Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

followed instructions to remove "smart fortress 2012" but stil

Started by mosdef , May 02 2012 12:18 PM

Please log in to reply

#1
mosdef

Posted 02 May 2012 - 12:18 PM

Member

Member
44 posts

hello

I recently contracted "smart fortress 2012". I followed the instructions and created a Chameleon folder to rid this virus. It seemed to have gotten rid of the problem. I also ran a free virus removal software I found online, trend micro which found some trojans.

However what I now notice is that while I'm surfing the net, a random webpage will pop-up. The webpage that pops up will be different all the time. I've ran malwarebytes again with a full scan, yet it doesnt detect anything.

Please do let me know whats steps I need to take to get rid of this problem. I've copied my OTL log below:

OTL logfile created on: 5/2/2012 11:08:51 AM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\^Dave\My Backup Files
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.98 Gb Total Physical Memory | 4.53 Gb Available Physical Memory | 75.75% Memory free
11.96 Gb Paging File | 10.35 Gb Available in Paging File | 86.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.66 Gb Total Space | 856.65 Gb Free Space | 93.45% Space Free | Partition Type: NTFS
Drive H: | 465.73 Gb Total Space | 369.90 Gb Free Space | 79.42% Space Free | Partition Type: NTFS
Drive Y: | 14.81 Gb Total Space | 6.11 Gb Free Space | 41.24% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: ^Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 11:08:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\^Dave\My Backup Files\OTL.exe
PRC - [2012/01/06 12:08:30 | 000,949,760 | ---- | M] (Manulife Financial) -- C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/08 13:42:54 | 000,779,264 | ---- | M] (BodyMedia, Inc.) -- C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/08 08:12:32 | 002,749,248 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/07/08 08:10:34 | 004,257,600 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/07/08 08:09:50 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/11/02 19:52:48 | 000,173,568 | ---- | M] (Sybase, Inc.) -- C:\Program Files (x86)\AClient\Bin\XCDiffCache.exe
PRC - [2009/11/02 19:52:11 | 000,239,104 | ---- | M] (Sybase, Inc.) -- C:\Program Files (x86)\AClient\Bin\XeService.exe
PRC - [2009/11/02 19:50:42 | 000,111,616 | ---- | M] (Sybase, Inc.) -- C:\Program Files (x86)\AClient\Bin\XcListener.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/28 19:50:07 | 000,114,688 | ---- | M] () -- C:\Users\^Dave\AppData\Local\Temp\ctfpor.dll
MOD - [2012/04/12 09:18:23 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll
MOD - [2012/04/12 09:18:10 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/12 09:18:00 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/12 09:17:46 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll
MOD - [2012/02/16 11:09:35 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/16 10:57:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/16 10:56:36 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 10:56:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 10:56:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/16 10:56:23 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/15 10:08:36 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/08 08:12:32 | 002,749,248 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/11/20 20:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/05 05:57:46 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 18:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\W700mdfl.dll -- (sisnic)
SRV - [2012/04/13 16:25:27 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/27 08:24:50 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2011/07/08 08:09:50 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/11/25 03:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 03:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/02 19:52:11 | 000,239,104 | ---- | M] (Sybase, Inc.) [Auto | Running] -- C:\Program Files (x86)\AClient\Bin\XeService.exe -- (Afaria Client Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/13 18:19:10 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/27 10:06:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/27 10:06:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/06/10 15:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 16:27:32 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/05 06:37:16 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/05 05:19:40 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 15:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/03/19 01:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/24 05:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/15 14:53:22 | 000,083,776 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2008/01/15 14:53:22 | 000,063,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Hosts file not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ctfpor] C:\Users\^Dave\AppData\Local\Temp\ctfpor.dll ()
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [pelera] C:\Users\^Dave\AppData\Local\Temp\pelera.dll (Analog Devices, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [DiamondView] C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe (Manulife Financial)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.19.176.6 216.19.176.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40DA8617-6434-45B9-8D54-C24FC19E4C13}: DhcpNameServer = 216.19.176.6 216.19.176.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F658999-1010-45E2-8162-E1975536E343}: DhcpNameServer = 216.19.176.6 216.19.176.7
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - Y:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/02 11:00:12 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/02 10:59:05 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\^Dave\Desktop\TDSSKiller.exe
[2012/05/02 10:58:33 | 000,000,000 | ---D | C] -- C:\Users\^Dave\Desktop\GooredFix Backups
[2012/05/02 10:58:21 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\^Dave\Desktop\GooredFix.exe
[2012/05/02 10:54:31 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/05/02 10:53:24 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\^Dave\Desktop\OTM.exe
[2012/05/02 10:52:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/02 10:18:46 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\LogMeIn Rescue Applet
[2012/04/30 18:36:41 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/04/30 18:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012/04/28 20:29:59 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Roaming\Malwarebytes
[2012/04/28 20:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/28 20:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/28 20:29:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/28 20:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/28 20:26:10 | 000,000,000 | ---D | C] -- C:\Users\^Dave\Desktop\Chameleon
[2012/04/28 19:52:30 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012
[2012/04/28 19:50:22 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/04/28 19:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A700017AEA00036DD4B4EB2367
[2012/04/27 15:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canada Life
[2012/04/27 15:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canada Life
[2012/04/19 10:17:49 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{078E2CC7-8B83-48C5-A5FB-262F81C52207}
[2012/04/19 10:17:17 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{8AD4EB89-DF9E-40B2-BEFB-23763EDBF5D2}
[2012/04/17 12:29:39 | 000,183,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.024
[2012/04/17 12:29:39 | 000,141,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.026
[2012/04/17 12:29:39 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.025
[2012/04/17 12:29:38 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01F
[2012/04/17 12:29:38 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01C
[2012/04/17 12:29:38 | 000,195,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.020
[2012/04/17 12:29:38 | 000,086,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.023
[2012/04/17 12:29:38 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01D
[2012/04/17 12:29:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.022
[2012/04/17 12:29:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.021
[2012/04/17 12:29:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01E
[2012/04/15 22:46:02 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{234EF522-598C-4603-988A-A4FAE2416B06}
[2012/04/15 22:45:29 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{38840921-ACE5-46D1-8AC0-B58D19E608C9}
[2012/04/14 10:05:42 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{3FCD047A-06D9-43C2-A8DE-8A6A8547FA6D}
[2012/04/13 16:25:03 | 008,766,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/12 01:16:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 01:16:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/12 01:16:12 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/12 01:16:12 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/12 01:16:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/12 01:16:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/12 01:16:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/12 01:16:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 01:16:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 01:16:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 01:16:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 01:16:04 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/12 01:16:03 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/12 01:16:03 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/12 01:14:03 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/12 01:14:03 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/12 01:14:03 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/10 12:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Manulife Financial
[2012/04/09 22:31:09 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{0370657E-E59A-4899-AB51-C54C616F2282}
[2012/04/09 10:30:37 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{3F84318A-6FFC-493D-AB3D-B4E8C293C5FD}
[2012/04/06 09:41:33 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/05 18:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/05 18:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/05 18:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/05 12:15:39 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{78624298-8C2B-4CDD-8AE6-8B9565A155B7}
[2012/04/05 08:27:16 | 000,000,000 | ---D | C] -- C:\Users\^Dave\My Backup Files

========== Files - Modified Within 30 Days ==========

[2012/05/02 11:08:27 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 11:08:27 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 11:05:25 | 000,798,404 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/02 11:05:25 | 000,677,078 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/02 11:05:25 | 000,130,650 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/02 11:02:09 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/05/02 11:01:15 | 000,000,030 | ---- | M] () -- C:\Windows\MaritimeLife.ini
[2012/05/02 11:01:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/02 11:00:57 | 523,218,943 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/02 11:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/05/02 10:58:58 | 002,055,783 | ---- | M] () -- C:\Users\^Dave\Desktop\tdsskiller.zip
[2012/05/02 10:58:29 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\^Dave\Desktop\GooredFix.exe
[2012/05/02 10:53:32 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\^Dave\Desktop\OTM.exe
[2012/05/02 10:25:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/02 10:00:04 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\^Dave\Desktop\TDSSKiller.exe
[2012/05/01 21:18:23 | 000,008,824 | ---- | M] () -- C:\Users\^Dave\Documents\MLTMTRA.DAT
[2012/05/01 12:06:33 | 000,004,228 | ---- | M] () -- C:\Users\^Dave\Documents\MLCITRA.DAT
[2012/04/30 20:37:57 | 004,628,548 | ---- | M] () -- C:\Users\^Dave\AppData\Local\census.cache
[2012/04/30 20:34:17 | 000,130,943 | ---- | M] () -- C:\Users\^Dave\AppData\Local\ars.cache
[2012/04/30 18:36:19 | 000,000,036 | ---- | M] () -- C:\Users\^Dave\AppData\Local\housecall.guid.cache
[2012/04/28 20:29:57 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/28 20:27:07 | 408,275,439 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/27 17:46:40 | 000,000,935 | ---- | M] () -- C:\Users\^Dave\Documents\MLPATRA.DAT
[2012/04/27 16:00:47 | 000,006,453 | ---- | M] () -- C:\Users\^Dave\Documents\GWTMTRA.DAT
[2012/04/27 16:00:47 | 000,003,242 | ---- | M] () -- C:\Users\^Dave\Documents\GWSHTRA.DAT
[2012/04/27 16:00:42 | 000,001,078 | ---- | M] () -- C:\Users\^Dave\Documents\GWPRTRA.DAT
[2012/04/27 15:39:38 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Concourse.lnk
[2012/04/27 14:31:38 | 000,008,206 | ---- | M] () -- C:\Users\^Dave\Documents\GWSHTRA1.DAT
[2012/04/26 19:54:01 | 000,004,116 | ---- | M] () -- C:\Users\^Dave\Documents\EQISTRA.DAT
[2012/04/26 19:54:00 | 000,007,706 | ---- | M] () -- C:\Users\^Dave\Documents\EQCITRA.DAT
[2012/04/26 19:54:00 | 000,000,402 | ---- | M] () -- C:\Users\^Dave\Documents\EQBRIDGE.NIS
[2012/04/26 18:12:49 | 000,005,294 | ---- | M] () -- C:\Users\^Dave\Documents\RBTMTRA.DAT
[2012/04/26 18:12:49 | 000,001,195 | ---- | M] () -- C:\Users\^Dave\Documents\RBSHTRA.DAT
[2012/04/25 13:17:36 | 000,004,338 | ---- | M] () -- C:\Users\^Dave\Documents\EQTMTRA.DAT
[2012/04/20 15:59:36 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\LifeView - VisionVie 9.1.lnk
[2012/04/19 12:18:39 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\WawaLife.lnk
[2012/04/18 12:04:42 | 000,008,847 | ---- | M] () -- C:\Users\^Dave\Documents\MLCITRA1.DAT
[2012/04/17 12:29:39 | 000,001,788 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/04/17 12:29:39 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\CPP Illustration.lnk
[2012/04/17 12:29:39 | 000,000,385 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012/04/17 11:06:00 | 000,009,872 | ---- | M] () -- C:\Users\^Dave\Documents\MLTMTRA1.DAT
[2012/04/13 16:25:27 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 16:25:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/13 16:25:03 | 008,766,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/12 01:15:37 | 000,000,127 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/10 14:15:08 | 000,000,000 | ---- | M] () -- C:\Users\^Dave\Documents\Printer PDF
[2012/04/10 13:04:50 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/10 12:57:17 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\Manulife Diamond View.lnk
[2012/04/10 12:55:58 | 000,000,029 | ---- | M] () -- C:\Windows\MLI.INI
[2012/04/09 10:59:05 | 000,004,608 | ---- | M] () -- C:\Users\^Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/07 13:47:13 | 000,011,044 | ---- | M] () -- C:\Users\^Dave\Documents\MLTMTRA2.DAT
[2012/04/05 18:41:32 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/05 08:05:47 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/05/02 10:58:52 | 002,055,783 | ---- | C] () -- C:\Users\^Dave\Desktop\tdsskiller.zip
[2012/04/30 18:41:53 | 004,628,548 | ---- | C] () -- C:\Users\^Dave\AppData\Local\census.cache
[2012/04/30 18:41:47 | 000,130,943 | ---- | C] () -- C:\Users\^Dave\AppData\Local\ars.cache
[2012/04/30 18:36:19 | 000,000,036 | ---- | C] () -- C:\Users\^Dave\AppData\Local\housecall.guid.cache
[2012/04/28 20:29:57 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/28 19:51:33 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/04/27 16:00:39 | 000,001,078 | ---- | C] () -- C:\Users\^Dave\Documents\GWPRTRA.DAT
[2012/04/27 15:39:38 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Concourse.lnk
[2012/04/27 14:31:54 | 000,000,935 | ---- | C] () -- C:\Users\^Dave\Documents\MLPATRA.DAT
[2012/04/26 19:54:00 | 000,000,402 | ---- | C] () -- C:\Users\^Dave\Documents\EQBRIDGE.NIS
[2012/04/20 15:59:36 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\LifeView - VisionVie 9.1.lnk
[2012/04/12 01:15:37 | 000,000,127 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/04/06 09:41:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/05 18:41:32 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/05 18:08:47 | 000,004,608 | ---- | C] () -- C:\Users\^Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/01 18:04:16 | 000,000,024 | ---- | C] () -- C:\Windows\LifeView.INI
[2011/11/18 20:10:36 | 000,000,614 | ---- | C] () -- C:\Windows\Wininit.ini
[2011/11/15 12:03:10 | 000,150,816 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL
[2011/11/15 12:03:10 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2011/11/12 12:38:10 | 000,000,061 | ---- | C] () -- C:\Windows\novinsft.ini
[2011/11/12 12:38:09 | 000,000,060 | ---- | C] () -- C:\Windows\avul.INI
[2011/11/11 11:21:51 | 000,000,030 | ---- | C] () -- C:\Windows\MaritimeLife.ini
[2011/10/28 12:21:17 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2011/10/28 12:21:17 | 000,037,376 | ---- | C] () -- C:\Windows\Olodmg35.dll
[2011/10/19 12:39:29 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\MD5DLL.DLL
[2011/10/11 11:47:10 | 000,001,788 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/11 11:47:10 | 000,000,385 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/10/11 11:43:16 | 000,626,688 | ---- | C] () -- C:\Windows\SysWow64\MFCDIB.dll
[2011/10/11 11:43:16 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\MFCExt.dll
[2011/10/11 11:43:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\PDDIB.dll
[2011/10/11 11:19:56 | 000,000,029 | ---- | C] () -- C:\Windows\MLI.INI
[2011/09/27 10:11:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/27 09:48:50 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/10 09:10:51 | 000,783,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >

#2
mosdef

Posted 02 May 2012 - 12:25 PM

Member

Topic Starter
Member
44 posts

further to this, I just ran "TDSSkiller" (which i downloaded from this website) and it showed one threat called "sisnic (backdoor.multi.zaccess.gen)

#3
RKinner

Posted 02 May 2012 - 01:09 PM

Malware Expert

Expert
24,624 posts

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#4
mosdef

Posted 02 May 2012 - 02:13 PM

Member

Topic Starter
Member
44 posts

Hi Ron
I've completed every step you've asked. Here are all the logs:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 12:14:25
-----------------------------
12:14:25.507 OS Version: Windows x64 6.1.7601 Service Pack 1
12:14:25.507 Number of processors: 4 586 0x2A07
12:14:25.507 ComputerName: DAVE-PC UserName: ^Dave
12:14:27.317 Initialize success
12:14:50.069 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:14:50.069 Disk 0 Vendor: WDC_WD10EALX-759BA1 19.01H19 Size: 953869MB BusType: 3
12:14:50.069 Disk 0 MBR read successfully
12:14:50.084 Disk 0 MBR scan
12:14:50.084 Disk 0 Windows VISTA default MBR code
12:14:50.084 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
12:14:50.084 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 81920
12:14:50.100 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938662 MB offset 31141888
12:14:50.115 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
12:14:50.115 Disk 0 scanning C:\Windows\system32\drivers
12:14:54.015 Service scanning
12:14:54.546 Service 70334752 C:\Windows\system32\drivers\95497681.sys **HIDDEN**
12:14:54.561 Service 82343938 C:\Windows\system32\drivers\84539871.sys **HIDDEN**
12:15:02.502 Modules scanning
12:15:02.502 Scan finished successfully
12:15:56.774 Disk 0 MBR has been saved successfully to "C:\Users\^Dave\Desktop\MBR.dat"
12:15:56.774 The log file has been saved successfully to "C:\Users\^Dave\Desktop\aswMBR.txt"

ComboFix 12-05-02.03 - ^Dave 02/05/2012 12:19:24.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6127.4616 [GMT -7:00]
Running from: c:\users\^Dave\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\^Dave\AppData\Local\Temp\ctfpor.dll
c:\users\^Dave\AppData\Local\Temp\pelera.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 19:23 . 2012-05-02 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 18:00 . 2012-05-02 19:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-02 17:54 . 2012-05-02 17:54 -------- d-----w- C:\_OTM
2012-05-02 17:23 . 2012-05-02 17:23 53248 ----a-r- c:\users\^Dave\AppData\Roaming\Microsoft\Installer\{693C3C76-B3A8-4496-A21A-B474A71C220A}\ARPPRODUCTICON.exe
2012-05-02 17:18 . 2012-05-02 17:28 -------- d-----w- c:\users\^Dave\AppData\Local\LogMeIn Rescue Applet
2012-05-01 01:36 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-05-01 01:32 . 2012-05-01 18:12 -------- d-----w- c:\program files (x86)\Panda Security
2012-04-29 03:29 . 2012-04-29 03:29 -------- d-----w- c:\users\^Dave\AppData\Roaming\Malwarebytes
2012-04-29 03:29 . 2012-04-29 03:29 -------- d-----w- c:\programdata\Malwarebytes
2012-04-29 03:29 . 2012-04-29 03:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-29 03:29 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 02:50 . 2012-04-29 03:41 -------- d-----w- c:\programdata\B7E858A700017AEA00036DD4B4EB2367
2012-04-27 22:39 . 2012-04-27 22:39 -------- d-----w- c:\program files (x86)\Canada Life
2012-04-27 16:46 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C8FC94B-3419-46A1-93A9-1033DB3814E7}\mpengine.dll
2012-04-17 19:29 . 1998-09-15 03:00 70144 ----a-w- c:\windows\SysWow64\temp.025
2012-04-17 19:29 . 1998-09-15 03:00 183568 ----a-w- c:\windows\SysWow64\temp.024
2012-04-17 19:29 . 1998-09-15 03:00 141072 ----a-w- c:\windows\SysWow64\temp.026
2012-04-17 19:29 . 1999-04-24 01:22 274432 ----a-w- c:\windows\SysWow64\temp.01F
2012-04-17 19:29 . 1998-09-15 03:00 9216 ----a-w- c:\windows\SysWow64\temp.022
2012-04-17 19:29 . 1998-09-15 03:00 86288 ----a-w- c:\windows\SysWow64\temp.023
2012-04-17 19:29 . 1998-09-15 03:00 6656 ----a-w- c:\windows\SysWow64\temp.021
2012-04-17 19:29 . 1998-09-15 03:00 5632 ----a-w- c:\windows\SysWow64\temp.01E
2012-04-17 19:29 . 1998-09-15 03:00 195344 ----a-w- c:\windows\SysWow64\temp.020
2012-04-17 19:29 . 1998-06-17 03:00 254005 ----a-w- c:\windows\SysWow64\temp.01C
2012-04-17 19:29 . 1998-05-11 23:01 45056 ----a-w- c:\windows\SysWow64\temp.01D
2012-04-13 23:25 . 2012-04-13 23:25 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 08:14 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 08:14 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 08:14 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 08:14 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 08:14 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 08:14 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 08:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 19:56 . 2012-04-10 19:56 -------- d-----w- c:\program files (x86)\Common Files\Manulife Financial
2012-04-06 16:41 . 2012-04-13 23:25 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-06 01:41 . 2012-04-06 01:41 -------- d-----w- c:\program files\iTunes
2012-04-06 01:41 . 2012-04-06 01:41 -------- d-----w- c:\program files\iPod
2012-04-05 15:27 . 2012-05-02 18:11 -------- d-----w- c:\users\^Dave\My Backup Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 23:25 . 2011-09-27 15:16 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 17:12 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 17:12 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 17:12 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 17:12 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 17:12 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 17:12 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 17:12 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 20:17 1233288 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiamondView"="c:\program files (x86)\Manulife Financial\Diamond View\Diamondview.exe" [2012-01-06 949760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DiamondView"="c:\program files (x86)\Manulife Financial\Diamond View\Diamondview.exe" [2012-01-06 949760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BodyMedia Sync.lnk - c:\program files (x86)\BodyMedia\Sync\BodyMediaSync.exe [2011-12-8 779264]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-10-9 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-12-14 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Afaria Client Service;Afaria Client Service;c:\program files (x86)\AClient\Bin\XeService.exe [2009-11-03 239104]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 70334752
*NewlyCreated* - 82343938
*NewlyCreated* - WS2IFSL
*Deregistered* - 70334752
*Deregistered* - 82343938
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:25]
.
2012-04-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-05-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2782096]
"combofix"="c:\combofix\CF4848.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 216.19.176.6 216.19.176.7
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-26460188.sys
SafeBoot-39204610.sys
SafeBoot-56763479.sys
SafeBoot-70334752.sys
SafeBoot-82343938.sys
Toolbar-Locked - (no file)
HKLM-Run-ctfpor - c:\users\^Dave\AppData\Local\Temp\ctfpor.dll
HKLM-Run-pelera - c:\users\^Dave\AppData\Local\Temp\pelera.dll
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AClient\Bin\XcListener.exe
c:\program files (x86)\AClient\Bin\XcDiffCache.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Completion time: 2012-05-02 12:28:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 19:28
.
Pre-Run: 919,312,855,040 bytes free
Post-Run: 920,406,925,312 bytes free
.
- - End Of File - - BEA935C3C3DE4B8E3E08CABE12C1C6F2

12:30:47.0468 1504 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
12:30:47.0811 1504 ============================================================
12:30:47.0811 1504 Current date / time: 2012/05/02 12:30:47.0811
12:30:47.0811 1504 SystemInfo:
12:30:47.0811 1504
12:30:47.0811 1504 OS Version: 6.1.7601 ServicePack: 1.0
12:30:47.0811 1504 Product type: Workstation
12:30:47.0811 1504 ComputerName: DAVE-PC
12:30:47.0811 1504 UserName: ^Dave
12:30:47.0811 1504 Windows directory: C:\Windows
12:30:47.0811 1504 System windows directory: C:\Windows
12:30:47.0811 1504 Running under WOW64
12:30:47.0811 1504 Processor architecture: Intel x64
12:30:47.0811 1504 Number of processors: 4
12:30:47.0811 1504 Page size: 0x1000
12:30:47.0811 1504 Boot type: Normal boot
12:30:47.0811 1504 ============================================================
12:30:49.0340 1504 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:30:49.0386 1504 ============================================================
12:30:49.0386 1504 \Device\Harddisk0\DR0:
12:30:49.0386 1504 MBR partitions:
12:30:49.0386 1504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000
12:30:49.0386 1504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1DB3000, BlocksNum 0x72953000
12:30:49.0386 1504 ============================================================
12:30:49.0433 1504 C: <-> \Device\Harddisk0\DR0\Partition1
12:30:49.0433 1504 ============================================================
12:30:49.0433 1504 Initialize success
12:30:49.0433 1504 ============================================================
12:31:38.0230 2868 ============================================================
12:31:38.0230 2868 Scan started
12:31:38.0230 2868 Mode: Manual; SigCheck; TDLFS;
12:31:38.0230 2868 ============================================================
12:31:38.0714 2868 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:31:38.0807 2868 1394ohci - ok
12:31:38.0854 2868 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:31:38.0870 2868 ACPI - ok
12:31:38.0885 2868 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:31:38.0948 2868 AcpiPmi - ok
12:31:39.0057 2868 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:31:39.0072 2868 AdobeARMservice - ok
12:31:39.0213 2868 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:31:39.0228 2868 AdobeFlashPlayerUpdateSvc - ok
12:31:39.0291 2868 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:31:39.0322 2868 adp94xx - ok
12:31:39.0369 2868 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:31:39.0400 2868 adpahci - ok
12:31:39.0447 2868 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:31:39.0462 2868 adpu320 - ok
12:31:39.0494 2868 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:31:39.0556 2868 AeLookupSvc - ok
12:31:39.0618 2868 Afaria Client Service (7319beffb42e4b5d792cd2e07ab59cb3) C:\Program Files (x86)\AClient\Bin\XeService.exe
12:31:39.0650 2868 Afaria Client Service ( UnsignedFile.Multi.Generic ) - warning
12:31:39.0650 2868 Afaria Client Service - detected UnsignedFile.Multi.Generic (1)
12:31:39.0712 2868 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:31:39.0743 2868 AFD - ok
12:31:39.0759 2868 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:31:39.0759 2868 agp440 - ok
12:31:39.0774 2868 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:31:39.0790 2868 ALG - ok
12:31:39.0821 2868 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:31:39.0837 2868 aliide - ok
12:31:39.0899 2868 AMD External Events Utility (11276158eeeeadf3eb154061bfc80a19) C:\Windows\system32\atiesrxx.exe
12:31:39.0977 2868 AMD External Events Utility - ok
12:31:39.0977 2868 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:31:39.0993 2868 amdide - ok
12:31:40.0040 2868 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:31:40.0055 2868 AmdK8 - ok
12:31:40.0336 2868 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
12:31:40.0508 2868 amdkmdag - ok
12:31:40.0601 2868 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
12:31:40.0632 2868 amdkmdap - ok
12:31:40.0664 2868 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:31:40.0664 2868 AmdPPM - ok
12:31:40.0710 2868 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:31:40.0726 2868 amdsata - ok
12:31:40.0788 2868 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:31:40.0788 2868 amdsbs - ok
12:31:40.0820 2868 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:31:40.0820 2868 amdxata - ok
12:31:40.0866 2868 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:31:40.0913 2868 AppID - ok
12:31:40.0929 2868 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:31:40.0991 2868 AppIDSvc - ok
12:31:41.0022 2868 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:31:41.0054 2868 Appinfo - ok
12:31:41.0163 2868 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:31:41.0163 2868 Apple Mobile Device - ok
12:31:41.0225 2868 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:31:41.0241 2868 arc - ok
12:31:41.0256 2868 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:31:41.0272 2868 arcsas - ok
12:31:41.0366 2868 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:31:41.0381 2868 aspnet_state - ok
12:31:41.0412 2868 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:31:41.0444 2868 AsyncMac - ok
12:31:41.0475 2868 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:31:41.0475 2868 atapi - ok
12:31:41.0584 2868 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
12:31:41.0662 2868 athr - ok
12:31:41.0787 2868 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
12:31:41.0802 2868 AtiHDAudioService - ok
12:31:41.0880 2868 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:31:41.0927 2868 AudioEndpointBuilder - ok
12:31:41.0927 2868 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:31:41.0958 2868 AudioSrv - ok
12:31:42.0021 2868 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:31:42.0083 2868 AxInstSV - ok
12:31:42.0161 2868 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:31:42.0224 2868 b06bdrv - ok
12:31:42.0286 2868 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:31:42.0317 2868 b57nd60a - ok
12:31:42.0364 2868 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:31:42.0411 2868 BDESVC - ok
12:31:42.0411 2868 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:31:42.0458 2868 Beep - ok
12:31:42.0536 2868 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:31:42.0614 2868 BFE - ok
12:31:42.0660 2868 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:31:42.0707 2868 BITS - ok
12:31:42.0770 2868 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:31:42.0785 2868 blbdrive - ok
12:31:42.0879 2868 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:31:42.0894 2868 Bonjour Service - ok
12:31:42.0926 2868 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:31:42.0941 2868 bowser - ok
12:31:42.0988 2868 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:31:43.0004 2868 BrFiltLo - ok
12:31:43.0019 2868 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:31:43.0035 2868 BrFiltUp - ok
12:31:43.0082 2868 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:31:43.0113 2868 BridgeMP - ok
12:31:43.0175 2868 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:31:43.0206 2868 Browser - ok
12:31:43.0238 2868 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:31:43.0284 2868 Brserid - ok
12:31:43.0300 2868 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:31:43.0347 2868 BrSerWdm - ok
12:31:43.0362 2868 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:31:43.0378 2868 BrUsbMdm - ok
12:31:43.0394 2868 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:31:43.0394 2868 BrUsbSer - ok
12:31:43.0409 2868 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:31:43.0425 2868 BTHMODEM - ok
12:31:43.0487 2868 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:31:43.0550 2868 bthserv - ok
12:31:43.0565 2868 catchme - ok
12:31:43.0596 2868 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:31:43.0643 2868 cdfs - ok
12:31:43.0690 2868 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:31:43.0721 2868 cdrom - ok
12:31:43.0768 2868 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:31:43.0815 2868 CertPropSvc - ok
12:31:43.0846 2868 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:31:43.0846 2868 circlass - ok
12:31:43.0908 2868 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:31:43.0940 2868 CLFS - ok
12:31:43.0986 2868 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:31:44.0002 2868 clr_optimization_v2.0.50727_32 - ok
12:31:44.0033 2868 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:31:44.0049 2868 clr_optimization_v2.0.50727_64 - ok
12:31:44.0111 2868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:31:44.0127 2868 clr_optimization_v4.0.30319_32 - ok
12:31:44.0174 2868 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:31:44.0189 2868 clr_optimization_v4.0.30319_64 - ok
12:31:44.0236 2868 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:31:44.0267 2868 CmBatt - ok
12:31:44.0283 2868 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:31:44.0298 2868 cmdide - ok
12:31:44.0361 2868 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:31:44.0408 2868 CNG - ok
12:31:44.0517 2868 CnxtHdAudService (5c855932e4df00b1b6f5f6f57e82b6c5) C:\Windows\system32\drivers\CHDRT64.sys
12:31:44.0548 2868 CnxtHdAudService - ok
12:31:44.0610 2868 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:31:44.0626 2868 Compbatt - ok
12:31:44.0673 2868 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:31:44.0704 2868 CompositeBus - ok
12:31:44.0720 2868 COMSysApp - ok
12:31:44.0735 2868 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:31:44.0735 2868 crcdisk - ok
12:31:44.0782 2868 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:31:44.0813 2868 CryptSvc - ok
12:31:44.0969 2868 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:31:45.0000 2868 cvhsvc - ok
12:31:45.0047 2868 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:31:45.0078 2868 DcomLaunch - ok
12:31:45.0110 2868 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:31:45.0125 2868 defragsvc - ok
12:31:45.0219 2868 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:31:45.0281 2868 DfsC - ok
12:31:45.0312 2868 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:31:45.0390 2868 Dhcp - ok
12:31:45.0422 2868 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:31:45.0468 2868 discache - ok
12:31:45.0515 2868 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:31:45.0515 2868 Disk - ok
12:31:45.0546 2868 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:31:45.0593 2868 Dnscache - ok
12:31:45.0624 2868 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:31:45.0671 2868 dot3svc - ok
12:31:45.0702 2868 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:31:45.0765 2868 DPS - ok
12:31:45.0796 2868 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:31:45.0843 2868 drmkaud - ok
12:31:45.0905 2868 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:31:45.0921 2868 DXGKrnl - ok
12:31:45.0936 2868 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:31:45.0983 2868 EapHost - ok
12:31:46.0108 2868 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:31:46.0202 2868 ebdrv - ok
12:31:46.0280 2868 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:31:46.0295 2868 EFS - ok
12:31:46.0358 2868 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:31:46.0436 2868 ehRecvr - ok
12:31:46.0451 2868 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:31:46.0467 2868 ehSched - ok
12:31:46.0545 2868 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:31:46.0576 2868 elxstor - ok
12:31:46.0592 2868 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:31:46.0623 2868 ErrDev - ok
12:31:46.0670 2868 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:31:46.0701 2868 EventSystem - ok
12:31:46.0748 2868 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:31:46.0763 2868 exfat - ok
12:31:46.0794 2868 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:31:46.0857 2868 fastfat - ok
12:31:46.0919 2868 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:31:46.0982 2868 Fax - ok
12:31:46.0997 2868 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:31:47.0028 2868 fdc - ok
12:31:47.0060 2868 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:31:47.0091 2868 fdPHost - ok
12:31:47.0106 2868 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:31:47.0153 2868 FDResPub - ok
12:31:47.0169 2868 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:31:47.0184 2868 FileInfo - ok
12:31:47.0200 2868 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:31:47.0231 2868 Filetrace - ok
12:31:47.0247 2868 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:31:47.0247 2868 flpydisk - ok
12:31:47.0278 2868 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:31:47.0294 2868 FltMgr - ok
12:31:47.0340 2868 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:31:47.0403 2868 FontCache - ok
12:31:47.0465 2868 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:31:47.0481 2868 FontCache3.0.0.0 - ok
12:31:47.0496 2868 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:31:47.0512 2868 FsDepends - ok
12:31:47.0543 2868 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:31:47.0543 2868 Fs_Rec - ok
12:31:47.0606 2868 FTDIBUS (54891a87ba8dbfac580a3d256f4d2ceb) C:\Windows\system32\drivers\ftdibus.sys
12:31:47.0606 2868 FTDIBUS - ok
12:31:47.0621 2868 FTSER2K (7c98f85966a11d1a4214fa8b48be6a44) C:\Windows\system32\drivers\ftser2k.sys
12:31:47.0637 2868 FTSER2K - ok
12:31:47.0699 2868 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:31:47.0715 2868 fvevol - ok
12:31:47.0762 2868 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:31:47.0777 2868 gagp30kx - ok
12:31:47.0824 2868 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:31:47.0840 2868 GEARAspiWDM - ok
12:31:47.0918 2868 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
12:31:47.0933 2868 GoToAssist - ok
12:31:47.0980 2868 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:31:48.0042 2868 gpsvc - ok
12:31:48.0058 2868 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:31:48.0089 2868 hcw85cir - ok
12:31:48.0152 2868 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:31:48.0183 2868 HDAudBus - ok
12:31:48.0198 2868 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:31:48.0230 2868 HidBatt - ok
12:31:48.0261 2868 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:31:48.0308 2868 HidBth - ok
12:31:48.0323 2868 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:31:48.0339 2868 HidIr - ok
12:31:48.0354 2868 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:31:48.0386 2868 hidserv - ok
12:31:48.0432 2868 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:31:48.0448 2868 HidUsb - ok
12:31:48.0464 2868 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:31:48.0526 2868 hkmsvc - ok
12:31:48.0557 2868 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:31:48.0588 2868 HomeGroupListener - ok
12:31:48.0620 2868 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:31:48.0635 2868 HomeGroupProvider - ok
12:31:48.0651 2868 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:31:48.0666 2868 HpSAMD - ok
12:31:48.0713 2868 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:31:48.0791 2868 HTTP - ok
12:31:48.0807 2868 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:31:48.0822 2868 hwpolicy - ok
12:31:48.0885 2868 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:31:48.0900 2868 i8042prt - ok
12:31:48.0963 2868 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:31:48.0978 2868 iaStorV - ok
12:31:49.0056 2868 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:31:49.0103 2868 idsvc - ok
12:31:49.0103 2868 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:31:49.0119 2868 iirsp - ok
12:31:49.0197 2868 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:31:49.0275 2868 IKEEXT - ok
12:31:49.0306 2868 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:31:49.0322 2868 intelide - ok
12:31:49.0322 2868 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:31:49.0353 2868 intelppm - ok
12:31:49.0384 2868 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:31:49.0431 2868 IPBusEnum - ok
12:31:49.0462 2868 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:31:49.0478 2868 IpFilterDriver - ok
12:31:49.0571 2868 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:31:49.0634 2868 iphlpsvc - ok
12:31:49.0649 2868 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:31:49.0680 2868 IPMIDRV - ok
12:31:49.0712 2868 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:31:49.0743 2868 IPNAT - ok
12:31:49.0868 2868 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:31:49.0883 2868 iPod Service - ok
12:31:49.0930 2868 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:31:49.0946 2868 IRENUM - ok
12:31:49.0977 2868 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:31:49.0992 2868 isapnp - ok
12:31:50.0008 2868 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:31:50.0024 2868 iScsiPrt - ok
12:31:50.0070 2868 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:31:50.0070 2868 kbdclass - ok
12:31:50.0117 2868 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:31:50.0148 2868 kbdhid - ok
12:31:50.0180 2868 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:50.0195 2868 KeyIso - ok
12:31:50.0211 2868 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:31:50.0211 2868 KSecDD - ok
12:31:50.0226 2868 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:31:50.0242 2868 KSecPkg - ok
12:31:50.0242 2868 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:31:50.0289 2868 ksthunk - ok
12:31:50.0336 2868 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:31:50.0414 2868 KtmRm - ok
12:31:50.0460 2868 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:31:50.0523 2868 LanmanServer - ok
12:31:50.0554 2868 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:31:50.0616 2868 LanmanWorkstation - ok
12:31:50.0710 2868 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
12:31:50.0726 2868 LBTServ - ok
12:31:50.0788 2868 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:31:50.0788 2868 LHidFilt - ok
12:31:50.0835 2868 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:31:50.0866 2868 lltdio - ok
12:31:50.0897 2868 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:31:50.0975 2868 lltdsvc - ok
12:31:50.0991 2868 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:31:51.0022 2868 lmhosts - ok
12:31:51.0038 2868 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:31:51.0038 2868 LMouFilt - ok
12:31:51.0100 2868 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:31:51.0100 2868 LSI_FC - ok
12:31:51.0162 2868 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:31:51.0162 2868 LSI_SAS - ok
12:31:51.0178 2868 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:31:51.0194 2868 LSI_SAS2 - ok
12:31:51.0194 2868 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:31:51.0209 2868 LSI_SCSI - ok
12:31:51.0256 2868 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:31:51.0318 2868 luafv - ok
12:31:51.0350 2868 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:31:51.0365 2868 Mcx2Svc - ok
12:31:51.0381 2868 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:31:51.0381 2868 megasas - ok
12:31:51.0443 2868 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:31:51.0459 2868 MegaSR - ok
12:31:51.0506 2868 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
12:31:51.0521 2868 MEIx64 - ok
12:31:51.0537 2868 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:31:51.0584 2868 MMCSS - ok
12:31:51.0615 2868 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:31:51.0630 2868 Modem - ok
12:31:51.0662 2868 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:31:51.0693 2868 monitor - ok
12:31:51.0740 2868 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:31:51.0755 2868 mouclass - ok
12:31:51.0755 2868 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:31:51.0786 2868 mouhid - ok
12:31:51.0833 2868 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:31:51.0849 2868 mountmgr - ok
12:31:51.0864 2868 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:31:51.0880 2868 mpio - ok
12:31:51.0896 2868 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:31:51.0911 2868 mpsdrv - ok
12:31:51.0989 2868 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:31:52.0036 2868 MpsSvc - ok
12:31:52.0067 2868 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:31:52.0083 2868 MRxDAV - ok
12:31:52.0130 2868 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:31:52.0176 2868 mrxsmb - ok
12:31:52.0223 2868 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:31:52.0254 2868 mrxsmb10 - ok
12:31:52.0270 2868 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:31:52.0270 2868 mrxsmb20 - ok
12:31:52.0301 2868 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:31:52.0301 2868 msahci - ok
12:31:52.0317 2868 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:31:52.0317 2868 msdsm - ok
12:31:52.0332 2868 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:31:52.0348 2868 MSDTC - ok
12:31:52.0364 2868 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:31:52.0379 2868 Msfs - ok
12:31:52.0426 2868 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:31:52.0473 2868 mshidkmdf - ok
12:31:52.0488 2868 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:31:52.0488 2868 msisadrv - ok
12:31:52.0551 2868 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:31:52.0613 2868 MSiSCSI - ok
12:31:52.0613 2868 msiserver - ok
12:31:52.0644 2868 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:31:52.0691 2868 MSKSSRV - ok
12:31:52.0691 2868 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:31:52.0754 2868 MSPCLOCK - ok
12:31:52.0754 2868 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:31:52.0785 2868 MSPQM - ok
12:31:52.0816 2868 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:31:52.0847 2868 MsRPC - ok
12:31:52.0847 2868 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:31:52.0863 2868 mssmbios - ok
12:31:52.0863 2868 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:31:52.0910 2868 MSTEE - ok
12:31:52.0925 2868 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:31:52.0925 2868 MTConfig - ok
12:31:52.0956 2868 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:31:52.0956 2868 Mup - ok
12:31:53.0003 2868 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:31:53.0066 2868 napagent - ok
12:31:53.0112 2868 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:31:53.0159 2868 NativeWifiP - ok
12:31:53.0284 2868 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
12:31:53.0300 2868 NAUpdate - ok
12:31:53.0409 2868 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
12:31:53.0440 2868 NDIS - ok
12:31:53.0440 2868 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:31:53.0471 2868 NdisCap - ok
12:31:53.0502 2868 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:31:53.0534 2868 NdisTapi - ok
12:31:53.0580 2868 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:31:53.0627 2868 Ndisuio - ok
12:31:53.0658 2868 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:31:53.0721 2868 NdisWan - ok
12:31:53.0736 2868 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:31:53.0783 2868 NDProxy - ok
12:31:53.0783 2868 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:31:53.0814 2868 NetBIOS - ok
12:31:53.0830 2868 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:31:53.0861 2868 NetBT - ok
12:31:53.0877 2868 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:53.0892 2868 Netlogon - ok
12:31:53.0955 2868 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:31:54.0002 2868 Netman - ok
12:31:54.0095 2868 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:54.0111 2868 NetMsmqActivator - ok
12:31:54.0111 2868 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:54.0111 2868 NetPipeActivator - ok
12:31:54.0158 2868 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:31:54.0220 2868 netprofm - ok
12:31:54.0236 2868 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:54.0236 2868 NetTcpActivator - ok
12:31:54.0236 2868 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:54.0251 2868 NetTcpPortSharing - ok
12:31:54.0282 2868 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:31:54.0298 2868 nfrd960 - ok
12:31:54.0345 2868 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:31:54.0407 2868 NlaSvc - ok
12:31:54.0423 2868 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:31:54.0454 2868 Npfs - ok
12:31:54.0454 2868 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:31:54.0485 2868 nsi - ok
12:31:54.0485 2868 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:31:54.0516 2868 nsiproxy - ok
12:31:54.0594 2868 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:31:54.0626 2868 Ntfs - ok
12:31:54.0672 2868 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:31:54.0704 2868 Null - ok
12:31:54.0750 2868 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:31:54.0766 2868 nvraid - ok
12:31:54.0813 2868 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:31:54.0828 2868 nvstor - ok
12:31:54.0844 2868 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:31:54.0860 2868 nv_agp - ok
12:31:54.0891 2868 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:31:54.0922 2868 ohci1394 - ok
12:31:55.0031 2868 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:31:55.0031 2868 ose - ok
12:31:55.0281 2868 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:31:55.0390 2868 osppsvc - ok
12:31:55.0515 2868 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:31:55.0562 2868 p2pimsvc - ok
12:31:55.0593 2868 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:31:55.0624 2868 p2psvc - ok
12:31:55.0655 2868 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:31:55.0655 2868 Parport - ok
12:31:55.0671 2868 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:31:55.0686 2868 partmgr - ok
12:31:55.0702 2868 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:31:55.0749 2868 PcaSvc - ok
12:31:55.0827 2868 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
12:31:55.0842 2868 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
12:31:55.0874 2868 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:31:55.0889 2868 pci - ok
12:31:55.0905 2868 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:31:55.0905 2868 pciide - ok
12:31:55.0936 2868 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:31:55.0952 2868 pcmcia - ok
12:31:55.0967 2868 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:31:55.0967 2868 pcw - ok
12:31:56.0014 2868 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:31:56.0061 2868 PEAUTH - ok
12:31:56.0139 2868 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:31:56.0170 2868 PerfHost - ok
12:31:56.0310 2868 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:31:56.0357 2868 pla - ok
12:31:56.0435 2868 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:31:56.0498 2868 PlugPlay - ok
12:31:56.0513 2868 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:31:56.0529 2868 PNRPAutoReg - ok
12:31:56.0544 2868 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:31:56.0560 2868 PNRPsvc - ok
12:31:56.0591 2868 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:31:56.0654 2868 PolicyAgent - ok
12:31:56.0669 2868 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:31:56.0732 2868 Power - ok
12:31:56.0778 2868 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:31:56.0841 2868 PptpMiniport - ok
12:31:56.0872 2868 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:31:56.0903 2868 Processor - ok
12:31:56.0934 2868 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:31:56.0997 2868 ProfSvc - ok
12:31:57.0028 2868 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:57.0028 2868 ProtectedStorage - ok
12:31:57.0090 2868 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:31:57.0106 2868 Psched - ok
12:31:57.0168 2868 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:31:57.0184 2868 PxHlpa64 - ok
12:31:57.0278 2868 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:31:57.0309 2868 ql2300 - ok
12:31:57.0371 2868 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:31:57.0371 2868 ql40xx - ok
12:31:57.0387 2868 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:31:57.0402 2868 QWAVE - ok
12:31:57.0418 2868 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:31:57.0418 2868 QWAVEdrv - ok
12:31:57.0434 2868 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:31:57.0465 2868 RasAcd - ok
12:31:57.0512 2868 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:31:57.0527 2868 RasAgileVpn - ok
12:31:57.0543 2868 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:31:57.0590 2868 RasAuto - ok
12:31:57.0605 2868 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:31:57.0652 2868 Rasl2tp - ok
12:31:57.0699 2868 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:31:57.0761 2868 RasMan - ok
12:31:57.0792 2868 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:31:57.0855 2868 RasPppoe - ok
12:31:57.0886 2868 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:31:57.0917 2868 RasSstp - ok
12:31:57.0948 2868 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:31:58.0011 2868 rdbss - ok
12:31:58.0026 2868 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:31:58.0026 2868 rdpbus - ok
12:31:58.0042 2868 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:31:58.0089 2868 RDPCDD - ok
12:31:58.0136 2868 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:31:58.0151 2868 RDPENCDD - ok
12:31:58.0151 2868 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:31:58.0182 2868 RDPREFMP - ok
12:31:58.0214 2868 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:31:58.0276 2868 RDPWD - ok
12:31:58.0323 2868 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:31:58.0338 2868 rdyboost - ok
12:31:58.0401 2868 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:31:58.0463 2868 RemoteAccess - ok
12:31:58.0494 2868 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:31:58.0526 2868 RemoteRegistry - ok
12:31:58.0588 2868 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:31:58.0635 2868 RimUsb - ok
12:31:58.0697 2868 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
12:31:58.0744 2868 RimVSerPort - ok
12:31:58.0775 2868 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
12:31:58.0838 2868 ROOTMODEM - ok
12:31:58.0978 2868 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
12:31:59.0025 2868 RoxMediaDB12OEM - ok
12:31:59.0072 2868 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
12:31:59.0087 2868 RoxWatch12 - ok
12:31:59.0150 2868 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:31:59.0181 2868 RpcEptMapper - ok
12:31:59.0212 2868 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:31:59.0228 2868 RpcLocator - ok
12:31:59.0259 2868 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
12:31:59.0290 2868 RpcSs - ok
12:31:59.0352 2868 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:31:59.0415 2868 rspndr - ok
12:31:59.0462 2868 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:31:59.0493 2868 RTL8167 - ok
12:31:59.0508 2868 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:59.0524 2868 SamSs - ok
12:31:59.0540 2868 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:31:59.0555 2868 sbp2port - ok
12:31:59.0571 2868 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:31:59.0618 2868 SCardSvr - ok
12:31:59.0633 2868 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:31:59.0680 2868 scfilter - ok
12:31:59.0742 2868 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:31:59.0789 2868 Schedule - ok
12:31:59.0805 2868 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:31:59.0836 2868 SCPolicySvc - ok
12:31:59.0852 2868 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:31:59.0867 2868 SDRSVC - ok
12:31:59.0930 2868 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:31:59.0992 2868 secdrv - ok
12:32:00.0008 2868 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:32:00.0023 2868 seclogon - ok
12:32:00.0070 2868 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:32:00.0101 2868 SENS - ok
12:32:00.0117 2868 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:32:00.0164 2868 SensrSvc - ok
12:32:00.0210 2868 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:32:00.0242 2868 Serenum - ok
12:32:00.0273 2868 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:32:00.0304 2868 Serial - ok
12:32:00.0351 2868 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:32:00.0382 2868 sermouse - ok
12:32:00.0413 2868 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:32:00.0476 2868 SessionEnv - ok
12:32:00.0507 2868 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:32:00.0507 2868 sffdisk - ok
12:32:00.0522 2868 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:32:00.0538 2868 sffp_mmc - ok
12:32:00.0538 2868 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:32:00.0569 2868 sffp_sd - ok
12:32:00.0569 2868 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:32:00.0569 2868 sfloppy - ok
12:32:00.0647 2868 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:32:00.0678 2868 Sftfs - ok
12:32:00.0788 2868 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:32:00.0803 2868 sftlist - ok
12:32:00.0819 2868 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:32:00.0834 2868 Sftplay - ok
12:32:00.0834 2868 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:32:00.0850 2868 Sftredir - ok
12:32:00.0990 2868 SftService (1968e6ebbeecf61d5f7d8603467e2ad0) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:32:01.0022 2868 SftService - ok
12:32:01.0100 2868 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:32:01.0100 2868 Sftvol - ok
12:32:01.0131 2868 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:32:01.0146 2868 sftvsa - ok
12:32:01.0209 2868 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:32:01.0240 2868 SharedAccess - ok
12:32:01.0287 2868 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:32:01.0302 2868 ShellHWDetection - ok
12:32:01.0349 2868 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:32:01.0365 2868 SiSRaid2 - ok
12:32:01.0380 2868 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:32:01.0396 2868 SiSRaid4 - ok
12:32:01.0443 2868 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:32:01.0490 2868 Smb - ok
12:32:01.0521 2868 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:32:01.0552 2868 SNMPTRAP - ok
12:32:01.0552 2868 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:32:01.0568 2868 spldr - ok
12:32:01.0599 2868 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:32:01.0646 2868 Spooler - ok
12:32:01.0770 2868 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:32:01.0880 2868 sppsvc - ok
12:32:01.0958 2868 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:32:01.0989 2868 sppuinotify - ok
12:32:02.0051 2868 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:32:02.0098 2868 srv - ok
12:32:02.0129 2868 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:32:02.0176 2868 srv2 - ok
12:32:02.0207 2868 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:32:02.0223 2868 srvnet - ok
12:32:02.0270 2868 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:32:02.0301 2868 SSDPSRV - ok
12:32:02.0316 2868 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:32:02.0348 2868 SstpSvc - ok
12:32:02.0363 2868 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:32:02.0379 2868 stexstor - ok
12:32:02.0394 2868 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
12:32:02.0426 2868 StillCam - ok
12:32:02.0488 2868 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:32:02.0519 2868 stisvc - ok
12:32:02.0613 2868 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
12:32:02.0628 2868 stllssvr - ok
12:32:02.0644 2868 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:32:02.0660 2868 swenum - ok
12:32:02.0675 2868 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:32:02.0753 2868 swprv - ok
12:32:02.0831 2868 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:32:02.0909 2868 SysMain - ok
12:32:02.0987 2868 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:32:03.0003 2868 TabletInputService - ok
12:32:03.0018 2868 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:32:03.0050 2868 TapiSrv - ok
12:32:03.0050 2868 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:32:03.0081 2868 TBS - ok
12:32:03.0221 2868 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:32:03.0252 2868 Tcpip - ok
12:32:03.0393 2868 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:32:03.0424 2868 TCPIP6 - ok
12:32:03.0455 2868 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:32:03.0518 2868 tcpipreg - ok
12:32:03.0549 2868 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:32:03.0549 2868 TDPIPE - ok
12:32:03.0580 2868 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:32:03.0611 2868 TDTCP - ok
12:32:03.0642 2868 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:32:03.0674 2868 tdx - ok
12:32:03.0689 2868 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:32:03.0689 2868 TermDD - ok
12:32:03.0736 2868 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:32:03.0767 2868 TermService - ok
12:32:03.0783 2868 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:32:03.0798 2868 Themes - ok
12:32:03.0814 2868 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:32:03.0861 2868 THREADORDER - ok
12:32:03.0876 2868 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:32:03.0923 2868 TrkWks - ok
12:32:03.0970 2868 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:32:04.0032 2868 TrustedInstaller - ok
12:32:04.0048 2868 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:32:04.0095 2868 tssecsrv - ok
12:32:04.0126 2868 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:32:04.0142 2868 TsUsbFlt - ok
12:32:04.0157 2868 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:32:04.0157 2868 TsUsbGD - ok
12:32:04.0220 2868 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:32:04.0282 2868 tunnel - ok
12:32:04.0313 2868 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:32:04.0329 2868 uagp35 - ok
12:32:04.0344 2868 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:32:04.0422 2868 udfs - ok
12:32:04.0454 2868 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:32:04.0485 2868 UI0Detect - ok
12:32:04.0516 2868 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:32:04.0532 2868 uliagpkx - ok
12:32:04.0578 2868 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:32:04.0610 2868 umbus - ok
12:32:04.0641 2868 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:32:04.0672 2868 UmPass - ok
12:32:04.0719 2868 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:32:04.0781 2868 upnphost - ok
12:32:04.0844 2868 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
12:32:04.0890 2868 USBAAPL64 - ok
12:32:04.0937 2868 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
12:32:04.0984 2868 usbccgp - ok
12:32:05.0000 2868 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:32:05.0015 2868 usbcir - ok
12:32:05.0031 2868 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:32:05.0046 2868 usbehci - ok
12:32:05.0109 2868 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:32:05.0140 2868 usbhub - ok
12:32:05.0156 2868 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:32:05.0171 2868 usbohci - ok
12:32:05.0202 2868 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:32:05.0249 2868 usbprint - ok
12:32:05.0280 2868 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:32:05.0296 2868 usbscan - ok
12:32:05.0312 2868 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:32:05.0312 2868 USBSTOR - ok
12:32:05.0327 2868 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:32:05.0358 2868 usbuhci - ok
12:32:05.0390 2868 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:32:05.0452 2868 UxSms - ok
12:32:05.0468 2868 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:32:05.0483 2868 VaultSvc - ok
12:32:05.0499 2868 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:32:05.0514 2868 vdrvroot - ok
12:32:05.0561 2868 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:32:05.0624 2868 vds - ok
12:32:05.0624 2868 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:32:05.0639 2868 vga - ok
12:32:05.0655 2868 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:32:05.0686 2868 VgaSave - ok
12:32:05.0717 2868 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:32:05.0733 2868 vhdmp - ok
12:32:05.0733 2868 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:32:05.0748 2868 viaide - ok
12:32:05.0795 2868 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:32:05.0811 2868 volmgr - ok
12:32:05.0826 2868 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:32:05.0842 2868 volmgrx - ok
12:32:05.0873 2868 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:32:05.0889 2868 volsnap - ok
12:32:05.0920 2868 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:32:05.0936 2868 vsmraid - ok
12:32:06.0014 2868 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:32:06.0076 2868 VSS - ok
12:32:06.0154 2868 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:32:06.0170 2868 vwifibus - ok
12:32:06.0185 2868 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:32:06.0201 2868 vwififlt - ok
12:32:06.0216 2868 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:32:06.0248 2868 W32Time - ok
12:32:06.0263 2868 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:32:06.0294 2868 WacomPen - ok
12:32:06.0341 2868 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:32:06.0388 2868 WANARP - ok
12:32:06.0388 2868 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:32:06.0419 2868 Wanarpv6 - ok
12:32:06.0513 2868 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:32:06.0560 2868 WatAdminSvc - ok
12:32:06.0622 2868 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:32:06.0716 2868 wbengine - ok
12:32:06.0778 2868 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:32:06.0794 2868 WbioSrvc - ok
12:32:06.0825 2868 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:32:06.0856 2868 wcncsvc - ok
12:32:06.0887 2868 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:32:06.0903 2868 WcsPlugInService - ok
12:32:06.0918 2868 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:32:06.0934 2868 Wd - ok
12:32:06.0981 2868 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
12:32:06.0996 2868 WDC_SAM - ok
12:32:07.0043 2868 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:32:07.0074 2868 Wdf01000 - ok
12:32:07.0090 2868 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:32:07.0152 2868 WdiServiceHost - ok
12:32:07.0152 2868 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:32:07.0168 2868 WdiSystemHost - ok
12:32:07.0184 2868 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:32:07.0215 2868 WebClient - ok
12:32:07.0246 2868 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:32:07.0293 2868 Wecsvc - ok
12:32:07.0308 2868 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:32:07.0340 2868 wercplsupport - ok
12:32:07.0371 2868 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:32:07.0418 2868 WerSvc - ok
12:32:07.0449 2868 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:32:07.0480 2868 WfpLwf - ok
12:32:07.0542 2868 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
12:32:07.0558 2868 WimFltr - ok
12:32:07.0574 2868 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:32:07.0589 2868 WIMMount - ok
12:32:07.0652 2868 WinDefend - ok
12:32:07.0652 2868 WinHttpAutoProxySvc - ok
12:32:07.0698 2868 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:32:07.0730 2868 Winmgmt - ok
12:32:07.0823 2868 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:32:07.0886 2868 WinRM - ok
12:32:08.0010 2868 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:32:08.0026 2868 WinUsb - ok
12:32:08.0073 2868 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:32:08.0135 2868 Wlansvc - ok
12:32:08.0198 2868 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:32:08.0213 2868 wlcrasvc - ok
12:32:08.0354 2868 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:32:08.0416 2868 wlidsvc - ok
12:32:08.0478 2868 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:32:08.0510 2868 WmiAcpi - ok
12:32:08.0556 2868 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:32:08.0603 2868 wmiApSrv - ok
12:32:08.0634 2868 WMPNetworkSvc - ok
12:32:08.0650 2868 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:32:08.0666 2868 WPCSvc - ok
12:32:08.0681 2868 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:32:08.0712 2868 WPDBusEnum - ok
12:32:08.0712 2868 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:32:08.0728 2868 ws2ifsl - ok
12:32:08.0790 2868 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:32:08.0822 2868 wscsvc - ok
12:32:08.0822 2868 WSearch - ok
12:32:08.0946 2868 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:32:09.0040 2868 wuauserv - ok
12:32:09.0118 2868 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:32:09.0165 2868 WudfPf - ok
12:32:09.0212 2868 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:32:09.0227 2868 WUDFRd - ok
12:32:09.0243 2868 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:32:09.0258 2868 wudfsvc - ok
12:32:09.0290 2868 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:32:09.0321 2868 WwanSvc - ok
12:32:09.0336 2868 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:32:09.0477 2868 \Device\Harddisk0\DR0 - ok
12:32:09.0477 2868 Boot (0x1200) (9e62694a1796cda4a07e42bac4a8d7f3) \Device\Harddisk0\DR0\Partition0
12:32:09.0477 2868 \Device\Harddisk0\DR0\Partition0 - ok
12:32:09.0508 2868 Boot (0x1200) (d4bcdf5372aa74c3e5aeb4cd57dfa772) \Device\Harddisk0\DR0\Partition1
12:32:09.0508 2868 \Device\Harddisk0\DR0\Partition1 - ok
12:32:09.0508 2868 ============================================================
12:32:09.0508 2868 Scan finished
12:32:09.0508 2868 ============================================================
12:32:09.0524 0636 Detected object count: 1
12:32:09.0524 0636 Actual detected object count: 1
12:32:56.0449 0636 Afaria Client Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:32:56.0449 0636 Afaria Client Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.02.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
^Dave :: DAVE-PC [administrator]

02/05/2012 12:40:03 PM
mbam-log-2012-05-02 (12-40-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206090
Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL logfile created on: 5/2/2012 12:44:12 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\^Dave\My Backup Files
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.98 Gb Total Physical Memory | 4.28 Gb Available Physical Memory | 71.58% Memory free
11.96 Gb Paging File | 10.11 Gb Available in Paging File | 84.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.66 Gb Total Space | 857.22 Gb Free Space | 93.52% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: ^Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 11:08:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\^Dave\My Backup Files\OTL.exe
PRC - [2012/01/06 12:08:30 | 000,949,760 | ---- | M] (Manulife Financial) -- C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/08 13:42:54 | 000,779,264 | ---- | M] (BodyMedia, Inc.) -- C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/08 08:12:32 | 002,749,248 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/07/08 08:11:44 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/07/08 08:10:34 | 004,257,600 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/07/08 08:09:50 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/11/02 19:52:48 | 000,173,568 | ---- | M] (Sybase, Inc.) -- C:\Program Files (x86)\AClient\Bin\XCDiffCache.exe
PRC - [2009/11/02 19:52:11 | 000,239,104 | ---- | M] (Sybase, Inc.) -- C:\Program Files (x86)\AClient\Bin\XeService.exe
PRC - [2009/11/02 19:50:42 | 000,111,616 | ---- | M] (Sybase, Inc.) -- C:\Program Files (x86)\AClient\Bin\XcListener.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/12 09:18:23 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll
MOD - [2012/04/12 09:18:10 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/12 09:18:00 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/12 09:17:46 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll
MOD - [2012/02/16 11:09:35 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/16 10:57:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/16 10:56:36 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 10:56:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 10:56:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/16 10:56:23 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/15 10:08:36 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/08 08:12:32 | 002,749,248 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/05 05:57:46 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/13 16:25:27 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/27 08:24:50 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2011/07/08 08:09:50 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/11/25 03:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 03:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/02 19:52:11 | 000,239,104 | ---- | M] (Sybase, Inc.) [Auto | Running] -- C:\Program Files (x86)\AClient\Bin\XeService.exe -- (Afaria Client Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/13 18:19:10 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/27 10:06:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/27 10:06:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/06/10 15:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 16:27:32 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/05 06:37:16 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/05 05:19:40 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 15:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/03/19 01:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/24 05:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/15 14:53:22 | 000,083,776 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2008/01/15 14:53:22 | 000,063,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2012/05/02 12:24:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ctfpor] rundll32.exe "C:\Users\^Dave\AppData\Local\Temp\ctfpor.dll",SetSaveResolution File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [pelera] rundll32.exe "C:\Users\^Dave\AppData\Local\Temp\pelera.dll",D3D10UnregisterResource File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [DiamondView] C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe (Manulife Financial)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.19.176.6 216.19.176.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40DA8617-6434-45B9-8D54-C24FC19E4C13}: DhcpNameServer = 216.19.176.6 216.19.176.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F658999-1010-45E2-8162-E1975536E343}: DhcpNameServer = 216.19.176.6 216.19.176.7
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/02 12:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/02 12:39:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/02 12:39:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/02 12:38:37 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\^Dave\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/02 12:30:26 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\^Dave\Desktop\TDSSKiller.exe
[2012/05/02 12:28:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/02 12:25:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/02 12:18:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/02 12:18:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/02 12:18:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/02 12:18:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/02 12:16:56 | 004,482,678 | R--- | C] (Swearware) -- C:\Users\^Dave\Desktop\ComboFix.exe
[2012/05/02 12:11:26 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\^Dave\Desktop\aswMBR.exe
[2012/05/02 11:00:12 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/02 10:54:31 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/05/02 10:52:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/02 10:18:46 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\LogMeIn Rescue Applet
[2012/04/30 18:36:41 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/04/30 18:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012/04/28 20:29:59 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Roaming\Malwarebytes
[2012/04/28 20:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/28 20:26:10 | 000,000,000 | ---D | C] -- C:\Users\^Dave\Desktop\Chameleon
[2012/04/28 19:52:30 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012
[2012/04/28 19:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A700017AEA00036DD4B4EB2367
[2012/04/27 15:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canada Life
[2012/04/27 15:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canada Life
[2012/04/19 10:17:49 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{078E2CC7-8B83-48C5-A5FB-262F81C52207}
[2012/04/19 10:17:17 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{8AD4EB89-DF9E-40B2-BEFB-23763EDBF5D2}
[2012/04/17 12:29:39 | 000,183,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.024
[2012/04/17 12:29:39 | 000,141,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.026
[2012/04/17 12:29:39 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.025
[2012/04/17 12:29:38 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01F
[2012/04/17 12:29:38 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01C
[2012/04/17 12:29:38 | 000,195,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.020
[2012/04/17 12:29:38 | 000,086,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.023
[2012/04/17 12:29:38 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01D
[2012/04/17 12:29:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.022
[2012/04/17 12:29:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.021
[2012/04/17 12:29:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01E
[2012/04/15 22:46:02 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{234EF522-598C-4603-988A-A4FAE2416B06}
[2012/04/15 22:45:29 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{38840921-ACE5-46D1-8AC0-B58D19E608C9}
[2012/04/14 10:05:42 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{3FCD047A-06D9-43C2-A8DE-8A6A8547FA6D}
[2012/04/13 16:25:03 | 008,766,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/12 01:16:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 01:16:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/12 01:16:12 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/12 01:16:12 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/12 01:16:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/12 01:16:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/12 01:16:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/12 01:16:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 01:16:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 01:16:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 01:16:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 01:16:04 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/12 01:16:03 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/12 01:16:03 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/12 01:14:03 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/12 01:14:03 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/12 01:14:03 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/10 12:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Manulife Financial
[2012/04/09 22:31:09 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{0370657E-E59A-4899-AB51-C54C616F2282}
[2012/04/09 10:30:37 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{3F84318A-6FFC-493D-AB3D-B4E8C293C5FD}
[2012/04/06 09:41:33 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/05 18:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/05 18:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/05 18:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/05 12:15:39 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{78624298-8C2B-4CDD-8AE6-8B9565A155B7}
[2012/04/05 08:27:16 | 000,000,000 | ---D | C] -- C:\Users\^Dave\My Backup Files

========== Files - Modified Within 30 Days ==========

[2012/05/02 12:43:52 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 12:43:52 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 12:42:12 | 000,798,404 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/02 12:42:12 | 000,677,078 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/02 12:42:12 | 000,130,650 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/02 12:39:19 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/02 12:38:37 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\^Dave\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/02 12:36:39 | 000,000,030 | ---- | M] () -- C:\Windows\MaritimeLife.ini
[2012/05/02 12:36:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/02 12:36:23 | 523,218,943 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/02 12:30:26 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\^Dave\Desktop\TDSSKiller.exe
[2012/05/02 12:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/02 12:24:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/02 12:16:56 | 004,482,678 | R--- | M] (Swearware) -- C:\Users\^Dave\Desktop\ComboFix.exe
[2012/05/02 12:15:56 | 000,000,512 | ---- | M] () -- C:\Users\^Dave\Desktop\MBR.dat
[2012/05/02 12:11:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\^Dave\Desktop\aswMBR.exe
[2012/05/02 11:56:29 | 000,001,551 | ---- | M] () -- C:\Users\^Dave\Documents\MLPATRA.DAT
[2012/05/02 11:26:58 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/05/01 21:18:23 | 000,008,824 | ---- | M] () -- C:\Users\^Dave\Documents\MLTMTRA.DAT
[2012/05/01 12:06:33 | 000,004,228 | ---- | M] () -- C:\Users\^Dave\Documents\MLCITRA.DAT
[2012/04/30 20:37:57 | 004,628,548 | ---- | M] () -- C:\Users\^Dave\AppData\Local\census.cache
[2012/04/30 20:34:17 | 000,130,943 | ---- | M] () -- C:\Users\^Dave\AppData\Local\ars.cache
[2012/04/30 18:36:19 | 000,000,036 | ---- | M] () -- C:\Users\^Dave\AppData\Local\housecall.guid.cache
[2012/04/28 20:27:07 | 408,275,439 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/27 16:00:47 | 000,006,453 | ---- | M] () -- C:\Users\^Dave\Documents\GWTMTRA.DAT
[2012/04/27 16:00:47 | 000,003,242 | ---- | M] () -- C:\Users\^Dave\Documents\GWSHTRA.DAT
[2012/04/27 16:00:42 | 000,001,078 | ---- | M] () -- C:\Users\^Dave\Documents\GWPRTRA.DAT
[2012/04/27 15:39:38 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Concourse.lnk
[2012/04/27 14:31:38 | 000,008,206 | ---- | M] () -- C:\Users\^Dave\Documents\GWSHTRA1.DAT
[2012/04/26 19:54:01 | 000,004,116 | ---- | M] () -- C:\Users\^Dave\Documents\EQISTRA.DAT
[2012/04/26 19:54:00 | 000,007,706 | ---- | M] () -- C:\Users\^Dave\Documents\EQCITRA.DAT
[2012/04/26 19:54:00 | 000,000,402 | ---- | M] () -- C:\Users\^Dave\Documents\EQBRIDGE.NIS
[2012/04/26 18:12:49 | 000,005,294 | ---- | M] () -- C:\Users\^Dave\Documents\RBTMTRA.DAT
[2012/04/26 18:12:49 | 000,001,195 | ---- | M] () -- C:\Users\^Dave\Documents\RBSHTRA.DAT
[2012/04/25 13:17:36 | 000,004,338 | ---- | M] () -- C:\Users\^Dave\Documents\EQTMTRA.DAT
[2012/04/20 15:59:36 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\LifeView - VisionVie 9.1.lnk
[2012/04/19 12:18:39 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\WawaLife.lnk
[2012/04/18 12:04:42 | 000,008,847 | ---- | M] () -- C:\Users\^Dave\Documents\MLCITRA1.DAT
[2012/04/17 12:29:39 | 000,001,788 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/04/17 12:29:39 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\CPP Illustration.lnk
[2012/04/17 12:29:39 | 000,000,385 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012/04/17 11:06:00 | 000,009,872 | ---- | M] () -- C:\Users\^Dave\Documents\MLTMTRA1.DAT
[2012/04/13 16:25:27 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 16:25:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/13 16:25:03 | 008,766,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/12 01:15:37 | 000,000,127 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/10 14:15:08 | 000,000,000 | ---- | M] () -- C:\Users\^Dave\Documents\Printer PDF
[2012/04/10 13:04:50 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/10 12:57:17 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\Manulife Diamond View.lnk
[2012/04/10 12:55:58 | 000,000,029 | ---- | M] () -- C:\Windows\MLI.INI
[2012/04/09 10:59:05 | 000,004,608 | ---- | M] () -- C:\Users\^Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/07 13:47:13 | 000,011,044 | ---- | M] () -- C:\Users\^Dave\Documents\MLTMTRA2.DAT
[2012/04/05 18:41:32 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/05 08:05:47 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/05/02 12:39:19 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/02 12:18:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/02 12:18:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/02 12:18:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/02 12:18:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/02 12:18:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/02 12:15:56 | 000,000,512 | ---- | C] () -- C:\Users\^Dave\Desktop\MBR.dat
[2012/04/30 18:41:53 | 004,628,548 | ---- | C] () -- C:\Users\^Dave\AppData\Local\census.cache
[2012/04/30 18:41:47 | 000,130,943 | ---- | C] () -- C:\Users\^Dave\AppData\Local\ars.cache
[2012/04/30 18:36:19 | 000,000,036 | ---- | C] () -- C:\Users\^Dave\AppData\Local\housecall.guid.cache
[2012/04/27 16:00:39 | 000,001,078 | ---- | C] () -- C:\Users\^Dave\Documents\GWPRTRA.DAT
[2012/04/27 15:39:38 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Concourse.lnk
[2012/04/27 14:31:54 | 000,001,551 | ---- | C] () -- C:\Users\^Dave\Documents\MLPATRA.DAT
[2012/04/26 19:54:00 | 000,000,402 | ---- | C] () -- C:\Users\^Dave\Documents\EQBRIDGE.NIS
[2012/04/20 15:59:36 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\LifeView - VisionVie 9.1.lnk
[2012/04/12 01:15:37 | 000,000,127 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/04/06 09:41:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/05 18:41:32 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/05 18:08:47 | 000,004,608 | ---- | C] () -- C:\Users\^Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/01 18:04:16 | 000,000,024 | ---- | C] () -- C:\Windows\LifeView.INI
[2011/11/18 20:10:36 | 000,000,614 | ---- | C] () -- C:\Windows\Wininit.ini
[2011/11/15 12:03:10 | 000,150,816 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL
[2011/11/15 12:03:10 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2011/11/12 12:38:10 | 000,000,061 | ---- | C] () -- C:\Windows\novinsft.ini
[2011/11/12 12:38:09 | 000,000,060 | ---- | C] () -- C:\Windows\avul.INI
[2011/11/11 11:21:51 | 000,000,030 | ---- | C] () -- C:\Windows\MaritimeLife.ini
[2011/10/28 12:21:17 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2011/10/28 12:21:17 | 000,037,376 | ---- | C] () -- C:\Windows\Olodmg35.dll
[2011/10/19 12:39:29 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\MD5DLL.DLL
[2011/10/11 11:47:10 | 000,001,788 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/11 11:47:10 | 000,000,385 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/10/11 11:43:16 | 000,626,688 | ---- | C] () -- C:\Windows\SysWow64\MFCDIB.dll
[2011/10/11 11:43:16 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\MFCExt.dll
[2011/10/11 11:43:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\PDDIB.dll
[2011/10/11 11:19:56 | 000,000,029 | ---- | C] () -- C:\Windows\MLI.INI
[2011/09/27 10:11:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/27 09:48:50 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/10 09:10:51 | 000,783,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/10/08 01:47:28 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Adobe
[2011/11/22 21:37:26 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Apple Computer
[2011/10/08 00:09:54 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\ATI
[2012/02/19 15:05:49 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Audacity
[2011/10/11 22:33:51 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\BodyMedia
[2011/12/29 17:18:42 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Canon
[2011/10/08 00:10:52 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Dell
[2011/10/08 00:10:04 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Dell Touch Zone
[2011/10/08 00:10:09 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Fingertapps
[2011/10/19 12:45:41 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\FLEXnet
[2011/10/08 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Identities
[2011/10/09 11:15:39 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Leadertech
[2011/10/09 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Logitech
[2011/10/08 00:10:36 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Macromedia
[2012/04/28 20:29:59 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Malwarebytes
[2010/11/21 00:16:41 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Media Center Programs
[2012/01/31 23:21:18 | 000,000,000 | --SD | M] -- C:\Users\^Dave\AppData\Roaming\Microsoft
[2011/10/08 00:58:09 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Mozilla
[2012/01/31 22:45:39 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Nero
[2011/10/09 13:01:50 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\PCDr
[2011/10/15 15:26:46 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\RBC Illustrations
[2012/04/26 18:12:49 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\RBC Insurance
[2011/11/16 15:37:11 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Research In Motion
[2011/11/19 14:01:32 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Roxio
[2011/10/10 01:15:12 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\Roxio Burn
[2011/10/14 10:57:10 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\SalesStrategies
[2011/12/17 12:08:10 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\SoftGrid Client
[2011/11/07 13:35:17 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\TP
[2012/05/02 01:33:01 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\uTorrent
[2012/03/11 14:14:59 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\vlc
[2011/11/03 22:59:03 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\WinRAR
[2011/10/11 13:27:16 | 000,000,000 | ---D | M] -- C:\Users\^Dave\AppData\Roaming\ZoomBrowser EX

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/09/27 10:06:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/09/27 10:06:19 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/09/27 10:06:19 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/09/27 10:06:19 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/09/27 10:06:18 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/09/27 10:06:19 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/09/27 10:06:19 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Users\^Dave\Desktop\Chameleon\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Users\^Dave\Desktop\Chameleon\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/27 09:46:20 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/27 09:46:20 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/27 09:46:20 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/09/27 09:46:20 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/09/27 09:46:20 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/09/27 09:46:20 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/09/27 09:46:20 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/09/27 09:46:20 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/09/27 09:46:20 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/09/27 09:46:20 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

OTL Extras logfile created on: 5/2/2012 12:44:12 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\^Dave\My Backup Files
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.98 Gb Total Physical Memory | 4.28 Gb Available Physical Memory | 71.58% Memory free
11.96 Gb Paging File | 10.11 Gb Available in Paging File | 84.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.66 Gb Total Space | 857.22 Gb Free Space | 93.52% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: ^Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F2F2B79-DAAB-4B87-B2EC-384E681585E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1368170D-9329-4E22-A9A0-4B41D85D8FCE}" = lport=137 | protocol=17 | dir=in | app=system |
"{19E26DBD-086A-4B10-AFD9-45DB133542A5}" = lport=445 | protocol=6 | dir=in | app=system |
"{363CD239-4A47-4550-8DD9-0AEDB5B56C2B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3842B51F-BC7C-4314-9B35-3C29FDB421E5}" = lport=138 | protocol=17 | dir=in | app=system |
"{3AB81333-1C6D-4C64-99EA-F14FDDB065B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B771488-F899-414E-90A8-7BF3D5805B54}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4570DD3E-A675-496A-86F3-D71A8C493AF2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53241BA7-B524-40A9-B3DA-AF9CAE49DCCA}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{58B93D3E-3EEB-4F2F-B519-8AEC745841C8}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{5AD3E1B0-2016-40DB-A371-542680A3F9EA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67FCE282-E283-4EF8-BAE9-174032DE3ED8}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{6E6E5A64-B2D2-4286-AF82-88D3E4109063}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7266124C-B725-4785-B746-174172367F22}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{75FBE619-76BB-4DB0-B2F3-5A204E31E82A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8D9C11DE-5AD6-441F-927A-9318AF183EED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{917E3C21-D99B-45B8-8376-68FD4E8A37A3}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{9A00073E-1095-4C5D-96E0-5F11BD3DF4A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A9CE1450-2AD4-49D0-AC14-6A26FC8DA8B0}" = rport=139 | protocol=6 | dir=out | app=system |
"{B117C941-8C25-4CAD-9E31-94A4EACB1033}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B1654130-DF58-44EB-9E7B-A12A5EB59478}" = lport=139 | protocol=6 | dir=in | app=system |
"{B669AD78-9873-402E-9202-B8C2692B2032}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C1EDA0E3-A32C-4681-8174-D2D39079F349}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C8C9CF1D-69F9-412C-B865-A4BE61AC7557}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD3F95A3-B8BA-4798-A71C-E01EC3560B4F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{CE0051B0-6081-4EA6-8318-478D17C1685E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CF5FF0F1-2942-442D-B6DA-B1C3654F2F20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D677177E-8109-4EAA-A707-DAA75B767204}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6EEC17E-6A9B-42DC-9A3C-0B5FB01A0A76}" = rport=137 | protocol=17 | dir=out | app=system |
"{DDD03459-6103-4DE2-AC28-76EF85B15AFF}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B600F4-ACC5-4704-A34B-44792EACF44B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{0830774A-5E6F-43FD-9FEA-709914BE3BE4}" = protocol=58 | dir=in | [email protected],-28545 |
"{115E6C0A-A877-44B5-AB87-8340C9FF3DBE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{12D92A47-405F-48AA-ABEE-95447516434C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14706ED5-8D61-42E6-A949-ED19AE9B081E}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{155A10EB-A837-43BF-9EFD-2FA4E295FAAE}" = protocol=6 | dir=out | app=system |
"{17E68408-E122-42EE-AB14-BDEF5448FF34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{19CC4A4A-8C06-4D6A-B069-356E8F2C2CDD}" = protocol=6 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe |
"{1F1F5A75-523A-44B5-BDFB-8258FD37DA42}" = protocol=1 | dir=in | [email protected],-28543 |
"{215FACD8-285A-4EA3-AE68-5D3B28E25A9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{260CED61-3D65-4308-94BB-25FD0068D587}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3EC547FF-6BE0-466C-8F6B-EEFC1AD5D82E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{44B4262E-9B25-4631-B427-E7ADC96B3CC6}" = protocol=58 | dir=out | [email protected],-28546 |
"{54BD184E-E867-4BBF-98B1-F7166866D653}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{56AB8CAA-DB61-4A28-863C-574B760FE140}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5B5B2415-D9F9-4806-A80F-6617285FAB96}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F99DC08-5E93-40D1-8077-23839B450B7C}" = protocol=17 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe |
"{63198CF3-0A6F-4812-AE07-C3F7933C8908}" = protocol=1 | dir=out | [email protected],-28544 |
"{91AD978E-E470-401F-BAB3-835C7FD6B423}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{99859BA1-5E9A-4E18-9379-9B38E780D168}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A2525F30-6570-469D-977A-D653DEB39DE3}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{A764D8D7-C8E3-4870-9716-309B4A80C08C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A83F2509-E7A9-4BD9-9F08-C42BCC6037D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9DC9C40-46BF-444D-B0D7-D98ABC6CCE3F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA62EAA5-E767-4117-ADB4-426842510AA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE880D9E-93F9-4E78-B43C-36A2374FB4BA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C1449D64-0E79-48AF-B21E-5B48230812DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CBFF7005-6B67-444E-825D-A158729CC00B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D11344E6-3DC9-43D6-9E50-B9FDAC781D84}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D45A1148-48E1-40B2-A3F2-82EA7FCB0607}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{D69C73FA-F6A0-4796-A5D2-60398CDD8A07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D970A00F-9315-4484-8210-B6C329C245D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DCCB983C-46E9-47F5-A6D4-FD254C8A7428}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE38B7B2-8493-478E-9D94-B87F7E756AA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE68538E-BC52-4EFD-A969-A216019AB3E9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EA56D250-E03C-436F-B536-E4372CEDF57A}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{EC71657A-65C2-48CB-BAF9-9959E203813C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F145EF72-BB4F-44DD-916B-A3E59CF53F86}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F28970A1-2C30-467F-9400-A0B0DA62A530}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F875EE9B-6D3D-4224-A9ED-EE7CD9905DE2}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{F8B516FE-C8ED-4C48-8CEE-931168452043}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FC0A4A01-DDDD-4DFD-B20A-CA0ED422FD8F}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"TCP Query User{0BFDEB93-053D-4B4D-9B4A-7FB65204BFDE}C:\transwin\lv90\lifescripter\en\lifescripter.exe" = protocol=6 | dir=in | app=c:\transwin\lv90\lifescripter\en\lifescripter.exe |
"TCP Query User{A520CEAC-0F9A-42DE-A5D8-BA7F52A405FD}C:\transwin\lv90\lifeview.exe" = protocol=6 | dir=in | app=c:\transwin\lv90\lifeview.exe |
"UDP Query User{7B43778C-B2CF-4925-A14A-13CB88754D96}C:\transwin\lv90\lifeview.exe" = protocol=17 | dir=in | app=c:\transwin\lv90\lifeview.exe |
"UDP Query User{CE550F6F-5697-4771-A500-32BBF588DF49}C:\transwin\lv90\lifescripter\en\lifescripter.exe" = protocol=17 | dir=in | app=c:\transwin\lv90\lifescripter\en\lifescripter.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}" = ATI Catalyst Install Manager
"{83CB95E0-5518-AAC2-9B63-1FDBB4D51263}" = ATI AVIVO64 Codecs
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C99B5E76-3EA1-9943-F394-1E9F9EC8B28C}" = ccc-utility64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Win2PDF_is1" = Win2PDF 7
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0867AFE1-3469-11D7-8193-0010B5BCE08C}" = ABF / FNA
"{08B31070-171E-11D6-BECF-000629F77048}" = MenuFusion
"{09064D50-FF4A-407C-9B13-15B9D231EBA2}" = RegimeRetraiteIndividuel
"{0AE17B00-31FA-11D6-BED9-000629F77048}" = Avantage d'Or / Golden Edge
"{0B043A05-B07C-9307-8CC8-0C72BC8895E2}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE2215D-156E-42E0-A57B-EC5BE5E70771}" = GWL Illustrator Par
"{10895847-3460-11D7-8193-0010B5BCE08C}" = Zone retraite / Retirement zone
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{16D6AA4F-959B-306B-0747-CFBEFCC7A0DE}" = CCC Help Greek
"{1794A506-0DBB-425D-B7E2-66610C2FAA04}" = Manulife - Concept slideshows
"{192BFB6B-7E9C-4346-8ECB-2A42DABFF4DB}" = Manulife - Insure Right / Manuvie - Bien s'assurer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C1473A1-1A26-4C8F-9548-A52D03066CE7}" = Catalyst Control Center - Branding
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FA6F88D-18AF-4A13-92FB-0A88D9D8D2CB}" = Manulife - Performax Gold - Performax Or - MLPG
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205AA014-DD62-4641-A071-6ADCC6E5F6CD}" = Interface
"{22076B10-37D9-7B32-AB5D-3F97D9E87E15}" = CCC Help Turkish
"{22813428-038B-8C98-5AF8-22B7EF1B6284}" = CCC Help Spanish
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25E6F187-81BE-4C7C-BA2A-245DD24933F1}" = GWL Illustrator Config
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BDCCC79-2352-1CD6-80D0-1E1948FEF262}" = CCC Help Italian
"{2CFAE816-9CEA-4A3D-9E6D-499706CC967A}" = GWL Illustrator Term
"{2D162142-12F7-4419-577C-7BB3204F799F}" = CCC Help Chinese Standard
"{2E3751B1-F545-4682-AD4C-FF7A8115DCF9}" = Canada Life Reference Material 13.0
"{2F4FB074-80B6-118F-42AD-27B6F275D884}" = CCC Help Chinese Traditional
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{32D3C724-3E32-11D9-8211-00B0D075DF5C}" = Diamond View Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{374EBC77-5E23-0B63-0B65-136AEFF98C1D}" = CCC Help Danish
"{37BF8DE6-CB40-4F3C-8A24-6CE6BB1F6A55}" = Manulife - Concepts
"{3E35E63A-CC9D-45B8-B599-4DA774BFC74C}" = Transamerica - Five-for-Life 2.1
"{400F29A3-58E9-4848-5BE1-01919F891D44}" = CCC Help Swedish
"{410A820B-D1EF-4996-9BE4-2B771178F966}" = Manulife - Limited Pay UL / Manuvie - Vu à prime temporaire
"{489A6419-A122-4334-BFDE-4C8AFA375476}" = Manulife Financial - Health and Dental
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB014FF-A82F-45F1-BEA6-D740E2B4456B}" = Manulife - Synergy / Manuvie - Synergie
"{4F71D22E-A653-49BB-968E-E62106215C11}" = Manulife - Universal Life
"{4F937EE8-09DA-40D7-BDE2-1AC842160809}" = Lanceur d'installsheild
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51E31FD8-54AC-40B4-9386-EAD5BF25995A}" = GWL Illustrator
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C36E37-F072-4BAC-99EA-ABA692BA4B7A}" = Equitable Sales Illustrations System
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59889460-69A6-4549-AEE6-F2448682C6B3}" = GWL Illustrator Term Config
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5D95EE8F-0063-4239-8B12-DF3BD6E5E775}" = Interface Suite - Industrial Alliance Pacific
"{647A210B-F86A-45AB-B7B0-F44369CBE900}" = Manulife - Term
"{64B54493-BC68-4D6F-B9EB-214E74CC0647}" = Concourse 1.0
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{693C3C76-B3A8-4496-A21A-B474A71C220A}" = ZoomExpressKeyview13.0
"{698C92A9-66A7-11D6-8178-0010B5BCE08C}" = Presentations
"{6AFA3415-7B6A-EF20-225A-B1DC627BBAC5}" = CCC Help Korean
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76D1AA2B-A434-4D63-BE2C-80286F23C223}" = Microsoft Interop Forms Redistributable Package 2.0a
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7CF6604E-BCB8-4B5F-A1CC-1E6DA0C60151}" = MSXML
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F308127-EB7D-4114-A25D-FB7232CB397B}" = Interface
"{81C3E664-CA21-3C4B-312F-54DEB08EF1A5}" = Catalyst Control Center InstallProxy
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8279F213-ECD0-4C36-A8EC-670FC16218E3}" = CCC Help Dutch
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{862DF386-A8E7-4E3D-8724-7798C68D72C6}" = Concourse 1.2 - Content
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88EFE047-67E7-4194-92E6-9B79A563BAA0}" = Assumption-Online-Insurance-Solutions
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B705ED7-A86B-4895-9955-BA80E0B3F40B}" = Calculatrice Financière / Invest
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{956BE19D-1540-4B0E-B3FA-855BD4AC0DC8}" = FNCInstaller
"{9842650A-98C5-A238-AC65-189F80285EBD}" = CCC Help Czech
"{99567851-B7F1-4692-A33A-0732E761220B}" = BodyMedia SYNC
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F41678D-3934-EBBA-F85C-E1A97DB84407}" = CCC Help Thai
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB8F410A-B430-4844-9AC5-DF36BA66CB5D}" = Manulife - UltraVision
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ADDD9902-3576-7071-1196-24E37F15BB52}" = Catalyst Control Center Localization All
"{AE01DCC9-C319-43C5-90F0-BC3E779D678F}" = Manulife - Personal Accident/Personal Accident
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2E60EBE-35BC-41CA-BED6-EDBB9329C037}" = Concepts
"{C005D056-1F74-45EA-B3F1-7F95FCF81556}" = Manulife - Living Benefits
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C2C319F6-3DED-4EAC-B580-33C3A4E51967}" = Interface
"{C45C544E-5047-11D9-8216-00B0D075DF5C}" = Diamond View Launcher
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C90973A2-0C25-4EBF-9BDC-D058D0437044}" = GWL Illustrator Par Config
"{CA0006CC-FB7D-6358-BF24-3394D509AB9C}" = CCC Help Japanese
"{CA04E3AD-FFAC-0EE9-3605-E9665EC05BF7}" = CCC Help Finnish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAE8CA3-5C96-FBF2-BD0F-27D4644217D3}" = CCC Help Portuguese
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF09D056-3FFA-11D6-8171-0010B5BCE08C}" = Solo
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE1C9316-54DD-4A50-972F-47BE5C817AA8}" = Interface
"{DE723887-712F-499D-8B82-5A1EC8F46062}" = SetupCrystalReports
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C8AC08-1B2C-AD87-E4CE-9C0A2618807E}" = CCC Help English
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4F3A636-92E3-86C4-FA1E-19BC06CBB037}" = CCC Help German
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F6575A-7567-9230-2BE0-615A46E5721B}" = CCC Help Russian
"{E9656E99-F59E-F377-DC5F-477047CA4FCF}" = CCC Help French
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EED3CC4B-40BD-11D6-8171-0010B5BCE08C}" = Sommum / Pace / Traditionnel
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F16B7D69-784E-C12E-D42B-A1D69A38B752}" = CCC Help Hungarian
"{F55C10AB-CBAA-4F11-ADB4-34E9794B5789}" = Manulife - Launcher
"{F66A2A34-1246-4064-996F-C023B6E100B7}" = Interface
"{F8F5EC48-CA0B-46CB-BABF-6BDA991A32FC}" = Manulife - Performax Gold - Performax Or - MLPG
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FB85D440-98E6-B361-1727-DFD81F366943}" = ccc-core-static
"{FC4AAC27-3775-E69E-6DBB-381425D79A94}" = CCC Help Norwegian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Afaria Client" = Afaria Client
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CPP Illustration" = CPP Illustration
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Foresters Life - V7.0" = Foresters Life - V7.0
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{99567851-B7F1-4692-A33A-0732E761220B}" = BodyMedia SYNC
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"LifeView - VisionVie 8.1" = LifeView - VisionVie 8.1
"LifeView - VisionVie 9.0" = LifeView - VisionVie 9.0
"LifeView - VisionVie 9.1" = LifeView - VisionVie 9.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"RBC Illustrations System 3.4" = RBC Illustrations System 3.4
"RBC Illustrations System 3.5" = RBC Illustrations System 3.5
"Speed Dial Utility" = Canon Speed Dial Utility
"SSTChannel" = SST Channel - Canada Life (CL)
"The_World_of_Wawanesa_3.0" = Wawanesa 14.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2011 5:07:02 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4992

Error - 12/30/2011 5:07:03 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/30/2011 5:07:03 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006

Error - 12/30/2011 5:07:03 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006

Error - 12/30/2011 5:07:04 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/30/2011 5:07:04 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7004

Error - 12/30/2011 5:07:04 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7004

Error - 12/30/2011 5:07:05 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/30/2011 5:07:05 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003

Error - 12/30/2011 5:07:05 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003

[ System Events ]
Error - 5/2/2012 2:44:48 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
luafv

Error - 5/2/2012 2:44:48 PM | Computer Name = Dave-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 5/2/2012 2:44:53 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 5/2/2012 3:21:28 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/2/2012 3:22:52 PM | Computer Name = Dave-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 5/2/2012 3:23:41 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/2/2012 3:23:45 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/2/2012 3:24:43 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 5/2/2012 3:24:54 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
luafv

Error - 5/2/2012 3:36:48 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
luafv

< End of report >

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 02/05/2012 1:06:21 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/05/2012 7:55:29 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: luafv

Log: 'System' Date/Time: 02/05/2012 7:55:10 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Server service terminated with the following error: Not enough storage is available to complete this operation.

Log: 'System' Date/Time: 02/05/2012 7:55:10 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: Not enough storage is available to complete this operation.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/05/2012 7:55:05 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 02/05/2012 7:54:27 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 02/05/2012 1:07:13 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/05/2012 7:55:20 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/05/2012 7:55:18 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=990}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: DAVE-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 02/05/2012 7:55:10 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=990}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 02/05/2012 7:54:22 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1991808524-1429350913-3625827195-1001:
Process 1780 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1991808524-1429350913-3625827195-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Attached Files

combo.txt 18.72KB 113 downloads
aswMBR.txt 1.5KB 81 downloads
TDSSKiller.2.7.34.0_02.05.2012_12.30.47_log.txt 124.09KB 102 downloads
mbam-log-2012-05-02 (12-40-03).txt 1.81KB 71 downloads
OTL.Txt 136.32KB 161 downloads
Extras.Txt 99.33KB 109 downloads
VEW.txt 1.5KB 95 downloads
VEW2.txt 2.34KB 92 downloads

#5
RKinner

Posted 02 May 2012 - 02:52 PM

Malware Expert

Expert
24,624 posts

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 24 (64-bit)
Java™ 6 Update 29

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or McAfee Security scan or other foistware.

Uninstall
Ask Toolbar

Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************

:OTL
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [ctfpor] rundll32.exe "C:\Users\^Dave\AppData\Local\Temp\ctfpor.dll",SetSaveResolution File not found
O4:64bit: - HKLM..\Run: [pelera] rundll32.exe "C:\Users\^Dave\AppData\Local\Temp\pelera.dll",D3D10UnregisterResource File not found
[2012/04/19 10:17:49 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{078E2CC7-8B83-48C5-A5FB-262F81C52207}
[2012/04/19 10:17:17 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{8AD4EB89-DF9E-40B2-BEFB-23763EDBF5D2}
[2012/04/17 12:29:39 | 000,183,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.024
[2012/04/17 12:29:39 | 000,141,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.026
[2012/04/17 12:29:39 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.025
[2012/04/17 12:29:38 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01F
[2012/04/17 12:29:38 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01C
[2012/04/17 12:29:38 | 000,195,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.020
[2012/04/17 12:29:38 | 000,086,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.023
[2012/04/17 12:29:38 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01D
[2012/04/17 12:29:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.022
[2012/04/17 12:29:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.021
[2012/04/17 12:29:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01E
[2012/04/15 22:46:02 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{234EF522-598C-4603-988A-A4FAE2416B06}
[2012/04/15 22:45:29 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{38840921-ACE5-46D1-8AC0-B58D19E608C9}
[2012/04/14 10:05:42 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{3FCD047A-06D9-43C2-A8DE-8A6A8547FA6D}
[2012/04/09 22:31:09 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{0370657E-E59A-4899-AB51-C54C616F2282}
[2012/04/09 10:30:37 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{3F84318A-6FFC-493D-AB3D-B4E8C293C5FD}
[2012/04/05 12:15:39 | 000,000,000 | ---D | C] -- C:\Users\^Dave\AppData\Local\{78624298-8C2B-4CDD-8AE6-8B9565A155B7}
[2012/05/02 11:26:58 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

:Files
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config 70334752 start= disabled /c
sc config 82343938 start= disabled /c
sc config 70334752 start= disabled /c
C:\Windows\system32\drivers\95497681.sys
C:\Windows\system32\drivers\84539871.sys

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

Delete the old aswMBR.txt
Run aswMBR again just as before and post the new log.

Are you still getting popups?

#6
mosdef

Posted 02 May 2012 - 03:45 PM

Member

Topic Starter
Member
44 posts

i deleted the old java and added a new one

i ran the OTL as you instructed, and the computer rebooted, but i'm not sure where it saved the log?

I have added the asw log as you requested:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 14:43:10
-----------------------------
14:43:10.601 OS Version: Windows x64 6.1.7601 Service Pack 1
14:43:10.601 Number of processors: 4 586 0x2A07
14:43:10.601 ComputerName: DAVE-PC UserName: ^Dave
14:43:12.739 Initialize success
14:43:33.610 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:43:33.610 Disk 0 Vendor: WDC_WD10EALX-759BA1 19.01H19 Size: 953869MB BusType: 3
14:43:33.610 Disk 0 MBR read successfully
14:43:33.625 Disk 0 MBR scan
14:43:33.625 Disk 0 Windows VISTA default MBR code
14:43:33.625 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
14:43:33.625 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 81920
14:43:33.641 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938662 MB offset 31141888
14:43:33.656 Disk 0 scanning C:\Windows\system32\drivers
14:43:37.447 Service scanning
14:43:48.052 Modules scanning
14:43:48.052 Scan finished successfully
14:43:57.287 Disk 0 MBR has been saved successfully to "C:\Users\^Dave\Desktop\MBR.dat"
14:43:57.287 The log file has been saved successfully to "C:\Users\^Dave\Desktop\aswMBR.txt"

#7
RKinner

Posted 02 May 2012 - 04:17 PM

Malware Expert

Expert
24,624 posts

It looks like we got all of it. Any problems left?

#8
mosdef

Posted 02 May 2012 - 04:22 PM

Member

Topic Starter
Member
44 posts

Hi Ron
I will use it for a few hours and report back.

Is it ok to re-run TDSSkiller to see if any threats comes up?

Also, do I need to keep the programs such as Combofix and AswMBR and VEW or can I now delete those?

thanks

#9
RKinner

Posted 02 May 2012 - 04:31 PM

Malware Expert

Expert
24,624 posts

You can run tdsskiller again if you want to. If things are working OK then it's cleanup time:

We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron

#10
mosdef

Posted 02 May 2012 - 04:58 PM

Member

Topic Starter
Member
44 posts

thanks so much!

i re-ran TDSSkiller and no threats were found. i removed the programs as per your instructions, and it seemed to cleanup all the files and hide the hidden files

another question i should have asked earlier. when i contracted these viruses, I had an external hard drive plugged in the H drive called "my passport". this is where i store all my important files (music, work, vacation pictures, etc).

since it was plugged in when the virus was contracted, can that external hard drive also be infected? is there any way to tell?

Edited by mosdef, 02 May 2012 - 04:58 PM.

#11
RKinner

Posted 02 May 2012 - 06:06 PM

Malware Expert

Expert
24,624 posts

This was an MBR infector and if you don't boot off the drive the infection doesn't usually do much so it should be safe.

I don't see an anti-virus so you you might want to install the free Avast before you plug in the drive.
http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

You can run MBR check once it's plugged in and see:

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Ron

#12
mosdef

Posted 02 May 2012 - 08:04 PM

Member

Topic Starter
Member
44 posts

Hi Ron
I havent loaded avast yet, because you said it may take hours to do a scan, so i will do that tonight.

here is the log for MBR:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 620s
Logical Drives Mask: 0x010101fc

Kernel Drivers (total 197):
0x02C08000 \SystemRoot\system32\ntoskrnl.exe
0x031F0000 \SystemRoot\system32\hal.dll
0x00BBB000 \SystemRoot\system32\kdcom.dll
0x00CAF000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CFE000 \SystemRoot\system32\PSHED.dll
0x00D12000 \SystemRoot\system32\CLFS.SYS
0x00EE2000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00FA2000 \SystemRoot\system32\drivers\ACPI.sys
0x00EB3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00EBC000 \SystemRoot\system32\drivers\msisadrv.sys
0x00D70000 \SystemRoot\system32\drivers\pci.sys
0x00EC6000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00DA3000 \SystemRoot\System32\drivers\partmgr.sys
0x00DB8000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00ED3000 \SystemRoot\system32\drivers\intelide.sys
0x00C5C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00C6C000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C86000 \SystemRoot\system32\drivers\atapi.sys
0x00DCD000 \SystemRoot\system32\drivers\ataport.SYS
0x00C8F000 \SystemRoot\system32\drivers\amdxata.sys
0x01021000 \SystemRoot\system32\drivers\fltmgr.sys
0x0106D000 \SystemRoot\system32\drivers\fileinfo.sys
0x01081000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01249000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0108E000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x010EC000 \SystemRoot\System32\Drivers\cng.sys
0x0121B000 \SystemRoot\System32\drivers\pcw.sys
0x0122C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01423000 \SystemRoot\system32\drivers\ndis.sys
0x01516000 \SystemRoot\system32\drivers\NETIO.SYS
0x01576000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01645000 \SystemRoot\System32\drivers\tcpip.sys
0x01849000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01893000 \SystemRoot\system32\drivers\volsnap.sys
0x018DF000 \SystemRoot\System32\Drivers\spldr.sys
0x018E7000 \SystemRoot\System32\drivers\rdyboost.sys
0x01921000 \SystemRoot\System32\Drivers\mup.sys
0x01933000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0193C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01976000 \SystemRoot\system32\drivers\disk.sys
0x0198C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01600000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0162A000 \SystemRoot\System32\Drivers\Null.SYS
0x01633000 \SystemRoot\System32\Drivers\Beep.SYS
0x019F2000 \SystemRoot\System32\drivers\vga.sys
0x015C4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015E9000 \SystemRoot\System32\drivers\watchdog.sys
0x0163A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01400000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01409000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01412000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015A1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0115E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015B2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01180000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03EC0000 \SystemRoot\system32\drivers\afd.sys
0x03F49000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03F54000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03F5D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03F83000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03F99000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03FA8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03FC3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03E51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03E68000 \SystemRoot\System32\drivers\discache.sys
0x03E77000 \SystemRoot\System32\Drivers\dfsc.sys
0x03E95000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03FD7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0424E000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04898000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x050CF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04846000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0486A000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x0487B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0429B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04004000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04181000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x042F1000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0418E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0419B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x041B1000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x041C1000 \SystemRoot\System32\Drivers\RootMdm.sys
0x041C9000 \SystemRoot\system32\drivers\modem.sys
0x041D8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x051C3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x041EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04376000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x043A5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x043C0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x043E1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x051E7000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x04200000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0420F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x041FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02C9A000 \SystemRoot\system32\DRIVERS\ks.sys
0x02CDD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02CEF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02D49000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x02D5E000 \SystemRoot\system32\drivers\AtihdW76.sys
0x02D7E000 \SystemRoot\system32\drivers\portcls.sys
0x02DBB000 \SystemRoot\system32\drivers\drmk.sys
0x02DDD000 \SystemRoot\system32\drivers\ksthunk.sys
0x06460000 \SystemRoot\system32\drivers\CHDRT64.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x065EE000 \SystemRoot\System32\drivers\Dxapi.sys
0x06400000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0640E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0641A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x06423000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06436000 \SystemRoot\system32\DRIVERS\monitor.sys
0x02DE3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06444000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06446000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x02C00000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x02C0C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x00400000 \SystemRoot\System32\TSDDD.dll
0x00750000 \SystemRoot\System32\cdd.dll
0x00890000 \SystemRoot\System32\ATMFD.DLL
0x02C27000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x02C32000 \SystemRoot\system32\drivers\WudfPf.sys
0x02C53000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03A41000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03A94000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03AA7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03ABF000 \SystemRoot\system32\DRIVERS\wdcsam64.sys
0x03AC3000 \SystemRoot\system32\drivers\HTTP.sys
0x03B8C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03BBD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03BDB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0546F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x054BD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x054E1000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0554A000 \SystemRoot\System32\DRIVERS\srv.sys
0x08A1E000 \SystemRoot\system32\drivers\peauth.sys
0x08AC4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08ACF000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x08B90000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x08BDD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08BEF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x08A00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x055E2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x055EB000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x05400000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0540E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0541B000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x0542F000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x019BC000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0543A000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x02C68000 \SystemRoot\System32\Drivers\RimUsb_AMD64.sys
0x776A0000 \Windows\System32\ntdll.dll
0x48540000 \Windows\System32\smss.exe
0xFF9C0000 \Windows\System32\apisetschema.dll
0xFF460000 \Windows\System32\autochk.exe
0xFF880000 \Windows\System32\rpcrt4.dll
0xFF860000 \Windows\System32\imagehlp.dll
0x77550000 \Windows\System32\urlmon.dll
0x77870000 \Windows\System32\normaliz.dll
0xFF7C0000 \Windows\System32\clbcatq.dll
0x77860000 \Windows\System32\psapi.dll
0xFF6B0000 \Windows\System32\msctf.dll
0xFF660000 \Windows\System32\ws2_32.dll
0xFF590000 \Windows\System32\usp10.dll
0x773F0000 \Windows\System32\wininet.dll
0xFF3B0000 \Windows\System32\setupapi.dll
0xFF3A0000 \Windows\System32\nsi.dll
0xFE610000 \Windows\System32\shell32.dll
0xFE570000 \Windows\System32\msvcrt.dll
0xFE4F0000 \Windows\System32\shlwapi.dll
0x772F0000 \Windows\System32\user32.dll
0x770E0000 \Windows\System32\iertutil.dll
0xFE410000 \Windows\System32\advapi32.dll
0xFE400000 \Windows\System32\lpk.dll
0xFE3A0000 \Windows\System32\Wldap32.dll
0xFE190000 \Windows\System32\ole32.dll
0xFE0F0000 \Windows\System32\comdlg32.dll
0xFE070000 \Windows\System32\difxapi.dll
0xFE050000 \Windows\System32\sechost.dll
0xFDF70000 \Windows\System32\oleaut32.dll
0xFDF40000 \Windows\System32\imm32.dll
0xFDED0000 \Windows\System32\gdi32.dll
0x76FC0000 \Windows\System32\kernel32.dll
0xFDEB0000 \Windows\System32\devobj.dll
0xFDE70000 \Windows\System32\wintrust.dll
0xFDE00000 \Windows\System32\KernelBase.dll
0xFDC90000 \Windows\System32\crypt32.dll
0xFDBF0000 \Windows\System32\comctl32.dll
0xFDBB0000 \Windows\System32\cfgmgr32.dll
0xFDBA0000 \Windows\System32\msasn1.dll
0x75820000 \Windows\SysWOW64\normaliz.dll

Processes (total 68):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
372 csrss.exe
436 C:\Windows\System32\wininit.exe
460 csrss.exe
492 C:\Windows\System32\services.exe
516 C:\Windows\System32\lsass.exe
524 C:\Windows\System32\lsm.exe
592 C:\Windows\System32\winlogon.exe
672 C:\Windows\System32\svchost.exe
744 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\atiesrxx.exe
864 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
388 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\atieclxx.exe
568 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\spoolsv.exe
1280 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\taskhost.exe
1684 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1740 C:\Windows\System32\dwm.exe
1764 C:\Windows\explorer.exe
1808 C:\Program Files (x86)\AClient\Bin\XeService.exe
1840 C:\Program Files (x86)\AClient\Bin\XcListener.exe
1868 C:\Program Files (x86)\AClient\Bin\XCDiffCache.exe
1876 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1976 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
1984 C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe
1992 C:\Program Files\Windows Sidebar\sidebar.exe
1048 C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
1316 C:\Program Files\Logitech\SetPoint\SetPoint.exe
1532 C:\Program Files\Bonjour\mDNSResponder.exe
1756 C:\Windows\System32\svchost.exe
1652 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2112 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2136 C:\Windows\System32\svchost.exe
2440 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2516 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2660 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2728 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2848 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2000 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
832 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
1968 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
3308 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
1468 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3204 C:\Windows\System32\SearchIndexer.exe
3004 C:\Program Files\iPod\bin\iPodService.exe
3664 C:\Windows\System32\svchost.exe
2996 WUDFHost.exe
4180 C:\Program Files\Windows Media Player\wmpnetwk.exe
4696 C:\Windows\System32\svchost.exe
4444 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4452 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4936 dllhost.exe
284 C:\Program Files (x86)\Nero\Update\NASvc.exe
2536 C:\Windows\System32\wuauclt.exe
4744 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1052 C:\Windows\System32\audiodg.exe
4764 C:\COMPLIFE\GOWIN.EXE
4484 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2348 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5660 taskhost.exe
5960 C:\Users\^Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17XRDDBA\MBRCheck.exe
5968 C:\Windows\System32\conhost.exe
5712 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`b6600000 (NTFS)
\\.\H: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000 (NTFS)
\\.\Q: --> error 5
\\.\Y: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: WDCWD10EALX-759BA1, Rev: 19.01H19
PhysicalDrive3 Model Number: WDMy Passport 0730, Rev: 1016

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
465 GB \\.\PhysicalDrive3 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

#13
RKinner

Posted 02 May 2012 - 09:59 PM

Malware Expert

Expert
24,624 posts

MBR appears normal.

#14
mosdef

Posted 03 May 2012 - 05:22 PM

Member

Topic Starter
Member
44 posts

thanks so much! everythings been good so far, no issues.

To clarify, are you recommending i download the free anti virus program Avast, and keep it on my computer for good?