Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible google Redirect. [Closed]


  • This topic is locked This topic is locked

#1
dzk87

dzk87

    Member

  • Member
  • PipPip
  • 10 posts
So my computer automatically redirects google searches to various other sites.... In the past month, I have have "Internet Security" virus, and the 2010 version of the same thing, removed using Malawarebytes. In addition, Spybot S&D and Malawarebytes both identify svchost.exe, located in C:/Windows, to be a virus, and their deletions of it last until I refresh that folder.

OTL:
OTL logfile created on: 3/11/2012 5:02:45 PM - Run 2
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\dell\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 53.34% Memory free
7.92 Gb Paging File | 5.79 Gb Available in Paging File | 73.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.59 Gb Total Space | 12.85 Gb Free Space | 2.88% Space Free | Partition Type: NTFS

Computer Name: DELL-LAPTOP | User Name: dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/11 16:34:38 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\dell\Downloads\OTL.exe
PRC - [2012/03/03 12:16:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/31 14:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/31 14:13:44 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/03/10 02:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
PRC - [2010/03/10 01:38:18 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/12/22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/03 12:16:23 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/16 04:40:03 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 04:39:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/16 03:15:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/10/03 12:35:27 | 007,083,168 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2009/06/18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/02/27 14:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/23 12:02:11 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/03/10 01:38:18 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe -- (mi-raysat_3dsmax2011_64)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/02/10 15:38:02 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/31 14:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/07 23:18:28 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/07 21:43:15 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 02:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe -- (SftService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/02 04:29:18 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/11 16:56:31 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV:64bit: - [2011/12/10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 23:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/02/05 07:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7151AD76-0AC7-4EAE-A230-4E36F0DFE6B6}
IE:64bit: - HKLM\..\SearchScopes\{7151AD76-0AC7-4EAE-A230-4E36F0DFE6B6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {CDE6F8BD-CD6D-48ED-AE1C-7585570F400E}
IE - HKLM\..\SearchScopes\{CDE6F8BD-CD6D-48ED-AE1C-7585570F400E}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {CDE6F8BD-CD6D-48ED-AE1C-7585570F400E}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\dell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/03 12:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/03 02:23:05 | 000,000,000 | ---D | M]

[2010/06/29 09:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dell\AppData\Roaming\mozilla\Extensions
[2012/03/11 00:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dell\AppData\Roaming\mozilla\Firefox\Profiles\x4vq1cdb.default\extensions
[2011/12/01 19:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4VQ1CDB.DEFAULT\EXTENSIONS\[email protected]
[2012/03/03 12:16:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/03 12:16:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/03 12:16:21 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/11 16:54:31 | 000,000,019 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized File not found
O4 - HKCU..\Run: [Update] C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\klzgc.dll (eMajix.com, Inc.)
O4 - Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm File not found
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sslvpn.boein...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39FE6609-E0AE-4100-8A1F-1A1CCFBCC397}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/07 21:22:43 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{fbad5e5b-211c-11df-a57b-00256459104d}\Shell - "" = AutoRun
O33 - MountPoints2\{fbad5e5b-211c-11df-a57b-00256459104d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 16:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/03/11 15:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/11 15:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/11 12:05:30 | 000,000,000 | ---D | C] -- C:\Users\dell\AppData\Roaming\SSH
[2012/03/11 11:59:22 | 000,000,000 | ---D | C] -- C:\Users\dell\Desktop\Music
[2012/03/10 13:52:47 | 000,000,000 | ---D | C] -- C:\Users\dell\AppData\Roaming\LolClient
[2012/03/10 11:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/03/09 22:35:25 | 000,000,000 | ---D | C] -- C:\Users\dell\Documents\Updater5
[2012/03/09 22:33:25 | 000,000,000 | ---D | C] -- C:\League Of Legends
[2012/03/09 22:32:06 | 000,000,000 | ---D | C] -- C:\Users\dell\AppData\Local\PMB Files
[2012/03/09 21:44:04 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/03/09 13:13:34 | 000,000,000 | ---D | C] -- C:\Users\dell\AppData\Roaming\BitTorrent
[2012/03/09 13:10:01 | 000,000,000 | ---D | C] -- C:\Users\dell\AppData\Roaming\Media Player Classic
[2012/03/09 12:53:00 | 000,000,000 | ---D | C] -- C:\Users\dell\Desktop\Galaxy Angel
[2012/03/09 12:40:10 | 000,000,000 | ---D | C] -- C:\Users\dell\Desktop\Daniel
[2012/03/09 12:29:16 | 000,000,000 | ---D | C] -- C:\Users\dell\AppData\Roaming\Malwarebytes
[2012/02/28 13:24:11 | 000,000,000 | ---D | C] -- C:\Users\dell\Desktop\src
[2012/02/27 19:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/27 19:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/27 19:40:12 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/27 19:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/26 21:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema
[2012/02/26 21:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Player Classic - Home Cinema
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/11 17:05:17 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/11 17:05:17 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/11 17:02:28 | 000,757,114 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/11 17:02:28 | 000,220,530 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/11 17:02:28 | 000,006,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/11 16:56:31 | 000,027,424 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/03/11 16:56:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/11 16:56:17 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/11 16:54:31 | 000,000,019 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/11 16:54:24 | 000,002,846 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/03/11 16:02:04 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1181968351-368210708-1878507678-1000UA.job
[2012/03/11 15:23:52 | 000,441,506 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro
[2012/03/11 15:22:03 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/11 15:21:33 | 000,006,404 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/11 11:35:49 | 000,000,131 | ---- | M] () -- C:\Windows\wininit.ini
[2012/03/10 23:55:12 | 000,000,855 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120311-152352.backup
[2012/03/10 23:02:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1181968351-368210708-1878507678-1000Core.job
[2012/03/10 11:34:05 | 000,001,722 | ---- | M] () -- C:\Users\dell\Desktop\Play League of Legends.lnk
[2012/02/28 14:38:46 | 000,032,768 | ---- | M] () -- C:\Users\dell\Desktop\benchmarks20.tar
[2012/02/27 19:40:19 | 000,001,111 | ---- | M] () -- C:\Users\dell\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/16 04:33:46 | 000,363,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/11 16:56:31 | 000,027,424 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/03/11 16:54:24 | 000,002,846 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/03/11 15:22:03 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/10 20:21:08 | 000,000,131 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/10 11:34:05 | 000,001,722 | ---- | C] () -- C:\Users\dell\Desktop\Play League of Legends.lnk
[2012/02/29 15:07:26 | 000,032,768 | ---- | C] () -- C:\Users\dell\Desktop\benchmarks20.tar
[2012/02/27 19:40:19 | 000,001,111 | ---- | C] () -- C:\Users\dell\Desktop\Malwarebytes Anti-Malware.lnk
[2011/10/15 09:25:13 | 000,006,404 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/24 13:16:11 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/02/08 16:11:54 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\k_KBD1.dll
[2011/02/08 16:02:30 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\KBD1.dll
[2011/02/08 15:54:55 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\k_KBD0.dll
[2011/02/08 15:37:37 | 000,000,498 | ---- | C] () -- C:\Windows\klm32.ini
[2011/01/23 16:22:19 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\jsound.dll
[2011/01/23 16:22:19 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\jmmpa.dll
[2011/01/23 16:22:19 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\jmh261.dll
[2011/01/23 16:22:19 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\jmvh263.dll
[2011/01/23 16:22:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\jmjpeg.dll
[2011/01/23 16:22:19 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\jmh263enc.dll
[2011/01/23 16:22:19 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\jmmpegv.dll
[2011/01/23 16:22:19 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\jmutil.dll
[2011/01/23 16:22:19 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\jmvfw.dll
[2011/01/23 16:22:19 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmvcm.dll
[2011/01/23 16:22:19 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmmci.dll
[2011/01/23 16:22:18 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\jmg723.dll
[2011/01/23 16:22:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\jmgsm.dll
[2011/01/23 16:22:18 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\jmam.dll
[2011/01/23 16:22:18 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmcvid.dll
[2011/01/23 16:22:18 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmacm.dll
[2011/01/23 16:22:18 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\jmdaud.dll
[2011/01/23 16:22:18 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmgdi.dll
[2011/01/23 16:22:18 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\jmfjawt.dll
[2011/01/23 16:22:18 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\jmddraw.dll
[2011/01/23 16:22:18 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmdaudc.dll
[2010/12/21 15:05:42 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/11/20 15:28:39 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/11/07 00:27:01 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/10/24 14:49:16 | 000,060,326 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/10/04 21:24:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/13 14:20:56 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010/09/09 22:31:03 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2010/09/09 22:31:03 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll

========== LOP Check ==========

[2012/03/10 23:02:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1181968351-368210708-1878507678-1000Core.job
[2012/03/11 16:02:04 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1181968351-368210708-1878507678-1000UA.job
[2012/01/03 00:09:09 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/04/20 13:44:57 | 000,019,456 | ---- | M] ()(C:\Users\dell\Documents\?? ????? ?? ?????? ???.doc) -- C:\Users\dell\Documents\הא מאקומ הא מיוחאד שלי.doc
[2011/04/20 12:59:20 | 000,019,456 | ---- | C] ()(C:\Users\dell\Documents\?? ????? ?? ?????? ???.doc) -- C:\Users\dell\Documents\הא מאקומ הא מיוחאד שלי.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:54D4173A
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

EDIT: 5:47 pm. For NO determinable reason, both issues appear to have been solved. Will update again if something shows.

Edited by dzk87, 11 March 2012 - 03:48 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets start the ball rolling

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [Update] C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\klzgc.dll (eMajix.com, Inc.)


    :Files
    ipconfig /flushdns /c
    C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\Microsoft\Microsoft

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

AND FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
dzk87

dzk87

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I edited main post, things "appear" to be fixed. Should I still do the same things?
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It would be advisable I feel, as I saw one malware file active in the log
  • 0

#5
dzk87

dzk87

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL Log displayed on startup:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Update deleted successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\klzgc.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\dell\Downloads\cmd.bat deleted successfully.
C:\Users\dell\Downloads\cmd.txt deleted successfully.
C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\Microsoft\Microsoft folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Daniel
->Temp folder emptied: 301371523 bytes
->Temporary Internet Files folder emptied: 111893461 bytes
->Java cache emptied: 16959548 bytes
->FireFox cache emptied: 284581991 bytes
->Flash cache emptied: 622977 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: dell
->Temp folder emptied: 2118537 bytes
->Temporary Internet Files folder emptied: 69114612 bytes
->Java cache emptied: 37565573 bytes
->FireFox cache emptied: 52092167 bytes
->Apple Safari cache emptied: 11910144 bytes
->Flash cache emptied: 182961 bytes

User: Michael
->Temp folder emptied: 1076603 bytes
->Temporary Internet Files folder emptied: 2897295 bytes
->Java cache emptied: 49853845 bytes
->FireFox cache emptied: 98384516 bytes
->Flash cache emptied: 107467 bytes

User: Public

User: work
->Temp folder emptied: 46477731 bytes
->Temporary Internet Files folder emptied: 3696510 bytes
->Java cache emptied: 58513582 bytes
->FireFox cache emptied: 70942948 bytes
->Flash cache emptied: 490268 bytes

%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 363520 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73743261 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,235.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.36.3 log created on 03112012_175349

Files\Folders moved on Reboot...
C:\Users\dell\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP00002219162B7F53049FEC97 not found!

Registry entries deleted on Reboot...

OTL Log:


OTL logfile created on: 3/11/2012 6:03:56 PM - Run 3
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\dell\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.57% Memory free
7.92 Gb Paging File | 5.96 Gb Available in Paging File | 75.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.59 Gb Total Space | 14.05 Gb Free Space | 3.15% Space Free | Partition Type: NTFS

Computer Name: DELL-LAPTOP | User Name: dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/11 16:34:38 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\dell\Downloads\OTL.exe
PRC - [2012/03/03 12:16:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/31 14:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/31 14:13:44 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/03/10 02:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
PRC - [2010/03/10 01:38:18 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
PRC - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 09:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/12/22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/03 12:16:23 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/16 04:40:03 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 04:39:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/16 03:15:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/10/03 12:35:27 | 007,083,168 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2009/06/18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/23 12:02:11 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/03/10 01:38:18 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe -- (mi-raysat_3dsmax2011_64)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/02/10 15:38:02 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/31 14:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/07 23:18:28 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/07 21:43:15 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 02:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe -- (SftService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/02 04:29:18 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 23:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/02/05 07:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7151AD76-0AC7-4EAE-A230-4E36F0DFE6B6}
IE:64bit: - HKLM\..\SearchScopes\{7151AD76-0AC7-4EAE-A230-4E36F0DFE6B6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {CDE6F8BD-CD6D-48ED-AE1C-7585570F400E}
IE - HKLM\..\SearchScopes\{CDE6F8BD-CD6D-48ED-AE1C-7585570F400E}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {CDE6F8BD-CD6D-48ED-AE1C-7585570F400E}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\dell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/03 12:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/03 02:23:05 | 000,000,000 | ---D | M]

[2010/06/29 09:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dell\AppData\Roaming\mozilla\Extensions
[2012/03/11 00:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dell\AppData\Roaming\mozilla\Firefox\Profiles\x4vq1cdb.default\extensions
[2011/12/01 19:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4VQ1CDB.DEFAULT\EXTENSIONS\[email protected]
[2012/03/03 12:16:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/03 12:16:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/03 12:16:21 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/11 17:53:52 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized File not found
O4 - Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm File not found
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sslvpn.boein...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39FE6609-E0AE-4100-8A1F-1A1CCFBCC397}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/07 21:22:43 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{fbad5e5b-211c-11df-a57b-00256459104d}\Shell - "" = AutoRun
O33 - MountPoints2\{fbad5e5b-211c-11df-a57b-00256459104d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 17:53:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/11 16:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/03/11 15:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/11 15:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/11 12:05:30 | 000,000,000 | ---D | C] -- C:\Users\dell\AppData\Roaming\SSH
[2012/03/11 11:59:22 | 000,000,000 | ---D | C] -- C:\Users\dell\Desktop\Music
[2012/03/10 13:52:47 | 000,000,000 | ---D | C] -- C:\Users\dell\AppData\Roaming\LolClient
[2012/03/10 11:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/03/09 22:35:25 | 000,000,000 | ---D | C] -- C:\Users\dell\Documents\Updater5
[2012/03/09 22:33:25 | 000,000,000 | ---D | C] -- C:\League Of Legends
[2012/03/09 22:32:06 | 000,000,000 | ---D | C] -- C:\Users\dell\AppData\Local\PMB Files
[2012/03/09 21:44:04 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/03/09 13:13:34 | 000,000,000 | ---D | C] -- C:\Users\dell\AppData\Roaming\BitTorrent
[2012/03/09 13:10:01 | 000,000,000 | ---D | C] -- C:\Users\dell\AppData\Roaming\Media Player Classic
[2012/03/09 12:53:00 | 000,000,000 | ---D | C] -- C:\Users\dell\Desktop\Galaxy Angel
[2012/03/09 12:40:10 | 000,000,000 | ---D | C] -- C:\Users\dell\Desktop\Daniel
[2012/03/09 12:29:16 | 000,000,000 | ---D | C] -- C:\Users\dell\AppData\Roaming\Malwarebytes
[2012/02/28 13:24:11 | 000,000,000 | ---D | C] -- C:\Users\dell\Desktop\src
[2012/02/27 19:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/27 19:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/27 19:40:12 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/27 19:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/26 21:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema
[2012/02/26 21:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Player Classic - Home Cinema

========== Files - Modified Within 30 Days ==========

[2012/03/11 18:08:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/11 18:08:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/11 18:06:02 | 000,761,576 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/11 18:06:02 | 000,224,800 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/11 18:06:02 | 000,006,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/11 17:59:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/11 17:59:11 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/11 17:53:52 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/03/11 16:54:24 | 000,002,846 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/03/11 16:02:04 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1181968351-368210708-1878507678-1000UA.job
[2012/03/11 15:23:52 | 000,441,506 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro
[2012/03/11 15:22:03 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/11 15:21:33 | 000,006,404 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/11 11:35:49 | 000,000,131 | ---- | M] () -- C:\Windows\wininit.ini
[2012/03/10 23:55:12 | 000,000,855 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120311-152352.backup
[2012/03/10 23:02:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1181968351-368210708-1878507678-1000Core.job
[2012/03/10 11:34:05 | 000,001,722 | ---- | M] () -- C:\Users\dell\Desktop\Play League of Legends.lnk
[2012/02/28 14:38:46 | 000,032,768 | ---- | M] () -- C:\Users\dell\Desktop\benchmarks20.tar
[2012/02/27 19:40:19 | 000,001,111 | ---- | M] () -- C:\Users\dell\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/16 04:33:46 | 000,363,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/03/11 16:54:24 | 000,002,846 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/03/11 15:22:03 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/10 20:21:08 | 000,000,131 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/10 11:34:05 | 000,001,722 | ---- | C] () -- C:\Users\dell\Desktop\Play League of Legends.lnk
[2012/02/29 15:07:26 | 000,032,768 | ---- | C] () -- C:\Users\dell\Desktop\benchmarks20.tar
[2012/02/27 19:40:19 | 000,001,111 | ---- | C] () -- C:\Users\dell\Desktop\Malwarebytes Anti-Malware.lnk
[2011/10/15 09:25:13 | 000,006,404 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/24 13:16:11 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/02/08 16:11:54 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\k_KBD1.dll
[2011/02/08 16:02:30 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\KBD1.dll
[2011/02/08 15:54:55 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\k_KBD0.dll
[2011/02/08 15:37:37 | 000,000,498 | ---- | C] () -- C:\Windows\klm32.ini
[2011/01/23 16:22:19 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\jsound.dll
[2011/01/23 16:22:19 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\jmmpa.dll
[2011/01/23 16:22:19 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\jmh261.dll
[2011/01/23 16:22:19 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\jmvh263.dll
[2011/01/23 16:22:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\jmjpeg.dll
[2011/01/23 16:22:19 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\jmh263enc.dll
[2011/01/23 16:22:19 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\jmmpegv.dll
[2011/01/23 16:22:19 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\jmutil.dll
[2011/01/23 16:22:19 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\jmvfw.dll
[2011/01/23 16:22:19 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmvcm.dll
[2011/01/23 16:22:19 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmmci.dll
[2011/01/23 16:22:18 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\jmg723.dll
[2011/01/23 16:22:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\jmgsm.dll
[2011/01/23 16:22:18 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\jmam.dll
[2011/01/23 16:22:18 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmcvid.dll
[2011/01/23 16:22:18 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmacm.dll
[2011/01/23 16:22:18 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\jmdaud.dll
[2011/01/23 16:22:18 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmgdi.dll
[2011/01/23 16:22:18 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\jmfjawt.dll
[2011/01/23 16:22:18 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\jmddraw.dll
[2011/01/23 16:22:18 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmdaudc.dll
[2010/12/21 15:05:42 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/11/20 15:28:39 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/11/07 00:27:01 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/10/24 14:49:16 | 000,060,326 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/10/04 21:24:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/13 14:20:56 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010/09/09 22:31:03 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2010/09/09 22:31:03 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll

========== LOP Check ==========

[2012/03/10 23:02:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1181968351-368210708-1878507678-1000Core.job
[2012/03/11 16:02:04 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1181968351-368210708-1878507678-1000UA.job
[2012/01/03 00:09:09 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/04/20 13:44:57 | 000,019,456 | ---- | M] ()(C:\Users\dell\Documents\?? ????? ?? ?????? ???.doc) -- C:\Users\dell\Documents\הא מאקומ הא מיוחאד שלי.doc
[2011/04/20 12:59:20 | 000,019,456 | ---- | C] ()(C:\Users\dell\Documents\?? ????? ?? ?????? ???.doc) -- C:\Users\dell\Documents\הא מאקומ הא מיוחאד שלי.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:54D4173A
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


TDSS Log:

18:11:46.0937 4560 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
18:11:47.0197 4560 ============================================================
18:11:47.0197 4560 Current date / time: 2012/03/11 18:11:47.0197
18:11:47.0198 4560 SystemInfo:
18:11:47.0198 4560
18:11:47.0198 4560 OS Version: 6.1.7601 ServicePack: 1.0
18:11:47.0198 4560 Product type: Workstation
18:11:47.0198 4560 ComputerName: DELL-LAPTOP
18:11:47.0198 4560 UserName: dell
18:11:47.0198 4560 Windows directory: C:\Windows
18:11:47.0198 4560 System windows directory: C:\Windows
18:11:47.0198 4560 Running under WOW64
18:11:47.0198 4560 Processor architecture: Intel x64
18:11:47.0198 4560 Number of processors: 2
18:11:47.0198 4560 Page size: 0x1000
18:11:47.0198 4560 Boot type: Normal boot
18:11:47.0199 4560 ============================================================
18:11:47.0746 4560 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:11:47.0776 4560 \Device\Harddisk0\DR0:
18:11:47.0776 4560 MBR used
18:11:47.0776 4560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x95800, BlocksNum 0x25C0000
18:11:47.0776 4560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2655800, BlocksNum 0x37D30030
18:11:47.0986 4560 Initialize success
18:11:47.0986 4560 ============================================================
18:11:53.0360 4644 ============================================================
18:11:53.0360 4644 Scan started
18:11:53.0360 4644 Mode: Manual; SigCheck; TDLFS;
18:11:53.0360 4644 ============================================================
18:11:54.0756 4644 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:11:54.0874 4644 1394ohci - ok
18:11:55.0094 4644 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:11:55.0144 4644 ACPI - ok
18:11:55.0278 4644 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:11:55.0322 4644 AcpiPmi - ok
18:11:55.0662 4644 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:11:55.0708 4644 adp94xx - ok
18:11:55.0898 4644 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:11:55.0939 4644 adpahci - ok
18:11:56.0121 4644 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:11:56.0154 4644 adpu320 - ok
18:11:56.0371 4644 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:11:56.0411 4644 AFD - ok
18:11:56.0545 4644 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:11:56.0566 4644 agp440 - ok
18:11:56.0764 4644 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:11:56.0784 4644 aliide - ok
18:11:56.0911 4644 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:11:56.0941 4644 amdide - ok
18:11:57.0066 4644 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:11:57.0132 4644 AmdK8 - ok
18:11:57.0334 4644 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:11:57.0405 4644 AmdPPM - ok
18:11:57.0548 4644 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:11:57.0580 4644 amdsata - ok
18:11:57.0740 4644 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:11:57.0773 4644 amdsbs - ok
18:11:57.0900 4644 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:11:57.0930 4644 amdxata - ok
18:11:58.0239 4644 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:11:58.0310 4644 ApfiltrService - ok
18:11:58.0446 4644 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:11:58.0529 4644 AppID - ok
18:11:58.0730 4644 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:11:58.0761 4644 arc - ok
18:11:58.0908 4644 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:11:58.0939 4644 arcsas - ok
18:11:59.0118 4644 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:11:59.0171 4644 AsyncMac - ok
18:11:59.0409 4644 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:11:59.0442 4644 atapi - ok
18:11:59.0693 4644 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:11:59.0752 4644 b06bdrv - ok
18:12:00.0001 4644 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:12:00.0066 4644 b57nd60a - ok
18:12:00.0200 4644 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
18:12:00.0228 4644 BCM42RLY - ok
18:12:00.0474 4644 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:12:00.0657 4644 BCM43XX - ok
18:12:00.0928 4644 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:12:00.0999 4644 Beep - ok
18:12:01.0227 4644 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:12:01.0283 4644 blbdrive - ok
18:12:01.0475 4644 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:12:01.0533 4644 bowser - ok
18:12:01.0689 4644 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:12:01.0780 4644 BrFiltLo - ok
18:12:01.0923 4644 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:12:01.0946 4644 BrFiltUp - ok
18:12:02.0060 4644 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:12:02.0118 4644 Brserid - ok
18:12:02.0292 4644 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:12:02.0320 4644 BrSerWdm - ok
18:12:02.0459 4644 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:12:02.0523 4644 BrUsbMdm - ok
18:12:02.0639 4644 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:12:02.0709 4644 BrUsbSer - ok
18:12:02.0962 4644 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:12:03.0027 4644 BTHMODEM - ok
18:12:03.0177 4644 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:12:03.0272 4644 cdfs - ok
18:12:03.0488 4644 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:12:03.0557 4644 cdrom - ok
18:12:03.0701 4644 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:12:03.0769 4644 circlass - ok
18:12:03.0905 4644 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:12:03.0939 4644 CLFS - ok
18:12:04.0125 4644 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:12:04.0187 4644 CmBatt - ok
18:12:04.0345 4644 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:12:04.0372 4644 cmdide - ok
18:12:04.0584 4644 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:12:04.0635 4644 CNG - ok
18:12:04.0876 4644 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:12:04.0910 4644 Compbatt - ok
18:12:05.0053 4644 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:12:05.0122 4644 CompositeBus - ok
18:12:05.0279 4644 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:12:05.0311 4644 crcdisk - ok
18:12:05.0584 4644 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
18:12:05.0649 4644 CtClsFlt - ok
18:12:05.0849 4644 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:12:06.0118 4644 DfsC - ok
18:12:06.0370 4644 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:12:06.0461 4644 discache - ok
18:12:06.0618 4644 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:12:06.0662 4644 Disk - ok
18:12:06.0916 4644 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:12:06.0965 4644 drmkaud - ok
18:12:07.0214 4644 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:12:07.0261 4644 DXGKrnl - ok
18:12:07.0622 4644 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:12:07.0777 4644 ebdrv - ok
18:12:08.0013 4644 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:12:08.0047 4644 elxstor - ok
18:12:08.0240 4644 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:12:08.0289 4644 ErrDev - ok
18:12:08.0777 4644 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:12:08.0900 4644 exfat - ok
18:12:09.0402 4644 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:12:09.0467 4644 fastfat - ok
18:12:09.0643 4644 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:12:09.0679 4644 fdc - ok
18:12:09.0844 4644 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:12:09.0880 4644 FileInfo - ok
18:12:09.0984 4644 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:12:10.0083 4644 Filetrace - ok
18:12:10.0232 4644 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:12:10.0262 4644 flpydisk - ok
18:12:10.0385 4644 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:12:10.0425 4644 FltMgr - ok
18:12:10.0540 4644 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:12:10.0564 4644 FsDepends - ok
18:12:10.0579 4644 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:12:10.0601 4644 Fs_Rec - ok
18:12:10.0711 4644 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:12:10.0741 4644 fvevol - ok
18:12:10.0844 4644 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:12:10.0877 4644 gagp30kx - ok
18:12:10.0998 4644 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:12:11.0024 4644 GEARAspiWDM - ok
18:12:11.0155 4644 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:12:11.0225 4644 hcw85cir - ok
18:12:11.0392 4644 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:12:11.0455 4644 HDAudBus - ok
18:12:11.0578 4644 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:12:11.0633 4644 HidBatt - ok
18:12:11.0746 4644 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:12:11.0809 4644 HidBth - ok
18:12:11.0935 4644 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:12:12.0005 4644 HidIr - ok
18:12:12.0167 4644 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:12:12.0231 4644 HidUsb - ok
18:12:12.0505 4644 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:12:12.0524 4644 HpSAMD - ok
18:12:12.0998 4644 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:12:13.0089 4644 HTTP - ok
18:12:13.0236 4644 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:12:13.0265 4644 hwpolicy - ok
18:12:13.0364 4644 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:12:13.0402 4644 i8042prt - ok
18:12:13.0561 4644 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
18:12:13.0597 4644 iaStor - ok
18:12:13.0750 4644 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:12:13.0794 4644 iaStorV - ok
18:12:14.0152 4644 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:12:14.0553 4644 igfx - ok
18:12:14.0742 4644 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:12:14.0793 4644 iirsp - ok
18:12:15.0268 4644 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:12:15.0298 4644 intelide - ok
18:12:15.0458 4644 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:12:15.0507 4644 intelppm - ok
18:12:15.0670 4644 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:12:15.0755 4644 IpFilterDriver - ok
18:12:15.0926 4644 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:12:15.0985 4644 IPMIDRV - ok
18:12:16.0257 4644 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:12:16.0335 4644 IPNAT - ok
18:12:16.0481 4644 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:12:16.0549 4644 IRENUM - ok
18:12:16.0742 4644 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:12:16.0768 4644 isapnp - ok
18:12:16.0939 4644 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:12:16.0980 4644 iScsiPrt - ok
18:12:17.0157 4644 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:12:17.0178 4644 kbdclass - ok
18:12:17.0355 4644 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:12:17.0421 4644 kbdhid - ok
18:12:17.0644 4644 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:12:17.0682 4644 KSecDD - ok
18:12:17.0832 4644 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:12:17.0871 4644 KSecPkg - ok
18:12:17.0990 4644 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:12:18.0055 4644 ksthunk - ok
18:12:18.0242 4644 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:12:18.0291 4644 lltdio - ok
18:12:18.0481 4644 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:12:18.0514 4644 LSI_FC - ok
18:12:18.0671 4644 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:12:18.0706 4644 LSI_SAS - ok
18:12:18.0896 4644 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:12:18.0924 4644 LSI_SAS2 - ok
18:12:19.0098 4644 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:12:19.0129 4644 LSI_SCSI - ok
18:12:19.0309 4644 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:12:19.0397 4644 luafv - ok
18:12:19.0656 4644 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:12:19.0684 4644 MBAMProtector - ok
18:12:19.0939 4644 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
18:12:19.0977 4644 mcdbus - ok
18:12:20.0186 4644 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:12:20.0217 4644 megasas - ok
18:12:20.0358 4644 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:12:20.0401 4644 MegaSR - ok
18:12:20.0568 4644 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:12:20.0650 4644 Modem - ok
18:12:20.0755 4644 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:12:20.0809 4644 monitor - ok
18:12:20.0933 4644 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:12:20.0963 4644 mouclass - ok
18:12:21.0143 4644 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:12:21.0181 4644 mouhid - ok
18:12:21.0388 4644 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:12:21.0424 4644 mountmgr - ok
18:12:21.0692 4644 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
18:12:21.0737 4644 MpFilter - ok
18:12:21.0968 4644 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:12:22.0004 4644 mpio - ok
18:12:22.0275 4644 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:12:22.0307 4644 MpNWMon - ok
18:12:22.0486 4644 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:12:22.0594 4644 mpsdrv - ok
18:12:22.0964 4644 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:12:23.0042 4644 MRxDAV - ok
18:12:23.0207 4644 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:12:23.0262 4644 mrxsmb - ok
18:12:23.0444 4644 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:12:23.0508 4644 mrxsmb10 - ok
18:12:23.0755 4644 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:12:23.0790 4644 mrxsmb20 - ok
18:12:24.0172 4644 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:12:24.0200 4644 msahci - ok
18:12:24.0392 4644 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:12:24.0428 4644 msdsm - ok
18:12:24.0599 4644 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:12:24.0664 4644 Msfs - ok
18:12:24.0801 4644 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:12:24.0856 4644 mshidkmdf - ok
18:12:25.0033 4644 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:12:25.0062 4644 msisadrv - ok
18:12:25.0266 4644 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:12:25.0356 4644 MSKSSRV - ok
18:12:25.0646 4644 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:12:25.0731 4644 MSPCLOCK - ok
18:12:25.0882 4644 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:12:25.0939 4644 MSPQM - ok
18:12:26.0126 4644 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:12:26.0165 4644 MsRPC - ok
18:12:26.0355 4644 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:12:26.0387 4644 mssmbios - ok
18:12:26.0524 4644 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:12:26.0614 4644 MSTEE - ok
18:12:26.0767 4644 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:12:26.0827 4644 MTConfig - ok
18:12:26.0977 4644 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:12:27.0010 4644 Mup - ok
18:12:27.0214 4644 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:12:27.0265 4644 NativeWifiP - ok
18:12:27.0542 4644 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:12:27.0596 4644 NDIS - ok
18:12:27.0746 4644 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:12:27.0822 4644 NdisCap - ok
18:12:27.0944 4644 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:12:28.0030 4644 NdisTapi - ok
18:12:28.0172 4644 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:12:28.0262 4644 Ndisuio - ok
18:12:28.0458 4644 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:12:28.0538 4644 NdisWan - ok
18:12:28.0701 4644 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:12:28.0798 4644 NDProxy - ok
18:12:28.0955 4644 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:12:29.0043 4644 NetBIOS - ok
18:12:29.0186 4644 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:12:29.0321 4644 NetBT - ok
18:12:29.0622 4644 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:12:29.0643 4644 nfrd960 - ok
18:12:29.0911 4644 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:12:29.0943 4644 NisDrv - ok
18:12:30.0149 4644 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:12:30.0238 4644 Npfs - ok
18:12:30.0434 4644 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:12:30.0494 4644 nsiproxy - ok
18:12:30.0823 4644 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:12:30.0950 4644 Ntfs - ok
18:12:31.0076 4644 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:12:31.0175 4644 Null - ok
18:12:31.0384 4644 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:12:31.0424 4644 nvraid - ok
18:12:31.0541 4644 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:12:31.0576 4644 nvstor - ok
18:12:31.0763 4644 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:12:31.0789 4644 nv_agp - ok
18:12:31.0997 4644 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:12:32.0058 4644 ohci1394 - ok
18:12:32.0210 4644 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:12:32.0247 4644 Parport - ok
18:12:32.0380 4644 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:12:32.0413 4644 partmgr - ok
18:12:32.0549 4644 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:12:32.0591 4644 pci - ok
18:12:32.0717 4644 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:12:32.0748 4644 pciide - ok
18:12:32.0880 4644 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:12:32.0922 4644 pcmcia - ok
18:12:32.0977 4644 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:12:33.0011 4644 pcw - ok
18:12:33.0195 4644 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:12:33.0262 4644 PEAUTH - ok
18:12:33.0427 4644 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:12:33.0491 4644 PptpMiniport - ok
18:12:33.0579 4644 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:12:33.0625 4644 Processor - ok
18:12:33.0744 4644 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:12:33.0812 4644 Psched - ok
18:12:33.0952 4644 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:12:33.0984 4644 PxHlpa64 - ok
18:12:34.0276 4644 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:12:34.0335 4644 ql2300 - ok
18:12:34.0466 4644 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:12:34.0495 4644 ql40xx - ok
18:12:34.0607 4644 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:12:34.0675 4644 QWAVEdrv - ok
18:12:34.0765 4644 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:12:34.0840 4644 RasAcd - ok
18:12:34.0993 4644 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:12:35.0042 4644 RasAgileVpn - ok
18:12:35.0264 4644 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:12:35.0348 4644 Rasl2tp - ok
18:12:35.0486 4644 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:12:35.0557 4644 RasPppoe - ok
18:12:35.0662 4644 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:12:35.0741 4644 RasSstp - ok
18:12:35.0841 4644 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:12:35.0923 4644 rdbss - ok
18:12:36.0132 4644 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:12:36.0215 4644 rdpbus - ok
18:12:36.0341 4644 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:12:36.0421 4644 RDPCDD - ok
18:12:36.0524 4644 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:12:36.0607 4644 RDPENCDD - ok
18:12:36.0711 4644 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:12:36.0766 4644 RDPREFMP - ok
18:12:36.0864 4644 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:12:36.0924 4644 RDPWD - ok
18:12:37.0073 4644 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:12:37.0107 4644 rdyboost - ok
18:12:37.0290 4644 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:12:37.0377 4644 rspndr - ok
18:12:37.0519 4644 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
18:12:37.0570 4644 RSUSBSTOR - ok
18:12:37.0679 4644 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:12:37.0719 4644 sbp2port - ok
18:12:37.0767 4644 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:12:37.0841 4644 scfilter - ok
18:12:37.0952 4644 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:12:38.0051 4644 secdrv - ok
18:12:38.0238 4644 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:12:38.0325 4644 Serenum - ok
18:12:38.0462 4644 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:12:38.0491 4644 Serial - ok
18:12:38.0590 4644 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:12:38.0636 4644 sermouse - ok
18:12:38.0756 4644 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:12:38.0811 4644 sffdisk - ok
18:12:38.0900 4644 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:12:38.0949 4644 sffp_mmc - ok
18:12:39.0036 4644 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:12:39.0076 4644 sffp_sd - ok
18:12:39.0117 4644 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:12:39.0166 4644 sfloppy - ok
18:12:39.0429 4644 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:12:39.0460 4644 SiSRaid2 - ok
18:12:39.0586 4644 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:12:39.0618 4644 SiSRaid4 - ok
18:12:39.0743 4644 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:12:39.0813 4644 Smb - ok
18:12:39.0922 4644 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:12:39.0951 4644 spldr - ok
18:12:40.0074 4644 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:12:40.0138 4644 srv - ok
18:12:40.0374 4644 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:12:40.0413 4644 srv2 - ok
18:12:40.0530 4644 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:12:40.0592 4644 srvnet - ok
18:12:40.0753 4644 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:12:40.0783 4644 stexstor - ok
18:12:40.0873 4644 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
18:12:40.0945 4644 STHDA - ok
18:12:41.0088 4644 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:12:41.0119 4644 swenum - ok
18:12:41.0438 4644 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:12:41.0565 4644 Tcpip - ok
18:12:41.0726 4644 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:12:41.0796 4644 TCPIP6 - ok
18:12:41.0902 4644 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:12:42.0038 4644 tcpipreg - ok
18:12:42.0177 4644 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:12:42.0255 4644 TDPIPE - ok
18:12:42.0377 4644 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:12:42.0462 4644 TDTCP - ok
18:12:42.0571 4644 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:12:42.0626 4644 tdx - ok
18:12:42.0670 4644 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:12:42.0701 4644 TermDD - ok
18:12:42.0824 4644 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:12:42.0899 4644 tssecsrv - ok
18:12:43.0010 4644 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:12:43.0065 4644 TsUsbFlt - ok
18:12:43.0193 4644 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:12:43.0272 4644 tunnel - ok
18:12:43.0378 4644 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:12:43.0454 4644 uagp35 - ok
18:12:43.0610 4644 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:12:43.0672 4644 udfs - ok
18:12:43.0797 4644 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:12:43.0831 4644 uliagpkx - ok
18:12:43.0945 4644 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:12:43.0981 4644 umbus - ok
18:12:44.0078 4644 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:12:44.0130 4644 UmPass - ok
18:12:44.0234 4644 USBAAPL64 (5cf1ead086176dd3348e920a40bed03d) C:\Windows\system32\Drivers\usbaapl64.sys
18:12:44.0278 4644 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
18:12:44.0279 4644 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
18:12:44.0376 4644 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:12:44.0414 4644 usbccgp - ok
18:12:44.0620 4644 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:12:44.0662 4644 usbcir - ok
18:12:44.0782 4644 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:12:44.0832 4644 usbehci - ok
18:12:44.0960 4644 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:12:45.0040 4644 usbhub - ok
18:12:45.0145 4644 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:12:45.0178 4644 usbohci - ok
18:12:45.0280 4644 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:12:45.0336 4644 usbprint - ok
18:12:45.0432 4644 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:12:45.0489 4644 USBSTOR - ok
18:12:45.0719 4644 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
18:12:45.0753 4644 usbuhci - ok
18:12:45.0863 4644 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:12:45.0903 4644 usbvideo - ok
18:12:46.0028 4644 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:12:46.0060 4644 vdrvroot - ok
18:12:46.0161 4644 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:12:46.0195 4644 vga - ok
18:12:46.0280 4644 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:12:46.0356 4644 VgaSave - ok
18:12:46.0449 4644 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:12:46.0486 4644 vhdmp - ok
18:12:46.0525 4644 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:12:46.0552 4644 viaide - ok
18:12:46.0789 4644 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:12:46.0814 4644 volmgr - ok
18:12:46.0980 4644 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:12:47.0017 4644 volmgrx - ok
18:12:47.0180 4644 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:12:47.0219 4644 volsnap - ok
18:12:47.0410 4644 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:12:47.0436 4644 vsmraid - ok
18:12:47.0622 4644 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:12:47.0724 4644 vwifibus - ok
18:12:47.0862 4644 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:12:47.0913 4644 vwififlt - ok
18:12:48.0165 4644 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:12:48.0192 4644 vwifimp - ok
18:12:48.0366 4644 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:12:48.0443 4644 WacomPen - ok
18:12:48.0623 4644 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:12:48.0693 4644 WANARP - ok
18:12:48.0710 4644 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:12:48.0762 4644 Wanarpv6 - ok
18:12:48.0944 4644 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:12:48.0974 4644 Wd - ok
18:12:49.0101 4644 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:12:49.0144 4644 Wdf01000 - ok
18:12:49.0280 4644 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:12:49.0335 4644 WfpLwf - ok
18:12:49.0429 4644 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
18:12:49.0466 4644 WimFltr - ok
18:12:49.0666 4644 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:12:49.0698 4644 WIMMount - ok
18:12:50.0002 4644 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:12:50.0094 4644 WinUsb - ok
18:12:50.0255 4644 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:12:50.0303 4644 WmiAcpi - ok
18:12:50.0484 4644 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:12:50.0538 4644 ws2ifsl - ok
18:12:50.0641 4644 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:12:50.0740 4644 WudfPf - ok
18:12:50.0889 4644 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:12:50.0967 4644 WUDFRd - ok
18:12:51.0138 4644 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
18:12:51.0207 4644 yukonw7 - ok
18:12:51.0291 4644 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
18:12:51.0793 4644 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:12:51.0793 4644 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:12:51.0840 4644 Boot (0x1200) (9025f5f50a56850b1f101cd31fc80309) \Device\Harddisk0\DR0\Partition0
18:12:51.0842 4644 \Device\Harddisk0\DR0\Partition0 - ok
18:12:51.0864 4644 Boot (0x1200) (45e1dc5f68aa56a619c7427965da6aac) \Device\Harddisk0\DR0\Partition1
18:12:51.0866 4644 \Device\Harddisk0\DR0\Partition1 - ok
18:12:51.0867 4644 ============================================================
18:12:51.0867 4644 Scan finished
18:12:51.0867 4644 ============================================================
18:12:51.0893 4176 Detected object count: 2
18:12:51.0893 4176 Actual detected object count: 2
18:13:23.0984 4176 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:13:23.0984 4176 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:13:23.0988 4176 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:13:23.0988 4176 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of the Combofix run please re-run TDSSkiller again and when you see this report select delete :

\Device\Harddisk0\DR0 ( TDSS File System ) -
  • 0

#7
dzk87

dzk87

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix Deletions:
ComboFix 12-03-11.01 - dell 1/2012 Sun 18:24:13.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.4056.2184 [GMT -4:00]
Running from: c:\users\dell\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Daniel\AppData\Local\TempDIR
c:\users\Daniel\Documents\~WRL0001.tmp
c:\users\Daniel\Documents\~WRL0002.tmp
c:\users\Daniel\Documents\~WRL0004.tmp
c:\users\Daniel\Documents\~WRL0005.tmp
c:\users\Daniel\Documents\~WRL0007.tmp
c:\users\Daniel\Documents\~WRL0082.tmp
c:\users\Daniel\Documents\~WRL0123.tmp
c:\users\Daniel\Documents\~WRL0126.tmp
c:\users\Daniel\Documents\~WRL0127.tmp
c:\users\Daniel\Documents\~WRL0151.tmp
c:\users\Daniel\Documents\~WRL0158.tmp
c:\users\Daniel\Documents\~WRL0163.tmp
c:\users\Daniel\Documents\~WRL0169.tmp
c:\users\Daniel\Documents\~WRL0170.tmp
c:\users\Daniel\Documents\~WRL0184.tmp
c:\users\Daniel\Documents\~WRL0237.tmp
c:\users\Daniel\Documents\~WRL0261.tmp
c:\users\Daniel\Documents\~WRL0264.tmp
c:\users\Daniel\Documents\~WRL0269.tmp
c:\users\Daniel\Documents\~WRL0318.tmp
c:\users\Daniel\Documents\~WRL0331.tmp
c:\users\Daniel\Documents\~WRL0350.tmp
c:\users\Daniel\Documents\~WRL0351.tmp
c:\users\Daniel\Documents\~WRL0370.tmp
c:\users\Daniel\Documents\~WRL0402.tmp
c:\users\Daniel\Documents\~WRL0418.tmp
c:\users\Daniel\Documents\~WRL0431.tmp
c:\users\Daniel\Documents\~WRL0483.tmp
c:\users\Daniel\Documents\~WRL0484.tmp
c:\users\Daniel\Documents\~WRL0495.tmp
c:\users\Daniel\Documents\~WRL0501.tmp
c:\users\Daniel\Documents\~WRL0519.tmp
c:\users\Daniel\Documents\~WRL0536.tmp
c:\users\Daniel\Documents\~WRL0539.tmp
c:\users\Daniel\Documents\~WRL0541.tmp
c:\users\Daniel\Documents\~WRL0546.tmp
c:\users\Daniel\Documents\~WRL0550.tmp
c:\users\Daniel\Documents\~WRL0552.tmp
c:\users\Daniel\Documents\~WRL0553.tmp
c:\users\Daniel\Documents\~WRL0555.tmp
c:\users\Daniel\Documents\~WRL0557.tmp
c:\users\Daniel\Documents\~WRL0564.tmp
c:\users\Daniel\Documents\~WRL0593.tmp
c:\users\Daniel\Documents\~WRL0598.tmp
c:\users\Daniel\Documents\~WRL0599.tmp
c:\users\Daniel\Documents\~WRL0612.tmp
c:\users\Daniel\Documents\~WRL0630.tmp
c:\users\Daniel\Documents\~WRL0669.tmp
c:\users\Daniel\Documents\~WRL0672.tmp
c:\users\Daniel\Documents\~WRL0674.tmp
c:\users\Daniel\Documents\~WRL0680.tmp
c:\users\Daniel\Documents\~WRL0691.tmp
c:\users\Daniel\Documents\~WRL0697.tmp
c:\users\Daniel\Documents\~WRL0725.tmp
c:\users\Daniel\Documents\~WRL0739.tmp
c:\users\Daniel\Documents\~WRL0744.tmp
c:\users\Daniel\Documents\~WRL0752.tmp
c:\users\Daniel\Documents\~WRL0818.tmp
c:\users\Daniel\Documents\~WRL0828.tmp
c:\users\Daniel\Documents\~WRL0830.tmp
c:\users\Daniel\Documents\~WRL0843.tmp
c:\users\Daniel\Documents\~WRL0854.tmp
c:\users\Daniel\Documents\~WRL0866.tmp
c:\users\Daniel\Documents\~WRL0867.tmp
c:\users\Daniel\Documents\~WRL0873.tmp
c:\users\Daniel\Documents\~WRL0879.tmp
c:\users\Daniel\Documents\~WRL0927.tmp
c:\users\Daniel\Documents\~WRL0937.tmp
c:\users\Daniel\Documents\~WRL0944.tmp
c:\users\Daniel\Documents\~WRL0945.tmp
c:\users\Daniel\Documents\~WRL0984.tmp
c:\users\Daniel\Documents\~WRL0988.tmp
c:\users\Daniel\Documents\~WRL0997.tmp
c:\users\Daniel\Documents\~WRL1055.tmp
c:\users\Daniel\Documents\~WRL1065.tmp
c:\users\Daniel\Documents\~WRL1094.tmp
c:\users\Daniel\Documents\~WRL1108.tmp
c:\users\Daniel\Documents\~WRL1114.tmp
c:\users\Daniel\Documents\~WRL1124.tmp
c:\users\Daniel\Documents\~WRL1125.tmp
c:\users\Daniel\Documents\~WRL1134.tmp
c:\users\Daniel\Documents\~WRL1143.tmp
c:\users\Daniel\Documents\~WRL1155.tmp
c:\users\Daniel\Documents\~WRL1168.tmp
c:\users\Daniel\Documents\~WRL1182.tmp
c:\users\Daniel\Documents\~WRL1210.tmp
c:\users\Daniel\Documents\~WRL1211.tmp
c:\users\Daniel\Documents\~WRL1214.tmp
c:\users\Daniel\Documents\~WRL1230.tmp
c:\users\Daniel\Documents\~WRL1235.tmp
c:\users\Daniel\Documents\~WRL1239.tmp
c:\users\Daniel\Documents\~WRL1242.tmp
c:\users\Daniel\Documents\~WRL1261.tmp
c:\users\Daniel\Documents\~WRL1268.tmp
c:\users\Daniel\Documents\~WRL1272.tmp
c:\users\Daniel\Documents\~WRL1314.tmp
c:\users\Daniel\Documents\~WRL1316.tmp
c:\users\Daniel\Documents\~WRL1324.tmp
c:\users\Daniel\Documents\~WRL1331.tmp
c:\users\Daniel\Documents\~WRL1336.tmp
c:\users\Daniel\Documents\~WRL1375.tmp
c:\users\Daniel\Documents\~WRL1376.tmp
c:\users\Daniel\Documents\~WRL1382.tmp
c:\users\Daniel\Documents\~WRL1413.tmp
c:\users\Daniel\Documents\~WRL1414.tmp
c:\users\Daniel\Documents\~WRL1425.tmp
c:\users\Daniel\Documents\~WRL1449.tmp
c:\users\Daniel\Documents\~WRL1481.tmp
c:\users\Daniel\Documents\~WRL1495.tmp
c:\users\Daniel\Documents\~WRL1500.tmp
c:\users\Daniel\Documents\~WRL1514.tmp
c:\users\Daniel\Documents\~WRL1515.tmp
c:\users\Daniel\Documents\~WRL1516.tmp
c:\users\Daniel\Documents\~WRL1552.tmp
c:\users\Daniel\Documents\~WRL1554.tmp
c:\users\Daniel\Documents\~WRL1560.tmp
c:\users\Daniel\Documents\~WRL1583.tmp
c:\users\Daniel\Documents\~WRL1612.tmp
c:\users\Daniel\Documents\~WRL1632.tmp
c:\users\Daniel\Documents\~WRL1633.tmp
c:\users\Daniel\Documents\~WRL1635.tmp
c:\users\Daniel\Documents\~WRL1648.tmp
c:\users\Daniel\Documents\~WRL1665.tmp
c:\users\Daniel\Documents\~WRL1683.tmp
c:\users\Daniel\Documents\~WRL1689.tmp
c:\users\Daniel\Documents\~WRL1692.tmp
c:\users\Daniel\Documents\~WRL1697.tmp
c:\users\Daniel\Documents\~WRL1703.tmp
c:\users\Daniel\Documents\~WRL1728.tmp
c:\users\Daniel\Documents\~WRL1738.tmp
c:\users\Daniel\Documents\~WRL1752.tmp
c:\users\Daniel\Documents\~WRL1753.tmp
c:\users\Daniel\Documents\~WRL1760.tmp
c:\users\Daniel\Documents\~WRL1771.tmp
c:\users\Daniel\Documents\~WRL1815.tmp
c:\users\Daniel\Documents\~WRL1817.tmp
c:\users\Daniel\Documents\~WRL1818.tmp
c:\users\Daniel\Documents\~WRL1829.tmp
c:\users\Daniel\Documents\~WRL1837.tmp
c:\users\Daniel\Documents\~WRL1848.tmp
c:\users\Daniel\Documents\~WRL1856.tmp
c:\users\Daniel\Documents\~WRL1903.tmp
c:\users\Daniel\Documents\~WRL1920.tmp
c:\users\Daniel\Documents\~WRL1931.tmp
c:\users\Daniel\Documents\~WRL1954.tmp
c:\users\Daniel\Documents\~WRL1956.tmp
c:\users\Daniel\Documents\~WRL1958.tmp
c:\users\Daniel\Documents\~WRL1977.tmp
c:\users\Daniel\Documents\~WRL1978.tmp
c:\users\Daniel\Documents\~WRL1982.tmp
c:\users\Daniel\Documents\~WRL1984.tmp
c:\users\Daniel\Documents\~WRL2000.tmp
c:\users\Daniel\Documents\~WRL2001.tmp
c:\users\Daniel\Documents\~WRL2044.tmp
c:\users\Daniel\Documents\~WRL2070.tmp
c:\users\Daniel\Documents\~WRL2077.tmp
c:\users\Daniel\Documents\~WRL2101.tmp
c:\users\Daniel\Documents\~WRL2108.tmp
c:\users\Daniel\Documents\~WRL2110.tmp
c:\users\Daniel\Documents\~WRL2143.tmp
c:\users\Daniel\Documents\~WRL2153.tmp
c:\users\Daniel\Documents\~WRL2164.tmp
c:\users\Daniel\Documents\~WRL2175.tmp
c:\users\Daniel\Documents\~WRL2180.tmp
c:\users\Daniel\Documents\~WRL2183.tmp
c:\users\Daniel\Documents\~WRL2208.tmp
c:\users\Daniel\Documents\~WRL2209.tmp
c:\users\Daniel\Documents\~WRL2210.tmp
c:\users\Daniel\Documents\~WRL2219.tmp
c:\users\Daniel\Documents\~WRL2224.tmp
c:\users\Daniel\Documents\~WRL2243.tmp
c:\users\Daniel\Documents\~WRL2252.tmp
c:\users\Daniel\Documents\~WRL2275.tmp
c:\users\Daniel\Documents\~WRL2282.tmp
c:\users\Daniel\Documents\~WRL2284.tmp
c:\users\Daniel\Documents\~WRL2291.tmp
c:\users\Daniel\Documents\~WRL2303.tmp
c:\users\Daniel\Documents\~WRL2307.tmp
c:\users\Daniel\Documents\~WRL2326.tmp
c:\users\Daniel\Documents\~WRL2331.tmp
c:\users\Daniel\Documents\~WRL2356.tmp
c:\users\Daniel\Documents\~WRL2358.tmp
c:\users\Daniel\Documents\~WRL2366.tmp
c:\users\Daniel\Documents\~WRL2387.tmp
c:\users\Daniel\Documents\~WRL2388.tmp
c:\users\Daniel\Documents\~WRL2430.tmp
c:\users\Daniel\Documents\~WRL2435.tmp
c:\users\Daniel\Documents\~WRL2470.tmp
c:\users\Daniel\Documents\~WRL2486.tmp
c:\users\Daniel\Documents\~WRL2504.tmp
c:\users\Daniel\Documents\~WRL2509.tmp
c:\users\Daniel\Documents\~WRL2517.tmp
c:\users\Daniel\Documents\~WRL2550.tmp
c:\users\Daniel\Documents\~WRL2557.tmp
c:\users\Daniel\Documents\~WRL2563.tmp
c:\users\Daniel\Documents\~WRL2568.tmp
c:\users\Daniel\Documents\~WRL2591.tmp
c:\users\Daniel\Documents\~WRL2597.tmp
c:\users\Daniel\Documents\~WRL2610.tmp
c:\users\Daniel\Documents\~WRL2611.tmp
c:\users\Daniel\Documents\~WRL2615.tmp
c:\users\Daniel\Documents\~WRL2662.tmp
c:\users\Daniel\Documents\~WRL2666.tmp
c:\users\Daniel\Documents\~WRL2668.tmp
c:\users\Daniel\Documents\~WRL2721.tmp
c:\users\Daniel\Documents\~WRL2724.tmp
c:\users\Daniel\Documents\~WRL2726.tmp
c:\users\Daniel\Documents\~WRL2760.tmp
c:\users\Daniel\Documents\~WRL2798.tmp
c:\users\Daniel\Documents\~WRL2854.tmp
c:\users\Daniel\Documents\~WRL2863.tmp
c:\users\Daniel\Documents\~WRL2872.tmp
c:\users\Daniel\Documents\~WRL2880.tmp
c:\users\Daniel\Documents\~WRL2881.tmp
c:\users\Daniel\Documents\~WRL2909.tmp
c:\users\Daniel\Documents\~WRL2924.tmp
c:\users\Daniel\Documents\~WRL2944.tmp
c:\users\Daniel\Documents\~WRL2951.tmp
c:\users\Daniel\Documents\~WRL2956.tmp
c:\users\Daniel\Documents\~WRL2977.tmp
c:\users\Daniel\Documents\~WRL2997.tmp
c:\users\Daniel\Documents\~WRL3008.tmp
c:\users\Daniel\Documents\~WRL3011.tmp
c:\users\Daniel\Documents\~WRL3021.tmp
c:\users\Daniel\Documents\~WRL3039.tmp
c:\users\Daniel\Documents\~WRL3040.tmp
c:\users\Daniel\Documents\~WRL3059.tmp
c:\users\Daniel\Documents\~WRL3065.tmp
c:\users\Daniel\Documents\~WRL3066.tmp
c:\users\Daniel\Documents\~WRL3070.tmp
c:\users\Daniel\Documents\~WRL3080.tmp
c:\users\Daniel\Documents\~WRL3085.tmp
c:\users\Daniel\Documents\~WRL3114.tmp
c:\users\Daniel\Documents\~WRL3118.tmp
c:\users\Daniel\Documents\~WRL3143.tmp
c:\users\Daniel\Documents\~WRL3152.tmp
c:\users\Daniel\Documents\~WRL3153.tmp
c:\users\Daniel\Documents\~WRL3199.tmp
c:\users\Daniel\Documents\~WRL3206.tmp
c:\users\Daniel\Documents\~WRL3207.tmp
c:\users\Daniel\Documents\~WRL3211.tmp
c:\users\Daniel\Documents\~WRL3258.tmp
c:\users\Daniel\Documents\~WRL3278.tmp
c:\users\Daniel\Documents\~WRL3279.tmp
c:\users\Daniel\Documents\~WRL3281.tmp
c:\users\Daniel\Documents\~WRL3337.tmp
c:\users\Daniel\Documents\~WRL3340.tmp
c:\users\Daniel\Documents\~WRL3359.tmp
c:\users\Daniel\Documents\~WRL3365.tmp
c:\users\Daniel\Documents\~WRL3389.tmp
c:\users\Daniel\Documents\~WRL3390.tmp
c:\users\Daniel\Documents\~WRL3409.tmp
c:\users\Daniel\Documents\~WRL3453.tmp
c:\users\Daniel\Documents\~WRL3455.tmp
c:\users\Daniel\Documents\~WRL3459.tmp
c:\users\Daniel\Documents\~WRL3469.tmp
c:\users\Daniel\Documents\~WRL3481.tmp
c:\users\Daniel\Documents\~WRL3491.tmp
c:\users\Daniel\Documents\~WRL3509.tmp
c:\users\Daniel\Documents\~WRL3525.tmp
c:\users\Daniel\Documents\~WRL3527.tmp
c:\users\Daniel\Documents\~WRL3539.tmp
c:\users\Daniel\Documents\~WRL3555.tmp
c:\users\Daniel\Documents\~WRL3559.tmp
c:\users\Daniel\Documents\~WRL3562.tmp
c:\users\Daniel\Documents\~WRL3567.tmp
c:\users\Daniel\Documents\~WRL3588.tmp
c:\users\Daniel\Documents\~WRL3595.tmp
c:\users\Daniel\Documents\~WRL3627.tmp
c:\users\Daniel\Documents\~WRL3628.tmp
c:\users\Daniel\Documents\~WRL3631.tmp
c:\users\Daniel\Documents\~WRL3639.tmp
c:\users\Daniel\Documents\~WRL3644.tmp
c:\users\Daniel\Documents\~WRL3658.tmp
c:\users\Daniel\Documents\~WRL3684.tmp
c:\users\Daniel\Documents\~WRL3698.tmp
c:\users\Daniel\Documents\~WRL3709.tmp
c:\users\Daniel\Documents\~WRL3733.tmp
c:\users\Daniel\Documents\~WRL3758.tmp
c:\users\Daniel\Documents\~WRL3768.tmp
c:\users\Daniel\Documents\~WRL3771.tmp
c:\users\Daniel\Documents\~WRL3793.tmp
c:\users\Daniel\Documents\~WRL3818.tmp
c:\users\Daniel\Documents\~WRL3819.tmp
c:\users\Daniel\Documents\~WRL3825.tmp
c:\users\Daniel\Documents\~WRL3839.tmp
c:\users\Daniel\Documents\~WRL3867.tmp
c:\users\Daniel\Documents\~WRL3876.tmp
c:\users\Daniel\Documents\~WRL3909.tmp
c:\users\Daniel\Documents\~WRL3938.tmp
c:\users\Daniel\Documents\~WRL3946.tmp
c:\users\Daniel\Documents\~WRL3948.tmp
c:\users\Daniel\Documents\~WRL3957.tmp
c:\users\Daniel\Documents\~WRL3958.tmp
c:\users\Daniel\Documents\~WRL3971.tmp
c:\users\Daniel\Documents\~WRL4009.tmp
c:\users\Daniel\Documents\~WRL4010.tmp
c:\users\Daniel\Documents\~WRL4019.tmp
c:\users\Daniel\Documents\~WRL4022.tmp
c:\users\Daniel\Documents\~WRL4054.tmp
c:\users\Daniel\Documents\~WRL4058.tmp
c:\users\Daniel\Documents\~WRL4090.tmp
c:\users\Daniel\Documents\~WRL4091.tmp
c:\users\Public\t.c
c:\users\Public\t.exe
c:\users\Public\t.o
c:\users\Public\t.s
c:\windows\SysWow64\k_KBD0.dll
c:\windows\SysWow64\k_KBD1.dll
c:\windows\SysWow64\KBD1.dll
.
----- File Replicators -----
.
c:\program files (x86)\Git\libexec\git-core\git-add.exe
c:\program files (x86)\Git\libexec\git-core\git-annotate.exe
c:\program files (x86)\Git\libexec\git-core\git-apply.exe
c:\program files (x86)\Git\libexec\git-core\git-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe
c:\program files (x86)\Git\libexec\git-core\git-blame.exe
c:\program files (x86)\Git\libexec\git-core\git-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-bundle.exe
c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe
c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe
c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry.exe
c:\program files (x86)\Git\libexec\git-core\git-clean.exe
c:\program files (x86)\Git\libexec\git-core\git-clone.exe
c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-commit.exe
c:\program files (x86)\Git\libexec\git-core\git-config.exe
c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-describe.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-diff.exe
c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch.exe
c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe
c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck.exe
c:\program files (x86)\Git\libexec\git-core\git-gc.exe
c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe
c:\program files (x86)\Git\libexec\git-core\git-grep.exe
c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe
c:\program files (x86)\Git\libexec\git-core\git-help.exe
c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-init-db.exe
c:\program files (x86)\Git\libexec\git-core\git-init.exe
c:\program files (x86)\Git\libexec\git-core\git-log.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe
c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge.exe
c:\program files (x86)\Git\libexec\git-core\git-mktag.exe
c:\program files (x86)\Git\libexec\git-core\git-mktree.exe
c:\program files (x86)\Git\libexec\git-core\git-mv.exe
c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe
c:\program files (x86)\Git\libexec\git-core\git-notes.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe
c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe
c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe
c:\program files (x86)\Git\libexec\git-core\git-prune.exe
c:\program files (x86)\Git\libexec\git-core\git-push.exe
c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-reflog.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe
c:\program files (x86)\Git\libexec\git-core\git-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-replace.exe
c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe
c:\program files (x86)\Git\libexec\git-core\git-rerere.exe
c:\program files (x86)\Git\libexec\git-core\git-reset.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe
c:\program files (x86)\Git\libexec\git-core\git-revert.exe
c:\program files (x86)\Git\libexec\git-core\git-rm.exe
c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe
c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-show.exe
c:\program files (x86)\Git\libexec\git-core\git-stage.exe
c:\program files (x86)\Git\libexec\git-core\git-status.exe
c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe
c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-update-index.exe
c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe
c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-var.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe
c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe
c:\programdata\Adobe\Reader\9.4\ARM\Daniel\14105\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\Daniel\14105\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\Daniel\14105\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\Daniel\25741\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\Daniel\25741\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\Daniel\25741\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\Daniel\26816\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\Daniel\26816\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\Daniel\26816\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\Daniel\4643\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\Daniel\4643\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\Daniel\4643\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\dell\12843\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\dell\12843\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\dell\12843\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\dell\202\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\dell\202\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\dell\202\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\dell\20708\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\dell\20708\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\dell\20708\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\Daniel\14105\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\Daniel\14105\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\Daniel\14105\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\Daniel\25741\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\Daniel\25741\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\Daniel\25741\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\Daniel\26816\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\Daniel\26816\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\Daniel\26816\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\Daniel\4643\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\Daniel\4643\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\Daniel\4643\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\dell\12843\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\dell\12843\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\dell\12843\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\dell\202\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\dell\202\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\dell\202\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\dell\20708\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\dell\20708\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\dell\20708\ReaderUpdater.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-11 22:34 . 2012-03-11 22:34 -------- d-----w- c:\users\work\AppData\Local\temp
2012-03-11 21:53 . 2012-03-11 21:53 -------- d-----w- C:\_OTL
2012-03-11 20:24 . 2012-03-11 20:54 -------- d-----w- c:\programdata\HitmanPro
2012-03-11 19:22 . 2012-02-09 17:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F27B7C9D-7BF4-4E79-B221-73E831E688F4}\gapaengine.dll
2012-03-11 19:21 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6362543-3BC4-470D-8772-36889ADAFCA9}\mpengine.dll
2012-03-11 19:21 . 2012-03-11 19:21 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-11 19:18 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-03-11 19:17 . 2012-03-11 19:21 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-11 16:05 . 2012-03-11 18:55 -------- d-----w- c:\users\dell\AppData\Roaming\SSH
2012-03-10 17:52 . 2012-03-10 17:52 -------- d-----w- c:\users\dell\AppData\Roaming\LolClient
2012-03-10 02:33 . 2012-03-10 15:27 -------- d-----w- C:\League Of Legends
2012-03-10 02:32 . 2012-03-10 15:52 -------- d-----w- c:\users\dell\AppData\Local\PMB Files
2012-03-10 01:44 . 2012-03-10 01:44 -------- d-----w- c:\windows\Sun
2012-03-09 17:13 . 2012-03-09 17:16 -------- d-----w- c:\users\dell\AppData\Roaming\BitTorrent
2012-03-09 17:10 . 2012-03-09 17:10 -------- d-----w- c:\users\dell\AppData\Roaming\Media Player Classic
2012-03-09 16:29 . 2012-03-09 16:29 -------- d-----w- c:\users\dell\AppData\Roaming\Malwarebytes
2012-02-27 23:43 . 2012-02-27 23:43 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes
2012-02-27 23:40 . 2012-02-27 23:40 -------- d-----w- c:\programdata\Malwarebytes
2012-02-27 23:40 . 2012-02-27 23:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-27 23:40 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 01:07 . 2012-02-27 01:07 -------- d-----w- c:\program files (x86)\Media Player Classic - Home Cinema
2012-02-26 18:47 . 2012-02-26 18:47 -------- d-----w- c:\users\Daniel\048298C9A4D3490B9FF9AB023A9238F3.TMP
2012-02-15 15:01 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 15:01 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 15:01 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 15:01 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 15:01 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 15:01 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-12 15:03 . 2012-02-12 15:08 -------- d-----w- c:\users\Daniel\AppData\Roaming\X-Chat 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 07:13 . 2010-11-12 23:51 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-06-29 12:01 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-03 137536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 13351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 41051]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-23 1436424]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-10-18 20549]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-31 652360]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [2010-03-04 658656]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1181968351-368210708-1878507678-1000Core.job
- c:\users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-03 01:57]
.
2012-03-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1181968351-368210708-1878507678-1000UA.job
- c:\users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-03 01:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\x4vq1cdb.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-ooVoo.exe - c:\program files (x86)\ooVoo\oovoo.exe
Wow6432Node-HKU-Default-Run-Update - c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\klzgc.dll
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Final Fantasy VII - c:\program files (x86)\Square Soft
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-03-11 19:02:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-11 23:02
.
Pre-Run: 14,823,292,928 bytes free
Post-Run: 34,656,546,816 bytes free
.
- - End Of File - - A27BD418305FF8169ED6D8E77E090098

TDSS:

19:08:03.0155 5100 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
19:08:03.0405 5100 ============================================================
19:08:03.0405 5100 Current date / time: 2012/03/11 19:08:03.0405
19:08:03.0405 5100 SystemInfo:
19:08:03.0405 5100
19:08:03.0405 5100 OS Version: 6.1.7601 ServicePack: 1.0
19:08:03.0405 5100 Product type: Workstation
19:08:03.0406 5100 ComputerName: DELL-LAPTOP
19:08:03.0406 5100 UserName: dell
19:08:03.0406 5100 Windows directory: C:\Windows
19:08:03.0406 5100 System windows directory: C:\Windows
19:08:03.0406 5100 Running under WOW64
19:08:03.0406 5100 Processor architecture: Intel x64
19:08:03.0406 5100 Number of processors: 2
19:08:03.0406 5100 Page size: 0x1000
19:08:03.0406 5100 Boot type: Normal boot
19:08:03.0406 5100 ============================================================
19:08:04.0796 5100 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:08:04.0806 5100 \Device\Harddisk0\DR0:
19:08:04.0806 5100 MBR used
19:08:04.0806 5100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x95800, BlocksNum 0x25C0000
19:08:04.0806 5100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2655800, BlocksNum 0x37D30030
19:08:04.0843 5100 Initialize success
19:08:04.0844 5100 ============================================================
19:08:20.0898 2580 ============================================================
19:08:20.0898 2580 Scan started
19:08:20.0898 2580 Mode: Manual; SigCheck; TDLFS;
19:08:20.0898 2580 ============================================================
19:08:22.0026 2580 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:08:22.0205 2580 1394ohci - ok
19:08:22.0365 2580 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:08:22.0417 2580 ACPI - ok
19:08:22.0537 2580 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:08:22.0621 2580 AcpiPmi - ok
19:08:22.0822 2580 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:08:22.0866 2580 adp94xx - ok
19:08:23.0002 2580 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:08:23.0041 2580 adpahci - ok
19:08:23.0170 2580 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:08:23.0201 2580 adpu320 - ok
19:08:23.0453 2580 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:08:23.0548 2580 AFD - ok
19:08:23.0672 2580 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:08:23.0704 2580 agp440 - ok
19:08:23.0835 2580 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:08:23.0863 2580 aliide - ok
19:08:23.0971 2580 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:08:23.0999 2580 amdide - ok
19:08:24.0104 2580 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:08:24.0208 2580 AmdK8 - ok
19:08:24.0304 2580 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:08:24.0426 2580 AmdPPM - ok
19:08:24.0563 2580 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:08:24.0597 2580 amdsata - ok
19:08:24.0700 2580 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:08:24.0736 2580 amdsbs - ok
19:08:24.0848 2580 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:08:24.0875 2580 amdxata - ok
19:08:25.0032 2580 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:08:25.0099 2580 ApfiltrService - ok
19:08:25.0261 2580 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:08:25.0478 2580 AppID - ok
19:08:25.0678 2580 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:08:25.0710 2580 arc - ok
19:08:25.0824 2580 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:08:25.0856 2580 arcsas - ok
19:08:25.0990 2580 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:08:26.0149 2580 AsyncMac - ok
19:08:26.0270 2580 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:08:26.0301 2580 atapi - ok
19:08:26.0454 2580 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:08:26.0567 2580 b06bdrv - ok
19:08:26.0683 2580 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:08:26.0760 2580 b57nd60a - ok
19:08:26.0906 2580 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
19:08:26.0933 2580 BCM42RLY - ok
19:08:27.0154 2580 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:08:27.0239 2580 BCM43XX - ok
19:08:27.0444 2580 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:08:27.0549 2580 Beep - ok
19:08:27.0722 2580 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:08:27.0782 2580 blbdrive - ok
19:08:28.0036 2580 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:08:28.0100 2580 bowser - ok
19:08:28.0194 2580 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:08:28.0280 2580 BrFiltLo - ok
19:08:28.0373 2580 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:08:28.0408 2580 BrFiltUp - ok
19:08:28.0550 2580 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:08:28.0702 2580 BridgeMP - ok
19:08:28.0810 2580 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:08:28.0903 2580 Brserid - ok
19:08:28.0998 2580 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:08:29.0048 2580 BrSerWdm - ok
19:08:29.0197 2580 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:08:29.0271 2580 BrUsbMdm - ok
19:08:29.0433 2580 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:08:29.0473 2580 BrUsbSer - ok
19:08:29.0601 2580 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:08:29.0667 2580 BTHMODEM - ok
19:08:29.0710 2580 catchme - ok
19:08:29.0804 2580 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:08:29.0896 2580 cdfs - ok
19:08:30.0037 2580 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:08:30.0098 2580 cdrom - ok
19:08:30.0251 2580 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:08:30.0321 2580 circlass - ok
19:08:30.0430 2580 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:08:30.0465 2580 CLFS - ok
19:08:30.0619 2580 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:08:30.0661 2580 CmBatt - ok
19:08:30.0784 2580 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:08:30.0813 2580 cmdide - ok
19:08:30.0999 2580 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:08:31.0060 2580 CNG - ok
19:08:31.0192 2580 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:08:31.0234 2580 Compbatt - ok
19:08:31.0458 2580 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:08:31.0529 2580 CompositeBus - ok
19:08:31.0729 2580 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:08:31.0754 2580 crcdisk - ok
19:08:31.0911 2580 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:08:31.0990 2580 CtClsFlt - ok
19:08:32.0188 2580 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:08:32.0261 2580 DfsC - ok
19:08:32.0398 2580 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:08:32.0466 2580 discache - ok
19:08:32.0633 2580 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:08:32.0669 2580 Disk - ok
19:08:32.0834 2580 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:08:32.0887 2580 drmkaud - ok
19:08:33.0066 2580 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:08:33.0118 2580 DXGKrnl - ok
19:08:33.0285 2580 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:08:33.0447 2580 ebdrv - ok
19:08:33.0597 2580 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:08:33.0641 2580 elxstor - ok
19:08:33.0777 2580 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:08:33.0855 2580 ErrDev - ok
19:08:34.0015 2580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:08:34.0084 2580 exfat - ok
19:08:34.0172 2580 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:08:34.0235 2580 fastfat - ok
19:08:34.0336 2580 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:08:34.0380 2580 fdc - ok
19:08:34.0481 2580 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:08:34.0518 2580 FileInfo - ok
19:08:34.0610 2580 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:08:34.0697 2580 Filetrace - ok
19:08:34.0836 2580 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:08:34.0865 2580 flpydisk - ok
19:08:34.0990 2580 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:08:35.0039 2580 FltMgr - ok
19:08:35.0144 2580 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:08:35.0172 2580 FsDepends - ok
19:08:35.0305 2580 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:08:35.0338 2580 Fs_Rec - ok
19:08:35.0549 2580 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:08:35.0598 2580 fvevol - ok
19:08:35.0726 2580 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:08:35.0759 2580 gagp30kx - ok
19:08:35.0880 2580 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:08:35.0907 2580 GEARAspiWDM - ok
19:08:36.0015 2580 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:08:36.0078 2580 hcw85cir - ok
19:08:36.0196 2580 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:08:36.0254 2580 HDAudBus - ok
19:08:36.0360 2580 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:08:36.0417 2580 HidBatt - ok
19:08:36.0572 2580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:08:36.0638 2580 HidBth - ok
19:08:36.0728 2580 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:08:36.0783 2580 HidIr - ok
19:08:36.0960 2580 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:08:37.0023 2580 HidUsb - ok
19:08:37.0209 2580 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:08:37.0236 2580 HpSAMD - ok
19:08:37.0378 2580 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:08:37.0479 2580 HTTP - ok
19:08:37.0674 2580 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:08:37.0704 2580 hwpolicy - ok
19:08:37.0890 2580 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:08:37.0914 2580 i8042prt - ok
19:08:38.0064 2580 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
19:08:38.0096 2580 iaStor - ok
19:08:38.0344 2580 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:08:38.0387 2580 iaStorV - ok
19:08:38.0979 2580 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:08:39.0382 2580 igfx - ok
19:08:39.0536 2580 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:08:39.0566 2580 iirsp - ok
19:08:39.0674 2580 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:08:39.0704 2580 intelide - ok
19:08:39.0863 2580 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:08:39.0920 2580 intelppm - ok
19:08:40.0064 2580 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:08:40.0135 2580 IpFilterDriver - ok
19:08:40.0231 2580 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:08:40.0289 2580 IPMIDRV - ok
19:08:40.0384 2580 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:08:40.0497 2580 IPNAT - ok
19:08:40.0631 2580 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:08:40.0742 2580 IRENUM - ok
19:08:40.0870 2580 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:08:40.0896 2580 isapnp - ok
19:08:41.0277 2580 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:08:41.0363 2580 iScsiPrt - ok
19:08:41.0606 2580 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:08:41.0642 2580 kbdclass - ok
19:08:41.0794 2580 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:08:41.0839 2580 kbdhid - ok
19:08:41.0950 2580 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:08:41.0979 2580 KSecDD - ok
19:08:42.0126 2580 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:08:42.0155 2580 KSecPkg - ok
19:08:42.0284 2580 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:08:42.0360 2580 ksthunk - ok
19:08:42.0603 2580 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:08:42.0708 2580 lltdio - ok
19:08:42.0841 2580 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:08:42.0866 2580 LSI_FC - ok
19:08:42.0976 2580 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:08:43.0001 2580 LSI_SAS - ok
19:08:43.0112 2580 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:08:43.0133 2580 LSI_SAS2 - ok
19:08:43.0280 2580 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:08:43.0320 2580 LSI_SCSI - ok
19:08:43.0436 2580 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:08:43.0527 2580 luafv - ok
19:08:43.0641 2580 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:08:43.0666 2580 MBAMProtector - ok
19:08:43.0927 2580 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
19:08:43.0986 2580 mcdbus - ok
19:08:44.0091 2580 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:08:44.0116 2580 megasas - ok
19:08:44.0441 2580 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:08:44.0492 2580 MegaSR - ok
19:08:44.0806 2580 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:08:44.0943 2580 Modem - ok
19:08:45.0393 2580 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:08:45.0563 2580 monitor - ok
19:08:45.0860 2580 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:08:45.0896 2580 mouclass - ok
19:08:46.0137 2580 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:08:46.0181 2580 mouhid - ok
19:08:46.0471 2580 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:08:46.0503 2580 mountmgr - ok
19:08:46.0919 2580 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
19:08:46.0958 2580 MpFilter - ok
19:08:47.0273 2580 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:08:47.0309 2580 mpio - ok
19:08:47.0880 2580 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:08:47.0913 2580 MpNWMon - ok
19:08:48.0202 2580 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:08:48.0287 2580 mpsdrv - ok
19:08:48.0402 2580 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:08:48.0503 2580 MRxDAV - ok
19:08:48.0623 2580 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:08:48.0690 2580 mrxsmb - ok
19:08:48.0871 2580 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:08:48.0948 2580 mrxsmb10 - ok
19:08:49.0060 2580 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:08:49.0092 2580 mrxsmb20 - ok
19:08:49.0177 2580 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:08:49.0200 2580 msahci - ok
19:08:49.0308 2580 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:08:49.0332 2580 msdsm - ok
19:08:49.0448 2580 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:08:49.0502 2580 Msfs - ok
19:08:49.0606 2580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:08:49.0693 2580 mshidkmdf - ok
19:08:49.0849 2580 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:08:49.0867 2580 msisadrv - ok
19:08:49.0992 2580 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:08:50.0067 2580 MSKSSRV - ok
19:08:50.0217 2580 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:08:50.0289 2580 MSPCLOCK - ok
19:08:50.0386 2580 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:08:50.0486 2580 MSPQM - ok
19:08:50.0596 2580 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:08:50.0644 2580 MsRPC - ok
19:08:50.0737 2580 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:08:50.0766 2580 mssmbios - ok
19:08:50.0917 2580 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:08:50.0978 2580 MSTEE - ok
19:08:51.0060 2580 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:08:51.0130 2580 MTConfig - ok
19:08:51.0236 2580 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:08:51.0269 2580 Mup - ok
19:08:51.0429 2580 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:08:51.0485 2580 NativeWifiP - ok
19:08:51.0613 2580 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:08:51.0667 2580 NDIS - ok
19:08:51.0772 2580 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:08:51.0853 2580 NdisCap - ok
19:08:51.0948 2580 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:08:52.0031 2580 NdisTapi - ok
19:08:52.0154 2580 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:08:52.0240 2580 Ndisuio - ok
19:08:52.0373 2580 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:08:52.0456 2580 NdisWan - ok
19:08:52.0605 2580 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:08:52.0685 2580 NDProxy - ok
19:08:52.0803 2580 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:08:52.0883 2580 NetBIOS - ok
19:08:52.0989 2580 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:08:53.0100 2580 NetBT - ok
19:08:53.0304 2580 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:08:53.0336 2580 nfrd960 - ok
19:08:53.0495 2580 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:08:53.0523 2580 NisDrv - ok
19:08:53.0644 2580 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:08:53.0703 2580 Npfs - ok
19:08:53.0818 2580 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:08:53.0904 2580 nsiproxy - ok
19:08:54.0092 2580 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:08:54.0167 2580 Ntfs - ok
19:08:54.0338 2580 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:08:54.0436 2580 Null - ok
19:08:54.0545 2580 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:08:54.0588 2580 nvraid - ok
19:08:54.0615 2580 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:08:54.0642 2580 nvstor - ok
19:08:54.0747 2580 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:08:54.0787 2580 nv_agp - ok
19:08:54.0825 2580 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:08:54.0886 2580 ohci1394 - ok
19:08:54.0991 2580 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:08:55.0027 2580 Parport - ok
19:08:55.0131 2580 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:08:55.0166 2580 partmgr - ok
19:08:55.0277 2580 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:08:55.0320 2580 pci - ok
19:08:55.0423 2580 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:08:55.0453 2580 pciide - ok
19:08:55.0497 2580 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:08:55.0535 2580 pcmcia - ok
19:08:55.0638 2580 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:08:55.0672 2580 pcw - ok
19:08:55.0845 2580 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:08:55.0937 2580 PEAUTH - ok
19:08:56.0111 2580 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:08:56.0170 2580 PptpMiniport - ok
19:08:56.0252 2580 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:08:56.0305 2580 Processor - ok
19:08:56.0428 2580 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:08:56.0504 2580 Psched - ok
19:08:56.0591 2580 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:08:56.0621 2580 PxHlpa64 - ok
19:08:56.0693 2580 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:08:56.0778 2580 ql2300 - ok
19:08:56.0972 2580 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:08:57.0002 2580 ql40xx - ok
19:08:57.0102 2580 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:08:57.0170 2580 QWAVEdrv - ok
19:08:57.0260 2580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:08:57.0336 2580 RasAcd - ok
19:08:57.0454 2580 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:08:57.0522 2580 RasAgileVpn - ok
19:08:57.0692 2580 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:08:57.0804 2580 Rasl2tp - ok
19:08:57.0926 2580 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:08:57.0989 2580 RasPppoe - ok
19:08:58.0091 2580 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:08:58.0166 2580 RasSstp - ok
19:08:58.0269 2580 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:08:58.0349 2580 rdbss - ok
19:08:58.0449 2580 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:08:58.0530 2580 rdpbus - ok
19:08:58.0670 2580 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:08:58.0789 2580 RDPCDD - ok
19:08:58.0919 2580 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:08:58.0999 2580 RDPENCDD - ok
19:08:59.0095 2580 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:08:59.0152 2580 RDPREFMP - ok
19:08:59.0248 2580 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:08:59.0311 2580 RDPWD - ok
19:08:59.0456 2580 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:08:59.0494 2580 rdyboost - ok
19:08:59.0696 2580 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:08:59.0848 2580 rspndr - ok
19:08:59.0959 2580 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
19:09:00.0049 2580 RSUSBSTOR - ok
19:09:00.0141 2580 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:09:00.0177 2580 sbp2port - ok
19:09:00.0229 2580 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:09:00.0310 2580 scfilter - ok
19:09:00.0447 2580 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:09:00.0525 2580 secdrv - ok
19:09:00.0677 2580 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:09:00.0709 2580 Serenum - ok
19:09:00.0834 2580 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:09:00.0857 2580 Serial - ok
19:09:00.0963 2580 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:09:01.0018 2580 sermouse - ok
19:09:01.0140 2580 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:09:01.0200 2580 sffdisk - ok
19:09:01.0284 2580 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:09:01.0332 2580 sffp_mmc - ok
19:09:01.0453 2580 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:09:01.0502 2580 sffp_sd - ok
19:09:01.0623 2580 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:09:01.0671 2580 sfloppy - ok
19:09:01.0802 2580 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:09:01.0831 2580 SiSRaid2 - ok
19:09:01.0958 2580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:09:01.0985 2580 SiSRaid4 - ok
19:09:02.0126 2580 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:09:02.0242 2580 Smb - ok
19:09:02.0383 2580 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:09:02.0408 2580 spldr - ok
19:09:02.0603 2580 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:09:02.0731 2580 srv - ok
19:09:02.0835 2580 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:09:02.0884 2580 srv2 - ok
19:09:02.0980 2580 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:09:03.0078 2580 srvnet - ok
19:09:03.0260 2580 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:09:03.0291 2580 stexstor - ok
19:09:03.0446 2580 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
19:09:03.0713 2580 STHDA - ok
19:09:03.0827 2580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:09:03.0856 2580 swenum - ok
19:09:04.0032 2580 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:09:04.0112 2580 Tcpip - ok
19:09:04.0261 2580 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:09:04.0336 2580 TCPIP6 - ok
19:09:04.0442 2580 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:09:04.0521 2580 tcpipreg - ok
19:09:04.0626 2580 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:09:04.0685 2580 TDPIPE - ok
19:09:04.0782 2580 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:09:04.0855 2580 TDTCP - ok
19:09:04.0999 2580 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:09:05.0052 2580 tdx - ok
19:09:05.0202 2580 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:09:05.0231 2580 TermDD - ok
19:09:05.0363 2580 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:09:05.0439 2580 tssecsrv - ok
19:09:05.0582 2580 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:09:05.0672 2580 TsUsbFlt - ok
19:09:05.0786 2580 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:09:05.0856 2580 tunnel - ok
19:09:06.0038 2580 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:09:06.0091 2580 uagp35 - ok
19:09:06.0202 2580 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:09:06.0280 2580 udfs - ok
19:09:06.0412 2580 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:09:06.0442 2580 uliagpkx - ok
19:09:06.0571 2580 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:09:06.0601 2580 umbus - ok
19:09:06.0700 2580 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:09:06.0741 2580 UmPass - ok
19:09:06.0861 2580 USBAAPL64 (5cf1ead086176dd3348e920a40bed03d) C:\Windows\system32\Drivers\usbaapl64.sys
19:09:06.0898 2580 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
19:09:06.0899 2580 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
19:09:06.0992 2580 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:09:07.0036 2580 usbccgp - ok
19:09:07.0136 2580 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:09:07.0201 2580 usbcir - ok
19:09:07.0287 2580 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:09:07.0346 2580 usbehci - ok
19:09:07.0487 2580 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:09:07.0545 2580 usbhub - ok
19:09:07.0718 2580 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:09:07.0748 2580 usbohci - ok
19:09:07.0852 2580 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:09:07.0909 2580 usbprint - ok
19:09:08.0004 2580 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:09:08.0082 2580 USBSTOR - ok
19:09:08.0194 2580 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
19:09:08.0233 2580 usbuhci - ok
19:09:08.0347 2580 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
19:09:08.0389 2580 usbvideo - ok
19:09:08.0534 2580 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:09:08.0566 2580 vdrvroot - ok
19:09:08.0700 2580 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:09:08.0730 2580 vga - ok
19:09:08.0830 2580 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:09:08.0899 2580 VgaSave - ok
19:09:08.0999 2580 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:09:09.0030 2580 vhdmp - ok
19:09:09.0165 2580 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:09:09.0184 2580 viaide - ok
19:09:09.0362 2580 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:09:09.0393 2580 volmgr - ok
19:09:09.0543 2580 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:09:09.0585 2580 volmgrx - ok
19:09:09.0697 2580 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:09:09.0744 2580 volsnap - ok
19:09:09.0838 2580 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:09:09.0862 2580 vsmraid - ok
19:09:09.0951 2580 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:09:10.0008 2580 vwifibus - ok
19:09:10.0101 2580 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:09:10.0151 2580 vwififlt - ok
19:09:10.0271 2580 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:09:10.0306 2580 vwifimp - ok
19:09:10.0416 2580 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:09:10.0486 2580 WacomPen - ok
19:09:10.0607 2580 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:09:10.0696 2580 WANARP - ok
19:09:10.0741 2580 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:09:10.0800 2580 Wanarpv6 - ok
19:09:10.0983 2580 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:09:11.0012 2580 Wd - ok
19:09:11.0150 2580 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:09:11.0198 2580 Wdf01000 - ok
19:09:11.0331 2580 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:09:11.0391 2580 WfpLwf - ok
19:09:11.0490 2580 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
19:09:11.0529 2580 WimFltr - ok
19:09:11.0628 2580 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:09:11.0661 2580 WIMMount - ok
19:09:11.0875 2580 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:09:11.0933 2580 WinUsb - ok
19:09:12.0094 2580 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:09:12.0121 2580 WmiAcpi - ok
19:09:12.0290 2580 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:09:12.0351 2580 ws2ifsl - ok
19:09:12.0458 2580 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:09:12.0536 2580 WudfPf - ok
19:09:12.0651 2580 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:09:12.0740 2580 WUDFRd - ok
19:09:12.0877 2580 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
19:09:12.0957 2580 yukonw7 - ok
19:09:12.0997 2580 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:09:13.0624 2580 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:09:13.0624 2580 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:09:13.0646 2580 Boot (0x1200) (9025f5f50a56850b1f101cd31fc80309) \Device\Harddisk0\DR0\Partition0
19:09:13.0647 2580 \Device\Harddisk0\DR0\Partition0 - ok
19:09:13.0681 2580 Boot (0x1200) (45e1dc5f68aa56a619c7427965da6aac) \Device\Harddisk0\DR0\Partition1
19:09:13.0682 2580 \Device\Harddisk0\DR0\Partition1 - ok
19:09:13.0683 2580 ============================================================
19:09:13.0683 2580 Scan finished
19:09:13.0683 2580 ============================================================
19:09:13.0702 0784 Detected object count: 2
19:09:13.0702 0784 Actual detected object count: 2
19:09:28.0705 0784 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:28.0706 0784 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:09:29.0096 0784 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
19:09:29.0189 0784 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
19:09:29.0226 0784 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:09:29.0249 0784 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:09:29.0358 0784 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
19:09:31.0857 0784 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
19:09:31.0894 0784 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
19:09:31.0898 0784 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
19:09:31.0902 0784 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
19:09:31.0910 0784 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
19:09:31.0967 0784 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
19:09:31.0998 0784 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
19:09:32.0003 0784 \Device\Harddisk0\DR0\TDLFS - deleted
19:09:32.0003 0784 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete


The redirect is NOT solved, it randomly moved me to happili.com

Edited by dzk87, 11 March 2012 - 07:08 PM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are the redirects in Firefox only ?

Is it only firefox ?

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear.

    Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

  • 0

#9
dzk87

dzk87

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
GooredFix by jpshortstuff (03.07.10.1)
Log created at 07:24 on 12/03/2012 (dell)
Firefox version 10.0.1 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:45 29/06/2010]

C:\Users\dell\Application Data\Mozilla\Firefox\Profiles\x4vq1cdb.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

I can't tell if it is only firefox, because it only redirects on a very rare basis..
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
None of the known processes are running for that malware, however Combofix detected a file replicator. To ensure that is gone we will need to run a deep AV scan. This may take several hours to run - so mayhap run it overnight



Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn
  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd
  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on “Start”.

    Posted Image
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

  • 0

Advertisements


#11
dzk87

dzk87

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
My computer gets to the point where it says that Doctor Web is loading. About how long should the load take?
Verbose mode turned on, it doesn't seem to be working. It says:

mount: mounting /dev/loop2 on /mnt/module/tmp failed :Invalid argument
cat :can't open '/mnt/module/tmp/base_module' :No such file or directory
Cannot find base module.

then it says:
/bin/sh: can't access tty : job control turned off.

Edited by dzk87, 12 March 2012 - 07:07 AM.

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sounds like a corrupt burn - lets try a different AV from the same stable

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#13
dzk87

dzk87

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Status: Deleted (events: 15)
3/12/2012 12:17:03 PM Deleted Trojan program Trojan-PSW.Win32.Tepfer.mk C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{4B51E8BB-8B6D-E55B-0053-F058A0C8BB43}-ftp[1].exe High
3/12/2012 12:17:03 PM Deleted Trojan program Trojan-PSW.Win32.Tepfer.mk C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{4B51E8BB-8B6D-E55B-0053-F058A0C8BB43}-ftp[1].exe//PE-Crypt.XorPE High
3/12/2012 12:17:04 PM Deleted Trojan program Trojan-Downloader.Win32.Dapato.grm C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{0919BD6E-3814-0C79-45A5-C155B273F9B5}-rgpwfpjwyqf.exe High
3/12/2012 12:17:04 PM Deleted Trojan program Trojan-Downloader.Win32.Dapato.grm C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{0919BD6E-3814-0C79-45A5-C155B273F9B5}-rgpwfpjwyqf.exe//PE-Crypt.XorPE High
3/12/2012 12:34:40 PM Deleted Trojan program Trojan-PSW.Win32.Tepfer.mk C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{7F2412C0-712C-BCE0-41DB-FA9CA357D8ED}-ftp[1].exe High
3/12/2012 12:34:40 PM Deleted Trojan program Trojan-PSW.Win32.Tepfer.mk C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{7F2412C0-712C-BCE0-41DB-FA9CA357D8ED}-ftp[1].exe//PE-Crypt.XorPE High
3/12/2012 12:35:32 PM Deleted Trojan program Trojan-Downloader.Win32.Dapato.grm C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{C4FDD56F-2D68-185B-9AFE-9A674A22578D}-binconfig.exe High
3/12/2012 12:35:32 PM Deleted Trojan program Trojan-Downloader.Win32.Dapato.grm C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{C4FDD56F-2D68-185B-9AFE-9A674A22578D}-binconfig.exe//PE-Crypt.XorPE High
3/12/2012 12:35:33 PM Deleted Trojan program Trojan-PSW.Win32.Tepfer.mk C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{964EB795-6DE0-97D5-F710-6B4D39C4DD3D}-B9E.tmp High
3/12/2012 12:35:33 PM Deleted Trojan program Trojan-PSW.Win32.Tepfer.mk C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{964EB795-6DE0-97D5-F710-6B4D39C4DD3D}-B9E.tmp//PE-Crypt.XorPE High
3/12/2012 12:35:36 PM Deleted Trojan program Trojan-PSW.Win32.Tepfer.mk C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{C86BE6D0-360B-7FBD-64E1-8D68F83CB9ED}-B9E.tmp High
3/12/2012 12:35:36 PM Deleted Trojan program Trojan-PSW.Win32.Tepfer.mk C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{C86BE6D0-360B-7FBD-64E1-8D68F83CB9ED}-B9E.tmp//PE-Crypt.XorPE High
3/12/2012 3:07:48 PM Deleted Trojan program Backdoor.Win32.Poison.btbt C:\Documents and Settings\dell\Desktop\Daniel\Sprite\Warcraft_III\Warcraft III\Tools\Model Tools\Cheat Programs\1.22\Gattahack.exe High
3/12/2012 3:07:49 PM Deleted Trojan program Backdoor.Win32.Agent.azwh C:\Documents and Settings\dell\Desktop\Daniel\Sprite\Warcraft_III\Warcraft III\Tools\World Editors\Grimoire\bin\ongameload.dll High
3/12/2012 3:07:49 PM Deleted Trojan program Backdoor.Win32.Agent.azwi C:\Documents and Settings\dell\Desktop\Daniel\Sprite\Warcraft_III\Warcraft III\Tools\World Editors\Grimoire\bin\weload.dll High

Attached Files


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now check again for redirects please

Also update and run Malwarebytes posting the resultant log
  • 0

#15
dzk87

dzk87

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Redirects still occur, about one in twenty times.
http://63.209.69.107 is the site now?
Also once was click-get-answers.
Malawarebytes will go up when it's done.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
dell :: DELL-LAPTOP [administrator]

Protection: Enabled

3/12/2012 4:20:22 PM
mbam-log-2012-03-12 (16-20-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 689363
Time elapsed: 7 hour(s), 22 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

EDIT: Redirects occur quite often now, to those same sites.

Edited by dzk87, 13 March 2012 - 11:46 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP