:11:02.0995 5180 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:11:03.0135 5180 usbohci - ok
00:11:04.0118 5180 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:11:04.0243 5180 usbprint - ok
00:11:05.0616 5180 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
00:11:05.0631 5180 USBSTOR - ok
00:11:06.0021 5180 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:11:06.0037 5180 usbuhci - ok
00:11:06.0318 5180 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
00:11:06.0333 5180 usbvideo - ok
00:11:06.0614 5180 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:11:06.0630 5180 vdrvroot - ok
00:11:07.0269 5180 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:11:07.0269 5180 vga - ok
00:11:07.0566 5180 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:11:07.0566 5180 VgaSave - ok
00:11:07.0800 5180 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:11:07.0815 5180 vhdmp - ok
00:11:08.0127 5180 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:11:08.0143 5180 viaide - ok
00:11:08.0580 5180 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:11:08.0595 5180 volmgr - ok
00:11:09.0344 5180 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:11:09.0375 5180 volmgrx - ok
00:11:10.0077 5180 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:11:10.0280 5180 volsnap - ok
00:11:11.0341 5180 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:11:11.0357 5180 vsmraid - ok
00:11:12.0293 5180 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:11:12.0293 5180 vwifibus - ok
00:11:13.0353 5180 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:11:13.0369 5180 vwififlt - ok
00:11:13.0931 5180 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:11:13.0931 5180 vwifimp - ok
00:11:14.0180 5180 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:11:14.0211 5180 WacomPen - ok
00:11:14.0399 5180 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:11:14.0414 5180 WANARP - ok
00:11:14.0523 5180 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:11:14.0523 5180 Wanarpv6 - ok
00:11:15.0023 5180 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:11:15.0038 5180 Wd - ok
00:11:15.0600 5180 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:11:15.0678 5180 Wdf01000 - ok
00:11:16.0910 5180 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:11:16.0926 5180 WfpLwf - ok
00:11:17.0394 5180 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:11:17.0409 5180 WIMMount - ok
00:11:18.0299 5180 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:11:18.0299 5180 WinUsb - ok
00:11:19.0250 5180 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:11:19.0250 5180 WmiAcpi - ok
00:11:19.0765 5180 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:11:19.0781 5180 ws2ifsl - ok
00:11:20.0061 5180 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:11:20.0061 5180 WudfPf - ok
00:11:20.0295 5180 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:11:20.0327 5180 WUDFRd - ok
00:11:20.0420 5180 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:11:20.0779 5180 \Device\Harddisk0\DR0 - ok
00:11:20.0779 5180 Boot (0x1200) (ce5930b5af712151cfbbdaa1e8996462) \Device\Harddisk0\DR0\Partition0
00:11:20.0826 5180 \Device\Harddisk0\DR0\Partition0 - ok
00:11:20.0873 5180 Boot (0x1200) (5fbeec304255b89f9f44bfbc42ea0a09) \Device\Harddisk0\DR0\Partition1
00:11:20.0904 5180 \Device\Harddisk0\DR0\Partition1 - ok
00:11:20.0966 5180 Boot (0x1200) (0cd7312e57ebff130a363159847c5400) \Device\Harddisk0\DR0\Partition2
00:11:20.0966 5180 \Device\Harddisk0\DR0\Partition2 - ok
00:11:20.0966 5180 ============================================================
00:11:20.0966 5180 Scan finished
00:11:20.0966 5180 ============================================================
00:11:20.0997 5160 Detected object count: 0
00:11:20.0997 5160 Actual detected object count: 0
  • 0

#7
moordogck
Posted 21 January 2012 - 11:27 PM

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I tried the combofix, it was working when it gave me this pop saying there was an update for it and if I wanted to install it, I said yes after it finished updating I got the first window again where it's asking me if I agree to it's terms, the disclaimer window, since your post said not to run it again I didn't.

thank you

Edited by moordogck, 21 January 2012 - 11:28 PM.

  • 0

#8
maliprog
Posted 22 January 2012 - 12:49 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Run Combofix now. Post log after the scan please.
  • 0

#9
moordogck
Posted 22 January 2012 - 12:42 PM

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hello maliprog, I ran combo and I waited until I got the log, now I'm trying to open IE or FF and can't, it gives me an error that says "C:Program Files (x86)\Internet Explorer\iexplore.exe Illegal operation attempted on registry key that has been marked for deletion" same when trying to open FF.

Thank you
  • 0

#10
moordogck
Posted 22 January 2012 - 12:54 PM

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I was trying to see if the stuff I had prior to this in my D drive was there and it says empty folder, I had a bunch of files there, do you know or is there a way to find them? thanks again.
  • 0

Advertisements

#11
maliprog
Posted 22 January 2012 - 02:03 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You need to restart your system now. Please restart your system and then try to find Combofix log in C:\ComboFix.txt. Post that log for me.

I was trying to see if the stuff I had prior to this in my D drive was there and it says empty folder, I had a bunch of files there, do you know or is there a way to find them? thanks again.


Do you mean prior to this Combofix scan or prior before infection? Is D drive removable drive or HDD in your PC?

Check your D drive again after restart.
  • 0

#12
moordogck
Posted 22 January 2012 - 05:04 PM

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi maliprog,

ok I restarted and IE is working again, the D drive is in my computer (not removable) and everything I had under a folder called media is not there now, it says empty, I don't know at what point it got erased or moved? but when my virus issue started (before you started helping me) I moved a few files from the C drive to that one and now everything is gone, the little media I had left in the C drive is there, just not what I had under the D drive which basically was all the pictures I had.

thanks!

here is the log:



ComboFix 12-01-21.02 - Amy 01/22/2012 13:02:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2156 [GMT -5:00]
Running from: c:\users\Amy\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Outdated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\~yYHT7FtHFlbus6r
c:\programdata\PCDr\5907\Downloads\82c29976-999d-4c8f-bac9-590e78eef64b.dll
c:\programdata\yYHT7FtHFlbus6
c:\users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Amy\GoToAssistDownloadHelper.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-22 18:21 . 2012-01-22 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-22 18:07 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2F3F3F7-79A8-4227-AAA2-64B36EC4E13F}\mpengine.dll
2012-01-20 03:25 . 2012-01-22 05:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59C0EE34-2044-47AB-8215-4050C6DA60AC}\offreg.dll
2012-01-20 02:51 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-01-19 04:30 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-19 04:30 . 2012-01-19 04:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-19 03:49 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-01-19 02:49 . 2012-01-19 04:46 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-19 00:40 . 2012-01-19 00:40 -------- d-----w- c:\users\Amy\AppData\Local\Comodo
2012-01-18 23:57 . 2012-01-18 23:57 -------- d-----w- c:\programdata\CPA_VA
2012-01-18 23:55 . 2012-01-18 23:55 -------- d-----w- C:\VritualRoot
2012-01-18 21:44 . 2012-01-18 21:48 -------- d-----w- c:\programdata\Comodo
2012-01-18 21:44 . 2012-01-18 21:44 -------- d-----w- c:\program files\COMODO
2012-01-18 21:44 . 2012-01-19 02:51 -------- d-----w- c:\program files (x86)\Comodo
2012-01-18 21:44 . 2012-01-18 21:44 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-01-18 20:32 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-18 20:32 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-18 20:27 . 2012-01-18 20:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-18 19:04 . 2012-01-18 19:04 -------- d-----w- c:\users\Amy\AppData\Roaming\Malwarebytes
2012-01-18 19:04 . 2012-01-18 19:04 -------- d-----w- c:\programdata\Malwarebytes
2012-01-18 18:12 . 2012-01-18 18:12 -------- d-----w- c:\windows\Sun
2012-01-18 17:35 . 2012-01-18 17:35 -------- d-----w- C:\DataSafeOnline
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 23:59 . 2011-12-19 23:59 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 23:59 . 2011-12-19 23:59 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 23:59 . 2011-12-19 23:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 23:59 . 2011-12-19 23:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 23:58 . 2011-12-19 23:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 23:58 . 2011-12-19 23:58 389840 ----a-w- c:\windows\system32\guard64.dll
2011-12-19 23:58 . 2011-12-19 23:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2011-12-14 20:26 . 2011-06-09 17:25 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-04 20:38 . 2010-06-01 20:31 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-28 21:14 . 2011-05-23 19:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-15 12:57 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 19:29 . 2011-09-20 17:18 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-05 05:32 . 2011-12-15 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-15 12:57 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-16 08:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-16 08:01 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-16 08:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-16 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-16 08:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-16 08:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-16 08:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-16 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-15 12:57 43520 ----a-w- c:\windows\system32\csrsrv.dll
2010-07-16 04:52 . 2010-07-16 04:52 6 ----a-w- c:\program files (x86)\Common Files\UnInstallCompleted.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
.
c:\users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-21 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-21 136176]
R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-21 01:24]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-21 01:24]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523418443-3151567346-3494081869-1000Core.job
- c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 01:24]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523418443-3151567346-3494081869-1000UA.job
- c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 01:24]
.
2012-01-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-23 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-23 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-23 408600]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\o13ts3w2.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2012-01-22 13:33:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-22 18:33
.
Pre-Run: 4,020,326,400 bytes free
Post-Run: 6,068,391,936 bytes free
.
- - End Of File - - D4193EE4D4EF178B4A879B5352DC92AA
  • 0

#13
maliprog
Posted 23 January 2012 - 12:31 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi moordogck,

I'm sorry to hear this. This infection tends to hide/remove files but not delete .. at least until now :(
Please don't try to delete any Temp files as some malware hide user files in Temp folders.

OTL and TDSSKiller didn't remove anything.

Combofix did remove main infection but it makes quarantine for all files it removes. If Combofix touch your files we would have them in quarantine. I don't think this is the case but with second OTL scan I'm going to check this out.

Also check if your files are back after Step 1 and let me know.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{06bebcbf-c73d-11df-bd2e-b8ac6f4f1d1e}\Shell - "" = AutoRun
    O33 - MountPoints2\{06bebcbf-c73d-11df-bd2e-b8ac6f4f1d1e}\Shell\AutoRun\command - "" = F:\setup.exe -a
    O33 - MountPoints2\{2d664c33-b525-11df-bd4a-b8ac6f4f1d1e}\Shell - "" = AutoRun
    O33 - MountPoints2\{2d664c33-b525-11df-bd4a-b8ac6f4f1d1e}\Shell\AutoRun\command - "" = G:\setup.exe -a
    O33 - MountPoints2\{b5244add-234c-11e0-9e1a-b8ac6f4f1d1e}\Shell - "" = AutoRun
    O33 - MountPoints2\{b5244add-234c-11e0-9e1a-b8ac6f4f1d1e}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe

    :Files
    attrib -h /s /d D:\*.* /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Run OTL again


  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

c:\Qoobox\*.* /s
%Temp%\smtmp\*.* /s


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.


  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • New OTL scan log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#14
moordogck
Posted 23 January 2012 - 08:47 AM

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Yes! files are back after step 1!!! thank you! :spoton: :cheers:

Step 1 OTL fix log

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06bebcbf-c73d-11df-bd2e-b8ac6f4f1d1e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06bebcbf-c73d-11df-bd2e-b8ac6f4f1d1e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06bebcbf-c73d-11df-bd2e-b8ac6f4f1d1e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06bebcbf-c73d-11df-bd2e-b8ac6f4f1d1e}\ not found.
File F:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d664c33-b525-11df-bd4a-b8ac6f4f1d1e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d664c33-b525-11df-bd4a-b8ac6f4f1d1e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d664c33-b525-11df-bd4a-b8ac6f4f1d1e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d664c33-b525-11df-bd4a-b8ac6f4f1d1e}\ not found.
File G:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5244add-234c-11e0-9e1a-b8ac6f4f1d1e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5244add-234c-11e0-9e1a-b8ac6f4f1d1e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5244add-234c-11e0-9e1a-b8ac6f4f1d1e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5244add-234c-11e0-9e1a-b8ac6f4f1d1e}\ not found.
File F:\TL-Bootstrap.exe not found.
========== FILES ==========
< attrib -h /s /d D:\*.* /c >
Not resetting system file - D:\$RECYCLE.BIN\S-1-5-21-523418443-3151567346-3494081869-1000\desktop.ini
Not resetting system file - D:\$RECYCLE.BIN\S-1-5-18
Not resetting system file - D:\$RECYCLE.BIN\S-1-5-20
Not resetting system file - D:\$RECYCLE.BIN\S-1-5-21-523418443-3151567346-3494081869-1000
Not resetting system file - D:\$RECYCLE.BIN\S-1-5-21-523418443-3151567346-3494081869-500
Access denied - D:\511285de22b414469337\1025\eula.rtf
Access denied - D:\511285de22b414469337\1025\LocalizedData.xml
Access denied - D:\511285de22b414469337\1025\SetupResources.dll
Access denied - D:\511285de22b414469337\1028\eula.rtf
Access denied - D:\511285de22b414469337\1028\LocalizedData.xml
Access denied - D:\511285de22b414469337\1028\SetupResources.dll
Access denied - D:\511285de22b414469337\1029\eula.rtf
Access denied - D:\511285de22b414469337\1029\LocalizedData.xml
Access denied - D:\511285de22b414469337\1029\SetupResources.dll
Access denied - D:\511285de22b414469337\1030\eula.rtf
Access denied - D:\511285de22b414469337\1030\LocalizedData.xml
Access denied - D:\511285de22b414469337\1030\SetupResources.dll
Access denied - D:\511285de22b414469337\1031\eula.rtf
Access denied - D:\511285de22b414469337\1031\LocalizedData.xml
Access denied - D:\511285de22b414469337\1031\SetupResources.dll
Access denied - D:\511285de22b414469337\1032\eula.rtf
Access denied - D:\511285de22b414469337\1032\LocalizedData.xml
Access denied - D:\511285de22b414469337\1032\SetupResources.dll
Access denied - D:\511285de22b414469337\1033\eula.rtf
Access denied - D:\511285de22b414469337\1033\LocalizedData.xml
Access denied - D:\511285de22b414469337\1033\SetupResources.dll
Access denied - D:\511285de22b414469337\1035\eula.rtf
Access denied - D:\511285de22b414469337\1035\LocalizedData.xml
Access denied - D:\511285de22b414469337\1035\SetupResources.dll
Access denied - D:\511285de22b414469337\1036\eula.rtf
Access denied - D:\511285de22b414469337\1036\LocalizedData.xml
Access denied - D:\511285de22b414469337\1036\SetupResources.dll
Access denied - D:\511285de22b414469337\1037\eula.rtf
Access denied - D:\511285de22b414469337\1037\LocalizedData.xml
Access denied - D:\511285de22b414469337\1037\SetupResources.dll
Access denied - D:\511285de22b414469337\1038\eula.rtf
Access denied - D:\511285de22b414469337\1038\LocalizedData.xml
Access denied - D:\511285de22b414469337\1038\SetupResources.dll
Access denied - D:\511285de22b414469337\1040\eula.rtf
Access denied - D:\511285de22b414469337\1040\LocalizedData.xml
Access denied - D:\511285de22b414469337\1040\SetupResources.dll
Access denied - D:\511285de22b414469337\1041\eula.rtf
Access denied - D:\511285de22b414469337\1041\LocalizedData.xml
Access denied - D:\511285de22b414469337\1041\SetupResources.dll
Access denied - D:\511285de22b414469337\1042\eula.rtf
Access denied - D:\511285de22b414469337\1042\LocalizedData.xml
Access denied - D:\511285de22b414469337\1042\SetupResources.dll
Access denied - D:\511285de22b414469337\1043\eula.rtf
Access denied - D:\511285de22b414469337\1043\LocalizedData.xml
Access denied - D:\511285de22b414469337\1043\SetupResources.dll
Access denied - D:\511285de22b414469337\1044\eula.rtf
Access denied - D:\511285de22b414469337\1044\LocalizedData.xml
Access denied - D:\511285de22b414469337\1044\SetupResources.dll
Access denied - D:\511285de22b414469337\1045\eula.rtf
Access denied - D:\511285de22b414469337\1045\LocalizedData.xml
Access denied - D:\511285de22b414469337\1045\SetupResources.dll
Access denied - D:\511285de22b414469337\1046\eula.rtf
Access denied - D:\511285de22b414469337\1046\LocalizedData.xml
Access denied - D:\511285de22b414469337\1046\SetupResources.dll
Access denied - D:\511285de22b414469337\1049\eula.rtf
Access denied - D:\511285de22b414469337\1049\LocalizedData.xml
Access denied - D:\511285de22b414469337\1049\SetupResources.dll
Access denied - D:\511285de22b414469337\1053\eula.rtf
Access denied - D:\511285de22b414469337\1053\LocalizedData.xml
Access denied - D:\511285de22b414469337\1053\SetupResources.dll
Access denied - D:\511285de22b414469337\1055\eula.rtf
Access denied - D:\511285de22b414469337\1055\LocalizedData.xml
Access denied - D:\511285de22b414469337\1055\SetupResources.dll
Access denied - D:\511285de22b414469337\2052\eula.rtf
Access denied - D:\511285de22b414469337\2052\LocalizedData.xml
Access denied - D:\511285de22b414469337\2052\SetupResources.dll
Access denied - D:\511285de22b414469337\2070\eula.rtf
Access denied - D:\511285de22b414469337\2070\LocalizedData.xml
Access denied - D:\511285de22b414469337\2070\SetupResources.dll
Access denied - D:\511285de22b414469337\3076\eula.rtf
Access denied - D:\511285de22b414469337\3076\LocalizedData.xml
Access denied - D:\511285de22b414469337\3076\SetupResources.dll
Access denied - D:\511285de22b414469337\3082\eula.rtf
Access denied - D:\511285de22b414469337\3082\LocalizedData.xml
Access denied - D:\511285de22b414469337\3082\SetupResources.dll
Access denied - D:\511285de22b414469337\Graphics\Print.ico
Access denied - D:\511285de22b414469337\Graphics\Rotate1.ico
Access denied - D:\511285de22b414469337\Graphics\Rotate2.ico
Access denied - D:\511285de22b414469337\Graphics\Rotate3.ico
Access denied - D:\511285de22b414469337\Graphics\Rotate4.ico
Access denied - D:\511285de22b414469337\Graphics\Rotate5.ico
Access denied - D:\511285de22b414469337\Graphics\Rotate6.ico
Access denied - D:\511285de22b414469337\Graphics\Rotate7.ico
Access denied - D:\511285de22b414469337\Graphics\Rotate8.ico
Access denied - D:\511285de22b414469337\Graphics\Save.ico
Access denied - D:\511285de22b414469337\Graphics\Setup.ico
Access denied - D:\511285de22b414469337\Graphics\stop.ico
Access denied - D:\511285de22b414469337\Graphics\SysReqMet.ico
Access denied - D:\511285de22b414469337\Graphics\SysReqNotMet.ico
Access denied - D:\511285de22b414469337\Graphics\warn.ico
Access denied - D:\511285de22b414469337\$shtdwn$.req
Access denied - D:\511285de22b414469337\1025
Access denied - D:\511285de22b414469337\1028
Access denied - D:\511285de22b414469337\1029
Access denied - D:\511285de22b414469337\1030
Access denied - D:\511285de22b414469337\1031
Access denied - D:\511285de22b414469337\1032
Access denied - D:\511285de22b414469337\1033
Access denied - D:\511285de22b414469337\1035
Access denied - D:\511285de22b414469337\1036
Access denied - D:\511285de22b414469337\1037
Access denied - D:\511285de22b414469337\1038
Access denied - D:\511285de22b414469337\1040
Access denied - D:\511285de22b414469337\1041
Access denied - D:\511285de22b414469337\1042
Access denied - D:\511285de22b414469337\1043
Access denied - D:\511285de22b414469337\1044
Access denied - D:\511285de22b414469337\1045
Access denied - D:\511285de22b414469337\1046
Access denied - D:\511285de22b414469337\1049
Access denied - D:\511285de22b414469337\1053
Access denied - D:\511285de22b414469337\1055
Access denied - D:\511285de22b414469337\2052
Access denied - D:\511285de22b414469337\2070
Access denied - D:\511285de22b414469337\3076
Access denied - D:\511285de22b414469337\3082
Access denied - D:\511285de22b414469337\DHtmlHeader.html
Access denied - D:\511285de22b414469337\Graphics
Access denied - D:\511285de22b414469337\header.bmp
Access denied - D:\511285de22b414469337\NDP40-KB2160841.msp
Access denied - D:\511285de22b414469337\ParameterInfo.xml
Access denied - D:\511285de22b414469337\Setup.exe
Access denied - D:\511285de22b414469337\SetupEngine.dll
Access denied - D:\511285de22b414469337\SetupUi.dll
Access denied - D:\511285de22b414469337\SetupUi.xsd
Access denied - D:\511285de22b414469337\SplashScreen.bmp
Access denied - D:\511285de22b414469337\sqmapi.dll
Access denied - D:\511285de22b414469337\Strings.xml
Access denied - D:\511285de22b414469337\UiInfo.xml
Access denied - D:\511285de22b414469337\watermark.bmp
Not resetting system file - D:\AMY-LAPTOP\Desktop.ini
Not resetting system file - D:\Media\Music\Amy\Delphic - Acolyte (2010)\AlbumArtSmall.jpg
Not resetting system file - D:\Media\Music\Amy\Delphic - Acolyte (2010)\AlbumArt_{D7C2E898-5D17-4731-ADAB-96547CE082B2}_Large.jpg
Not resetting system file - D:\Media\Music\Amy\Delphic - Acolyte (2010)\AlbumArt_{D7C2E898-5D17-4731-ADAB-96547CE082B2}_Small.jpg
Not resetting system file - D:\Media\Music\Amy\Delphic - Acolyte (2010)\desktop.ini
Not resetting system file - D:\Media\Music\Amy\Delphic - Acolyte (2010)\Folder.jpg
Not resetting system file - D:\Media\Music\Amy\Florence And The Machine [Deluxe Edition] lungs [Bubanee]\AlbumArtSmall.jpg
Not resetting system file - D:\Media\Music\Amy\Florence And The Machine [Deluxe Edition] lungs [Bubanee]\AlbumArt_{FD703EBD-65B0-4679-88A9-B98A63D0BA5D}_Large.jpg
Not resetting system file - D:\Media\Music\Amy\Florence And The Machine [Deluxe Edition] lungs [Bubanee]\AlbumArt_{FD703EBD-65B0-4679-88A9-B98A63D0BA5D}_Small.jpg
Not resetting system file - D:\Media\Music\Amy\Florence And The Machine [Deluxe Edition] lungs [Bubanee]\desktop.ini
Not resetting system file - D:\Media\Music\Amy\Florence And The Machine [Deluxe Edition] lungs [Bubanee]\Folder.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\2006 Gotan Project - Lun tico - La Corporacion\AlbumArtSmall.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\2006 Gotan Project - Lun tico - La Corporacion\AlbumArt_{DAD0E319-4984-410C-AC45-5A61BD77051D}_Large.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\2006 Gotan Project - Lun tico - La Corporacion\AlbumArt_{DAD0E319-4984-410C-AC45-5A61BD77051D}_Small.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\2006 Gotan Project - Lun tico - La Corporacion\desktop.ini
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\2006 Gotan Project - Lun tico - La Corporacion\Folder.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\2006 Gotan Project - Mare Tranquillitatis\AlbumArtSmall.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\2006 Gotan Project - Mare Tranquillitatis\AlbumArt_{1432387E-E328-435D-B2F4-943DC4C5E07F}_Large.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\2006 Gotan Project - Mare Tranquillitatis\AlbumArt_{1432387E-E328-435D-B2F4-943DC4C5E07F}_Small.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\2006 Gotan Project - Mare Tranquillitatis\AlbumArt_{18B13A5B-C1F9-4C64-BFC7-78F4894E0DBA}_Large.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\2006 Gotan Project - Mare Tranquillitatis\AlbumArt_{18B13A5B-C1F9-4C64-BFC7-78F4894E0DBA}_Small.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\2006 Gotan Project - Mare Tranquillitatis\desktop.ini
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\2006 Gotan Project - Mare Tranquillitatis\Folder.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\Gotan Project - Unclassified\AlbumArtSmall.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\Gotan Project - Unclassified\AlbumArt_{C7B0D35B-9462-4026-8A4E-D00B095B9ED1}_Large.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\Gotan Project - Unclassified\AlbumArt_{C7B0D35B-9462-4026-8A4E-D00B095B9ED1}_Small.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\Gotan Project - Unclassified\desktop.ini
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\Gotan Project - Unclassified\Folder.jpg
Not resetting system file - D:\Media\Music\Amy\GOTAN PROJECT\desktop.ini
Not resetting system file - D:\Media\Music\Amy\Julian Casablancas - Phrazes for the Young (2009) (MP3-V0)\AlbumArtSmall.jpg
Not resetting system file - D:\Media\Music\Amy\Julian Casablancas - Phrazes for the Young (2009) (MP3-V0)\AlbumArt_{0BE3B008-C67E-4CB6-B602-94F09C87A5D5}_Large.jpg
Not resetting system file - D:\Media\Music\Amy\Julian Casablancas - Phrazes for the Young (2009) (MP3-V0)\AlbumArt_{0BE3B008-C67E-4CB6-B602-94F09C87A5D5}_Small.jpg
Not resetting system file - D:\Media\Music\Amy\Julian Casablancas - Phrazes for the Young (2009) (MP3-V0)\desktop.ini
Not resetting system file - D:\Media\Music\Amy\Julian Casablancas - Phrazes for the Young (2009) (MP3-V0)\Folder.jpg
Not resetting system file - D:\Media\Music\Amy\Kaiser Chiefs - Off With Their Heads\AlbumArtSmall.jpg
Not resetting system file - D:\Media\Music\Amy\Kaiser Chiefs - Off With Their Heads\AlbumArt_{130CA0A1-A794-4E8A-8A54-BC9106D0F990}_Large.jpg
Not resetting system file - D:\Media\Music\Amy\Kaiser Chiefs - Off With Their Heads\AlbumArt_{130CA0A1-A794-4E8A-8A54-BC9106D0F990}_Small.jpg
Not resetting system file - D:\Media\Music\Amy\Kaiser Chiefs - Off With Their Heads\desktop.ini
Not resetting system file - D:\Media\Music\Amy\Kaiser Chiefs - Off With Their Heads\folder.jpg
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - Empire [2006][CD+Vid+Cov]\AlbumArtSmall.jpg
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - Empire [2006][CD+Vid+Cov]\AlbumArt_{B6E3ADA0-5466-4046-A6EF-7FF737395E34}_Large.jpg
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - Empire [2006][CD+Vid+Cov]\AlbumArt_{B6E3ADA0-5466-4046-A6EF-7FF737395E34}_Small.jpg
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - Empire [2006][CD+Vid+Cov]\desktop.ini
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - Empire [2006][CD+Vid+Cov]\Folder.jpg
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - Kasabian\AlbumArtSmall.jpg
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - Kasabian\AlbumArt_{876E2384-A7BF-4D98-80D7-FAFDF3A1108B}_Large.jpg
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - Kasabian\AlbumArt_{876E2384-A7BF-4D98-80D7-FAFDF3A1108B}_Small.jpg
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - Kasabian\desktop.ini
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - Kasabian\folder.jpg
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - West Ryder Pauper Lunatic Asylum\AlbumArtSmall.jpg
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - West Ryder Pauper Lunatic Asylum\AlbumArt_{A410831A-415D-4A21-A472-B0D889CB6B29}_Large.jpg
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - West Ryder Pauper Lunatic Asylum\AlbumArt_{A410831A-415D-4A21-A472-B0D889CB6B29}_Small.jpg
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - West Ryder Pauper Lunatic Asylum\desktop.ini
Not resetting system file - D:\Media\Music\Amy\Kasabian\Kasabian - West Ryder Pauper Lunatic Asylum\Folder.jpg
Not resetting system file - D:\Media\Music\Amy\Kasabian\desktop.ini
Not resetting system file - D:\Media\Music\Amy\La Roux - La Roux (2009) KompletlyWyred DHZ Inc Release\AlbumArtSmall.jpg
Not resetting system file - D:\Media\Music\Amy\La Roux - La Roux (2009) KompletlyWyred DHZ Inc Release\AlbumArt_{3A4CB221-8A98-47DD-A650-23D17EE9FD44}_Large.jpg
Not resetting system file - D:\Media\Music\Amy\La Roux - La Roux (2009) KompletlyWyred DHZ Inc Release\AlbumArt_{3A4CB221-8A98-47DD-A650-23D17EE9FD44}_Small.jpg
Not resetting system file - D:\Media\Music\Amy\La Roux - La Roux (2009) KompletlyWyred DHZ Inc Release\desktop.ini
Not resetting system file - D:\Media\Music\Amy\La Roux - La Roux (2009) KompletlyWyred DHZ Inc Release\Folder.jpg
Not resetting system file - D:\Media\Music\Amy\MGMT - Oracular Spectacular\AlbumArtSmall.jpg
Not resetting system file - D:\Media\Music\Amy\MGMT - Oracular Spectacular\AlbumArt_{63F6051E-0C74-41DB-A3DC-911C803E4FDE}_Large.jpg
Not resetting system file - D:\Media\Music\Amy\MGMT - Oracular Spectacular\AlbumArt_{63F6051E-0C74-41DB-A3DC-911C803E4FDE}_Small.jpg
Not resetting system file - D:\Media\Music\Amy\MGMT - Oracular Spectacular\desktop.ini
Not resetting system file - D:\Media\Music\Amy\MGMT - Oracular Spectacular\folder.jpg
Not resetting system file - D:\Media\Music\Amy\desktop.ini
Not resetting system file - D:\Media\Pictures\Pictures\desktop.ini
Not resetting system file - D:\Media\Pictures\Pictures (2)\Sample Pictures\desktop.ini
Not resetting system file - D:\Media\Pictures\Pictures (2)\desktop.ini
Not resetting system file - D:\Media\Pictures\desktop.ini
Not resetting system file - D:\System Volume Information
C:\Users\Amy\Desktop\cmd.bat deleted successfully.
C:\Users\Amy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 01232012_094032

Edited by moordogck, 23 January 2012 - 09:31 AM.

  • 0

#15
moordogck
Posted 23 January 2012 - 08:56 AM

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Step 2 New OTL scan log

OTL logfile created on: 1/23/2012 9:50:13 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Amy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 64.73% Memory free
7.60 Gb Paging File | 6.02 Gb Available in Paging File | 79.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 5.87 Gb Free Space | 10.02% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 167.62 Gb Free Space | 42.19% Space Free | Partition Type: NTFS

Computer Name: AMY-LAPTOP | User Name: Amy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 20:51:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
PRC - [2011/10/07 13:41:46 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 11:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/01/07 16:11:28 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/07/07 11:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/08 17:33:43 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011/05/04 17:32:40 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/03/29 17:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/11/04 20:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 20:58:12 | 000,839,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
MOD - [2010/11/04 20:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/11/04 20:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/09/07 11:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2009/07/07 11:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/07/07 11:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/07/07 11:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/07/07 11:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/07/07 11:23:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/07/07 11:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/06/10 16:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/19 18:59:00 | 002,779,416 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/11/23 05:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2009/10/09 08:52:16 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/16 19:06:00 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/09/17 15:55:57 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/04/16 18:09:06 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/19 18:59:16 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/01 13:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/08 13:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
DRV:64bit: - [2010/03/08 13:03:54 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcUsbMdmV64.sys -- (HtcUsbMdmV64)
DRV:64bit: - [2010/01/25 18:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/10/12 07:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/07 20:37:50 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/25 19:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/09/17 15:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/16 09:47:00 | 000,267,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/17 12:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/16 23:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/16 19:06:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/25 21:35:16 | 000,431,488 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CryptOSD.sys -- (CryptOSD)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 10:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 16:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/05/20 17:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/11/02 14:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...39&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/08/20 19:54:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/08/20 19:54:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Amy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Amy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/25 00:39:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/18 17:40:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/11 22:50:46 | 000,000,000 | ---D | M]

[2010/09/07 14:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Extensions
[2012/01/18 18:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\o13ts3w2.default\extensions
[2012/01/18 18:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\o13ts3w2.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/04/15 14:01:10 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\o13ts3w2.default\extensions\[email protected]
[2011/04/15 14:01:11 | 000,001,919 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\o13ts3w2.default\searchplugins\bing-zugo.xml
[2011/11/09 16:04:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/17 14:57:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/09 16:04:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/09 21:36:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/01/09 21:36:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/01/22 13:26:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DCE44C4-1BD9-4701-AACF-80244AF7AC53}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 09:40:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/22 13:33:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/22 13:26:44 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/22 12:58:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/22 12:58:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/22 12:58:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/22 00:23:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/22 00:23:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/21 12:00:50 | 004,388,509 | R--- | C] (Swearware) -- C:\Users\Amy\Desktop\ComboFix.exe
[2012/01/21 11:50:59 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\tdsskiller
[2012/01/19 21:51:30 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/01/19 20:51:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2012/01/18 23:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/18 23:30:32 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/18 23:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/18 23:25:26 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Amy\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/18 23:06:28 | 084,892,048 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2012/01/18 22:49:10 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/01/18 21:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/01/18 19:46:24 | 085,869,232 | ---- | C] (COMODO) -- C:\Users\Amy\Desktop\cispremium_installer.exe
[2012/01/18 19:40:31 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\Comodo
[2012/01/18 18:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/01/18 18:56:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/01/18 18:55:14 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2012/01/18 16:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/01/18 16:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/01/18 16:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/01/18 16:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012/01/18 16:44:32 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2012/01/18 15:33:10 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/18 15:33:10 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/18 15:33:10 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/18 15:33:10 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/18 15:32:41 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/18 15:32:23 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/18 15:32:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/18 15:27:48 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/01/18 14:04:54 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Malwarebytes
[2012/01/18 14:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/18 13:12:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/18 12:35:03 | 000,000,000 | ---D | C] -- C:\DataSafeOnline
[1 C:\Program Files (x86)\Common Files\*.tmp files -> C:\Program Files (x86)\Common Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/23 09:50:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 09:50:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 09:42:21 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/23 09:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/23 09:41:34 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/23 09:41:31 | 000,731,936 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/01/23 09:40:43 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-523418443-3151567346-3494081869-1000Core.job
[2012/01/23 09:36:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/23 09:34:44 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-523418443-3151567346-3494081869-1000UA.job
[2012/01/22 13:26:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/22 12:54:03 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/22 00:23:45 | 004,388,509 | R--- | M] (Swearware) -- C:\Users\Amy\Desktop\ComboFix.exe
[2012/01/22 00:14:31 | 000,753,186 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/22 00:14:31 | 000,632,690 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/22 00:14:31 | 000,110,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/21 11:49:48 | 002,035,725 | ---- | M] () -- C:\Users\Amy\Desktop\tdsskiller.zip
[2012/01/19 20:51:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2012/01/18 23:30:33 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/18 23:30:17 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Amy\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/18 23:11:45 | 084,892,048 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2012/01/18 22:52:05 | 000,099,402 | ---- | M] () -- C:\Users\Amy\AppData\Local\census.cache
[2012/01/18 22:52:02 | 000,065,446 | ---- | M] () -- C:\Users\Amy\AppData\Local\ars.cache
[2012/01/18 22:45:51 | 000,000,036 | ---- | M] () -- C:\Users\Amy\AppData\Local\housecall.guid.cache
[2012/01/18 19:48:07 | 085,869,232 | ---- | M] (COMODO) -- C:\Users\Amy\Desktop\cispremium_installer.exe
[2012/01/18 18:57:18 | 000,000,679 | ---- | M] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/18 18:57:18 | 000,000,655 | ---- | M] () -- C:\Users\Amy\Desktop\System Check.lnk
[2012/01/18 16:45:05 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2012/01/18 16:44:46 | 000,001,071 | ---- | M] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/01/18 16:44:46 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/01/18 16:44:37 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/01/18 16:44:32 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2012/01/18 15:23:47 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/18 14:28:56 | 000,000,512 | ---- | M] () -- C:\Users\Amy\Desktop\MBR.dat
[2012/01/13 20:09:14 | 000,000,182 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\wklnhst.dat
[1 C:\Program Files (x86)\Common Files\*.tmp files -> C:\Program Files (x86)\Common Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/22 13:10:46 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/22 13:10:46 | 000,001,340 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/01/22 13:10:46 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/01/22 13:10:45 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/01/22 13:10:45 | 000,002,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2012/01/22 13:10:45 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/01/22 13:10:45 | 000,001,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cozi Family Calendar.lnk
[2012/01/22 13:10:45 | 000,001,382 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2012/01/22 13:10:45 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/01/22 13:10:45 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/22 13:10:45 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/01/22 13:10:45 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/22 13:10:45 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/01/22 13:10:45 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/01/22 13:10:45 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/22 13:10:44 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/22 13:10:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/22 13:10:44 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/01/22 13:10:44 | 000,002,022 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Maps 3D.lnk
[2012/01/22 13:10:44 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/22 13:10:44 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2012/01/22 13:10:44 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/22 13:10:44 | 000,001,294 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2012/01/22 13:10:44 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/22 13:10:44 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2012/01/22 13:10:44 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/01/22 13:10:44 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2012/01/22 13:10:44 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2012/01/22 13:10:44 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/01/22 12:58:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/22 12:58:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/22 12:58:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/22 12:58:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/22 12:58:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/21 11:49:40 | 002,035,725 | ---- | C] () -- C:\Users\Amy\Desktop\tdsskiller.zip
[2012/01/18 23:30:33 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/18 22:52:05 | 000,099,402 | ---- | C] () -- C:\Users\Amy\AppData\Local\census.cache
[2012/01/18 22:52:02 | 000,065,446 | ---- | C] () -- C:\Users\Amy\AppData\Local\ars.cache
[2012/01/18 22:45:51 | 000,000,036 | ---- | C] () -- C:\Users\Amy\AppData\Local\housecall.guid.cache
[2012/01/18 18:57:18 | 000,000,679 | ---- | C] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/18 18:57:18 | 000,000,655 | ---- | C] () -- C:\Users\Amy\Desktop\System Check.lnk
[2012/01/18 16:47:16 | 000,731,936 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/01/18 16:44:46 | 000,001,071 | ---- | C] () -- C:\Users\Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/01/18 14:28:56 | 000,000,512 | ---- | C] () -- C:\Users\Amy\Desktop\MBR.dat
[2011/04/15 14:01:14 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/01/11 18:50:53 | 000,000,182 | ---- | C] () -- C:\Users\Amy\AppData\Roaming\wklnhst.dat
[2010/08/13 14:29:35 | 000,006,144 | ---- | C] () -- C:\Users\Amy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 23:04:26 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/06/01 20:46:02 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/06/01 10:16:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/31 15:43:43 | 000,076,800 | ---- | C] () -- C:\Windows\SysWow64\spekekit_bak.dll
[2010/02/15 09:50:25 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/02/15 09:50:25 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/02/15 08:29:20 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/10/07 20:34:52 | 000,874,032 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2009/10/07 20:34:52 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/10/07 20:34:52 | 000,049,712 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/10/07 19:36:18 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/10/07 19:36:18 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< >

< c:\Qoobox\*.* /s >
[2012/01/22 13:32:31 | 000,005,951 | ---- | M] () -- c:\Qoobox\Add-Remove Programs.txt
[2012/01/22 13:33:20 | 000,040,233 | ---- | M] () -- c:\Qoobox\ComboFix-quarantined-files.txt
[2012/01/22 13:31:57 | 001,131,635 | ---- | M] () -- c:\Qoobox\SnapShot@2012-01-22_18.26.47.dat
[2012/01/22 12:56:49 | 000,000,102 | ---- | M] () -- c:\Qoobox\Quarantine\catchme.log
[2010/01/26 16:05:16 | 000,025,214 | ---- | M] () -- c:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\icon.ico.vir
[2010/04/08 09:52:20 | 000,271,024 | ---- | M] () -- c:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir
[2010/04/08 09:52:20 | 000,110,376 | ---- | M] (Zugo Ltd) -- c:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUninstall.exe.vir
[2010/04/08 09:52:20 | 000,045,744 | ---- | M] () -- c:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe.vir
[2012/01/18 18:57:38 | 000,000,400 | ---- | M] () -- c:\Qoobox\Quarantine\C\ProgramData\yYHT7FtHFlbus6.vir
[2012/01/18 18:57:19 | 000,000,176 | ---- | M] () -- c:\Qoobox\Quarantine\C\ProgramData\~yYHT7FtHFlbus6r.vir
[2012/01/19 13:10:01 | 000,039,504 | ---- | M] () -- c:\Qoobox\Quarantine\C\ProgramData\PCDr\5907\Downloads\82c29976-999d-4c8f-bac9-590e78eef64b.dll.vir
[2010/09/17 15:55:49 | 000,103,784 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\GoToAssistDownloadHelper.exe.vir
[2009/07/14 00:01:14 | 000,001,282 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2009/07/14 00:01:14 | 000,000,442 | -HS- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\desktop.ini
[2011/03/26 17:38:01 | 000,002,064 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Program Updates.lnk
[2009/07/13 23:49:40 | 000,001,266 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Windows Update.lnk
[2011/09/16 14:24:45 | 000,002,441 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
[2011/07/13 15:30:45 | 000,002,519 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2010/08/20 19:54:48 | 000,002,022 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Bing Maps 3D.lnk
[2010/02/15 08:27:28 | 000,001,860 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Cozi Family Calendar.lnk
[2010/05/31 15:29:09 | 000,001,975 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell Help Documentation.lnk
[2010/02/15 09:51:34 | 000,001,130 | -HS- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\desktop.ini
[2010/02/15 09:51:34 | 000,001,345 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
[2011/01/25 00:39:17 | 000,001,382 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Default Manager.lnk
[2010/02/15 08:15:38 | 000,002,557 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2010/06/26 00:33:43 | 000,001,149 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
[2011/03/27 00:39:32 | 000,001,148 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
[2010/02/15 08:14:19 | 000,002,084 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\PowerDVD DX.lnk
[2009/07/13 23:57:08 | 000,001,330 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
[2009/07/13 23:57:09 | 000,001,352 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
[2010/02/15 09:51:29 | 000,001,326 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
[2009/07/13 23:54:59 | 000,001,210 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
[2011/01/25 00:28:03 | 000,001,340 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Windows Live ID.lnk
[2009/07/14 00:09:29 | 000,001,547 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
[2009/07/13 23:57:08 | 000,001,246 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
[2009/07/13 23:55:00 | 000,001,230 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2010/02/15 09:51:36 | 000,001,726 | -HS- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini
[2009/07/13 23:54:23 | 000,001,266 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
[2010/02/15 09:51:36 | 000,001,364 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
[2010/02/15 09:51:26 | 000,001,238 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
[2009/07/13 23:54:32 | 000,001,242 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2009/07/13 23:53:55 | 000,001,367 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2010/02/15 09:51:34 | 000,001,272 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
[2009/07/13 23:57:08 | 000,001,330 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
[2010/02/15 09:51:36 | 000,001,351 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
[2009/07/13 23:54:58 | 000,001,254 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
[2009/07/13 23:57:09 | 000,001,579 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
[2009/07/13 23:54:58 | 000,001,322 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
[2009/07/13 23:57:07 | 000,000,370 | -HS- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini
[2009/07/13 23:57:07 | 000,001,388 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
[2009/07/13 23:55:00 | 000,001,248 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2009/07/13 23:57:09 | 000,001,338 | -HS- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini
[2009/07/13 23:54:25 | 000,001,290 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
[2009/07/13 23:54:58 | 000,001,252 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2009/07/13 23:53:50 | 000,001,242 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
[2009/07/13 23:53:33 | 000,001,250 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2009/07/13 23:54:57 | 000,001,246 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2009/07/13 23:54:29 | 000,001,268 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
[2009/07/13 23:57:09 | 000,001,320 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
[2009/07/13 23:57:09 | 000,001,316 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
[2010/02/15 09:51:38 | 000,000,343 | -HS- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Desktop.ini
[2010/02/15 09:51:26 | 000,001,436 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
[2010/02/15 09:51:25 | 000,001,386 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
[2010/02/15 09:51:38 | 000,001,316 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
[2009/07/13 23:57:13 | 000,000,216 | -HS- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini
[2009/07/14 00:32:31 | 000,001,989 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
[2009/07/13 23:57:13 | 000,001,468 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
[2009/07/13 23:57:13 | 000,001,468 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
[2009/07/14 00:32:31 | 000,001,899 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
[2009/07/13 23:57:13 | 000,001,242 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2009/07/13 23:54:21 | 000,001,294 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2009/07/13 23:53:52 | 000,001,270 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2009/07/13 23:57:13 | 000,001,674 | -HS- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2009/07/13 23:54:29 | 000,001,298 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2009/07/13 23:54:22 | 000,001,274 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
[2009/07/13 23:53:33 | 000,001,268 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
[2009/07/13 23:53:50 | 000,001,232 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
[2009/07/13 23:53:33 | 000,001,246 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
[2009/07/13 23:54:29 | 000,001,262 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
[2009/07/13 23:53:58 | 000,001,274 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
[2009/07/14 00:32:31 | 000,002,741 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
[2010/08/31 12:44:49 | 000,002,251 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\BlackBerry\BlackBerry Desktop Software.lnk
[2010/08/31 12:44:49 | 000,002,242 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\BlackBerry\Readme.lnk
[2011/11/29 19:41:48 | 000,001,308 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\CANON iMAGE GATEWAY Task\CANON iMAGE GATEWAY Task Readme.lnk
[2011/11/29 19:41:48 | 000,001,408 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\CANON iMAGE GATEWAY Task\CANON iMAGE GATEWAY Task Uninstall.lnk
[2011/11/29 19:40:43 | 000,001,404 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\Digital Photo Professional 3.10\Digital Photo Professional Uninstall.lnk
[2011/11/29 19:40:43 | 000,001,158 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\Digital Photo Professional 3.10\Digital Photo Professional.lnk
[2011/11/29 19:41:04 | 000,001,066 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility Readme.lnk
[2011/11/29 19:41:04 | 000,001,374 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility Uninstall.lnk
[2011/11/29 19:41:04 | 000,001,093 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\EOS Utility.lnk
[2011/11/29 19:41:04 | 000,001,211 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\EOS Utility\WFTPairing.lnk
[2011/11/29 19:41:46 | 000,001,232 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\EOS Video Snapshot Task\EOS Video Snapshot Task Readme.lnk
[2011/11/29 19:41:46 | 000,001,504 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\EOS Video Snapshot Task\EOS Video Snapshot Task Uninstall.lnk
[2011/11/29 19:42:06 | 000,001,380 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\Movie Uploader for YouTube\Movie Uploader for YouTube Readme.lnk
[2011/11/29 19:42:06 | 000,001,404 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\Movie Uploader for YouTube\Movie Uploader for YouTube Uninstall.lnk
[2011/11/29 19:42:06 | 000,001,340 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\Movie Uploader for YouTube\Movie Uploader for YouTube.lnk
[2011/11/29 19:41:43 | 000,001,308 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Readme.lnk
[2011/11/29 19:41:43 | 000,001,506 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Uninstall.lnk
[2011/11/29 19:42:11 | 000,001,148 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Readme.lnk
[2011/11/29 19:42:11 | 000,001,374 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Uninstall.lnk
[2011/11/29 19:42:11 | 000,001,170 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch.lnk
[2011/11/29 19:41:06 | 000,001,392 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\Picture Style Editor\Picture Style Editor UnInstall.lnk
[2011/11/29 19:41:06 | 000,001,123 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\Picture Style Editor\Picture Style Editor.lnk
[2011/11/29 19:41:41 | 000,001,388 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX Memory Card Utility\Canon ZoomBrowser EX Memory Card Utility Uninstall.lnk
[2011/11/29 19:41:41 | 000,001,224 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX Memory Card Utility\Canon ZoomBrowser EX Memory Card Utility.lnk
[2011/11/29 19:41:32 | 000,001,291 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Readme.lnk
[2011/11/29 19:41:32 | 000,001,396 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Uninstall.lnk
[2011/11/29 19:41:32 | 000,001,318 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX.lnk
[2012/01/18 16:44:46 | 000,001,071 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Comodo\COMODO GeekBuddy\COMODO GeekBuddy.lnk
[2012/01/18 16:44:46 | 000,001,088 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Comodo\COMODO GeekBuddy\Uninstall COMODO GeekBuddy.lnk
[2012/01/18 16:45:05 | 000,000,788 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Comodo\COMODO Internet Security\Add and Remove components.lnk
[2012/01/18 16:45:05 | 000,001,870 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Comodo\COMODO Internet Security\COMODO Internet Security.lnk
[2012/01/18 16:44:37 | 000,001,136 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Comodo\Dragon\Comodo Dragon.lnk
[2012/01/18 16:44:37 | 000,001,153 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Comodo\Dragon\Uninstall Comodo Dragon.lnk
[2011/03/26 17:38:14 | 000,002,171 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\CrazyTalk for Skype\CrazyTalk for Skype.lnk
[2011/03/26 17:38:14 | 000,002,629 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\CrazyTalk for Skype\Uninstall CrazyTalk for Skype.lnk
[2010/02/15 08:27:35 | 000,002,091 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell DataSafe\Dell DataSafe Online.lnk
[2011/12/17 10:05:05 | 000,001,056 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell Support Center\Dell Support Center.lnk
[2011/12/17 10:05:05 | 000,000,143 | -HS- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell Support Center\desktop.ini
[2011/12/17 10:05:05 | 000,001,116 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell Support Center\PC Checkup.lnk
[2010/02/15 08:28:40 | 000,002,201 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell Webcam\Dell Webcam Central.lnk
[2010/02/15 08:29:19 | 000,002,222 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell Webcam\Live! Cam Avatar Creator\License Agreement.lnk
[2010/02/15 08:29:19 | 000,002,412 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell Webcam\Live! Cam Avatar Creator\Live! Cam Avatar Creator Help.lnk
[2010/02/15 08:29:19 | 000,002,398 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell Webcam\Live! Cam Avatar Creator\Live! Cam Avatar Creator.lnk
[2010/02/15 08:29:19 | 000,002,215 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell Webcam\Live! Cam Avatar Creator\Read Me.lnk
[2010/02/15 08:29:19 | 000,002,635 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell Webcam\Live! Cam Avatar Creator\Uninstall Live! Cam Avatar Creator.lnk
[2010/02/15 07:59:27 | 000,002,055 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell Wireless\Dell Wireless WLAN Card Readme.lnk
[2010/02/15 07:59:27 | 000,001,955 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell Wireless\Dell Wireless WLAN Card Utility.lnk
[2010/02/15 07:59:27 | 000,000,173 | -HS- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell Wireless\desktop.ini
[2010/02/15 08:11:32 | 000,002,615 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Dock.lnk
[2010/02/15 08:29:55 | 000,001,137 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Software & Utilities\Dell Getting Started Guide.lnk
[2010/02/15 07:57:57 | 000,002,471 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell\Service Agreements\Banctec.pdf.lnk
[2010/02/15 07:58:00 | 000,002,471 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell\Service Agreements\CompleteCare_Business.pdf.lnk
[2010/02/15 07:58:01 | 000,000,668 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell\Service Agreements\CompleteCare_Consumer.pdf.lnk
[2010/02/15 07:57:58 | 000,000,608 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell\Service Agreements\DHS.pdf.lnk
[2010/02/15 07:58:03 | 000,000,621 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell\Service Agreements\InHome.pdf.lnk
[2010/02/15 07:57:56 | 000,002,471 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Dell\Service Agreements\QualXServ.pdf.lnk
[2010/02/15 08:26:37 | 000,002,558 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\- Play Games -.lnk
[2010/02/15 08:26:39 | 000,002,647 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\- More Casual Games -.lnk
[2010/02/15 08:26:39 | 000,002,647 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\- More Enthusiast Games -.lnk
[2010/02/15 08:26:39 | 000,002,647 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\- More Kids Games -.lnk
[2010/02/15 08:26:39 | 000,002,647 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\- More MMO Games -.lnk
[2010/02/15 08:26:37 | 000,002,476 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\Bejeweled 2 Deluxe.lnk
[2010/02/15 09:51:25 | 000,000,352 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
[2010/02/15 08:27:01 | 000,001,056 | -HS- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\desktop.ini
[2010/02/15 08:26:37 | 000,002,476 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\FATE Undiscovered Realms.lnk
[2009/07/13 23:55:00 | 000,000,364 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
[2009/07/13 23:54:59 | 000,000,258 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
[2009/07/13 23:57:12 | 000,000,356 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2010/02/15 09:51:26 | 000,000,474 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2010/02/15 09:51:26 | 000,000,470 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2010/02/15 09:51:26 | 000,000,466 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2010/02/15 09:51:26 | 000,000,360 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
[2009/07/13 23:57:12 | 000,000,376 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2010/02/15 08:26:37 | 000,002,496 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\Plants vs. Zombies.lnk
[2010/02/15 08:26:37 | 000,002,432 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Bowler.lnk
[2009/07/13 23:57:12 | 000,000,378 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
[2009/07/13 23:55:01 | 000,000,368 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2009/07/13 23:57:12 | 000,000,392 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2010/02/15 08:26:37 | 000,002,420 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Games\Yahtzee.lnk
[2011/11/20 22:37:59 | 000,002,230 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Google Earth\Google Earth.lnk
[2011/11/20 22:37:59 | 000,002,146 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Google Earth\Start Google Earth in DirectX mode.lnk
[2011/11/20 22:37:59 | 000,002,150 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk
[2011/11/20 22:37:59 | 000,001,886 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Google Earth\Uninstall Google Earth .lnk
[2011/07/13 15:33:26 | 000,002,107 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
[2011/07/13 15:33:26 | 000,001,803 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
[2009/07/13 23:57:07 | 000,001,304 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
[2009/07/13 23:57:07 | 000,001,248 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
[2009/07/13 23:57:09 | 000,000,606 | -HS- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini
[2009/07/13 23:57:09 | 000,001,212 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
[2012/01/18 15:36:35 | 000,001,129 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk
[2012/01/18 15:36:35 | 000,001,129 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk
[2012/01/18 15:36:35 | 000,001,153 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk
[2012/01/18 15:36:35 | 000,001,302 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk
[2010/02/15 08:20:09 | 000,002,253 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 60 Day Trial - Online.lnk
[2010/02/15 08:19:17 | 000,002,655 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
[2010/02/15 08:19:17 | 000,002,619 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
[2010/02/15 08:19:18 | 000,002,645 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
[2010/02/15 08:19:18 | 000,002,693 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
[2010/02/15 08:19:18 | 000,002,647 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
[2010/02/15 08:19:18 | 000,002,627 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2010/02/15 08:19:18 | 000,002,527 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
[2010/02/15 08:19:18 | 000,002,625 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
[2010/02/15 08:19:18 | 000,002,605 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
[2011/10/17 07:17:42 | 000,002,269 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
[2010/02/15 08:15:22 | 000,002,577 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
[2010/02/15 08:15:22 | 000,002,597 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
[2010/02/15 08:15:22 | 000,002,605 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
[2010/02/15 08:15:22 | 000,002,647 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
[2010/12/15 02:22:16 | 000,002,629 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
[2010/06/26 00:33:43 | 000,001,155 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
[2010/02/15 08:15:22 | 000,002,649 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
[2010/09/26 23:44:11 | 000,002,661 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Motorola\Mobile Drivers\Motorola Driver Installer.exe.lnk
[2010/09/26 23:44:11 | 000,002,685 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Motorola\Mobile Drivers\Motorola License Agreement.rtf.lnk
[2011/04/15 14:05:31 | 000,001,051 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\PhotoScape\PhotoScape.lnk
[2011/04/15 14:05:31 | 000,001,046 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\PhotoScape\Uninstall PhotoScape.lnk
[2011/01/18 21:48:33 | 000,002,441 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2011/01/18 21:48:33 | 000,002,471 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2011/01/18 21:48:33 | 000,002,441 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2011/01/18 21:48:33 | 000,001,818 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2010/02/15 08:27:46 | 000,001,027 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Roxio\Roxio Burn.lnk
[2011/09/02 09:14:56 | 000,002,533 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Skype\Skype.lnk
[2010/12/28 21:15:00 | 000,001,961 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Call.lnk
[2010/12/28 21:16:01 | 000,002,214 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
[2010/12/28 21:15:28 | 000,002,110 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Messenger .lnk
[2010/12/28 21:17:27 | 000,001,295 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Movie Maker.lnk
[2010/12/28 21:17:08 | 000,002,230 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Photo Gallery.lnk
[2010/12/28 21:18:21 | 000,002,197 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
[2011/09/16 14:24:45 | 000,002,016 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\4\Adobe Reader 9.lnk
[2012/01/18 16:44:37 | 000,001,112 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\4\Comodo Dragon.lnk
[2012/01/18 16:44:46 | 000,001,047 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\4\COMODO GeekBuddy.lnk
[2012/01/18 16:45:05 | 000,001,846 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\4\COMODO Internet Security.lnk
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\4\desktop.ini
[2011/11/29 19:40:43 | 000,001,134 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\4\Digital Photo Professional.lnk
[2011/11/29 19:41:04 | 000,001,069 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\4\EOS Utility.lnk
[2011/11/20 22:37:59 | 000,002,214 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\4\Google Earth.lnk
[2011/07/13 15:33:26 | 000,001,785 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\4\iTunes.lnk
[2012/01/18 15:36:35 | 000,001,111 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\4\Malwarebytes Anti-Malware.lnk
[2011/03/27 00:39:32 | 000,001,136 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\4\Mozilla Firefox.lnk
[2011/11/29 19:41:06 | 000,001,099 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\4\Picture Style Editor.lnk
[2011/11/29 19:41:32 | 000,001,294 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Local\Temp\smtmp\4\ZoomBrowser EX.lnk
[2012/01/18 18:57:18 | 000,000,691 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk.vir
[2012/01/18 18:57:18 | 000,000,763 | ---- | M] () -- c:\Qoobox\Quarantine\C\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk.vir
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- c:\Qoobox\Quarantine\D\install.exe.vir
[2012/01/22 13:32:30 | 000,001,380 | ---- | M] () -- c:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat
[2012/01/22 13:32:30 | 000,000,996 | ---- | M] () -- c:\Qoobox\Quarantine\Registry_backups\AddRemove-Search Toolbar.reg.dat
[2012/01/22 13:12:44 | 000,006,262 | ---- | M] () -- c:\Qoobox\Quarantine\Registry_backups\tcpip.reg
[2012/01/22 13:32:17 | 000,000,092 | ---- | M] () -- c:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
[2012/01/22 13:32:02 | 000,000,203 | ---- | M] () -- c:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-DellSupportCenter.reg.dat
[2012/01/22 13:32:00 | 000,000,104 | ---- | M] () -- c:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat

< %Temp%\smtmp\*.* /s >

< End of report >

Edited by moordogck, 23 January 2012 - 09:32 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP