Hi GeeksU Moderator,
Great News! I ran ComboFix, and the program completed without restarting the computer. I restarted my computer anyway, and Windows Explorer has stopped popping out. However, the program that controls Bluetooth is missing from Start button>Search programs. This is ComboFix log..
ComboFix 13-04-12.02 - admin 14/04/2013 12:15:21.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.4028.2569 [GMT 8:00]
Running from: c:\users\admin\Desktop\Hard Drive Failure 2013-03\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-14 to 2013-04-14 )))))))))))))))))))))))))))))))
.
.
2013-04-14 04:25 . 2013-04-14 04:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-14 04:25 . 2013-04-14 04:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-14 03:37 . 2012-11-07 01:00 58360 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2013-04-13 15:28 . 2013-04-13 15:39 -------- d-----w- c:\windows\system32\catroot2
2013-04-13 15:12 . 2013-04-13 15:14 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2013-04-13 14:12 . 2013-04-13 15:26 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-04-13 13:24 . 2013-04-13 13:24 -------- d-----w- C:\RegBackup
2013-04-13 04:15 . 2013-04-14 04:21 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{957BEB4E-CC55-458C-9418-1599D57C4EA6}\offreg.dll
2013-04-12 18:18 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{957BEB4E-CC55-458C-9418-1599D57C4EA6}\mpengine.dll
2013-04-10 17:16 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 17:16 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 17:16 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 17:16 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 17:16 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 17:16 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-10 17:15 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 17:15 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 17:15 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 17:15 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 17:15 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 17:15 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 17:15 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 17:15 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 17:15 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-07 07:38 . 2013-04-07 07:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-07 07:38 . 2012-12-14 08:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-04 19:08 . 2013-04-04 19:08 -------- d-----w- c:\windows\PCHEALTH
2013-04-03 19:48 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-04-03 19:48 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-04-03 19:48 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-04-03 19:48 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-04-03 19:37 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-04-03 19:37 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-04-03 19:37 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-04-03 19:37 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-04-03 19:36 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-04-03 19:36 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-04-03 19:36 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-04-03 19:36 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-04-03 19:36 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-04-03 19:36 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-04-03 19:36 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-04-03 07:23 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-04-03 07:23 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-03 07:23 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-04-03 07:23 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-04-03 07:23 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-04-03 07:23 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-04-03 07:23 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-04-03 07:23 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-04-03 07:20 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-04-03 07:19 . 2012-12-07 11:20 30720 ----a-w- c:\windows\system32\usk.rs
2013-04-03 07:17 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2013-04-03 07:15 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-04-03 07:14 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2013-04-03 07:14 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-04-03 07:14 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-04-03 07:14 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-04-03 07:14 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-04-03 07:14 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-04-03 07:14 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2013-04-03 07:14 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-04-03 07:14 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-04-03 06:50 . 2013-04-03 06:50 -------- d-----w- c:\program files (x86)\Panda Security
2013-04-02 20:53 . 2013-04-02 05:52 -------- d-----w- c:\windows\system32\OEM
2013-04-02 20:17 . 2013-04-02 06:53 -------- d-----w- C:\$WINDOWS.~Q
2013-04-02 19:58 . 2013-04-02 20:07 -------- d-----w- C:\$INPLACE.~TR
2013-04-02 07:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-04-02 07:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-04-02 07:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-04-02 07:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-04-02 07:33 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-04-02 07:33 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-04-02 07:33 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-04-02 07:32 . 2012-06-02 07:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-04-02 07:32 . 2012-06-02 07:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-04-02 07:19 . 2013-04-02 07:19 -------- d-----w- C:\Recovery
2013-04-02 06:27 . 2013-04-14 03:37 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2013-04-02 06:27 . 2013-04-02 06:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-04-02 05:10 . 2013-04-02 06:23 -------- d-----w- c:\users\Guest
2013-04-02 05:10 . 2013-04-13 04:02 -------- d-----w- c:\users\admin
2013-04-02 05:10 . 2013-04-03 19:12 -------- d-----w- c:\users\YaoTheHong
2013-04-02 05:10 . 2013-04-06 12:28 -------- d-----w- c:\users\Ajnim
2013-04-02 05:08 . 2013-04-14 03:36 -------- d-----w- c:\programdata\NVIDIA
2013-04-02 05:08 . 2013-04-10 19:05 -------- d-sh--w- c:\windows\Installer
2013-04-02 05:07 . 2013-04-02 05:07 -------- d-----w- c:\windows\system32\SRSLabs
2013-04-02 05:06 . 2013-04-02 05:06 -------- d-----w- c:\program files\Realtek
2013-04-02 05:06 . 2013-04-02 05:06 -------- d-----w- c:\windows\SysWow64\RTCOM
2013-04-02 05:06 . 2013-04-02 05:06 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-04-02 05:06 . 2013-04-02 05:42 -------- d-----w- c:\program files\NVIDIA Corporation
2013-04-02 05:05 . 2013-04-02 05:05 -------- d-----w- c:\program files\Synaptics
2013-04-02 05:05 . 2013-04-02 05:05 -------- dc----w- c:\windows\system32\DRVSTORE
2013-04-02 05:05 . 2010-08-20 03:05 21616 ----a-w- c:\windows\system32\drivers\stdcfltn.sys
2013-04-02 05:05 . 2013-04-02 05:05 -------- d-----w- c:\program files\STMicroelectronics
2013-04-01 12:54 . 2010-12-02 06:42 1359976 ----a-w- c:\windows\system32\nvgenco64hda.dll
2013-04-01 12:54 . 2010-11-11 20:40 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2013-04-01 12:54 . 2010-11-11 20:40 155752 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-04-01 12:54 . 2010-12-24 00:26 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2013-04-01 12:54 . 2010-12-24 00:26 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2013-04-01 12:44 . 2009-08-26 07:04 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-04-01 12:44 . 2013-04-01 12:44 -------- d-----w- C:\Dell
2013-04-01 11:23 . 2013-04-02 05:14 -------- d-----w- c:\program files\Common Files\Intel
2013-04-01 11:23 . 2013-04-02 05:48 -------- d-----w- c:\programdata\Intel
2013-04-01 11:23 . 2013-04-02 05:15 -------- d-----w- c:\program files\Intel
2013-04-01 10:21 . 2010-06-23 09:10 344680 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-04-01 10:21 . 2010-01-05 16:39 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-04-01 10:21 . 2009-12-03 09:27 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-04-01 10:09 . 2010-02-26 08:32 158976 ----a-w- c:\windows\system32\drivers\Impcd.sys
2013-04-01 07:57 . 2013-04-02 05:49 -------- d-----w- c:\programdata\ParetoLogic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 18:27 . 2012-04-02 01:24 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-12 18:27 . 2011-05-17 11:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-08 15:39 . 2011-11-29 07:31 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-11 17:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-02-17 06:41 . 2013-02-17 06:41 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-17 06:41 . 2012-07-25 16:12 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-17 06:41 . 2011-01-17 19:35 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-04-03 07:19 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-03 07:19 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-03 07:19 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-04-03 07:19 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-04-03 07:19 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-03 07:19 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-01-27 32480]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-29 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-11-02 04:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FATrayAlert^32*Registry: HKLM:RUN]
2010-11-02 04:40 93832 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg^Registry: HKLM:RUN]
2011-01-18 06:53 2188904 ----a-w- c:\program files\Realtek\Audio\HDA\RAVBg64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL^Registry: HKLM:RUN]
2011-02-18 07:48 6611048 ----a-w- c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe
.
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-10-22 33320]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-19 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-06 1432400]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-09-27 169048]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2010-12-02 12800]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [2007-06-28 173056]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-04-03 1255736]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-11-28 69160]
R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 GizmoDrv;Gizmo Device Driver; [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-11-26 89640]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-11-26 114728]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys [2013-01-09 95712]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-11-26 114216]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-11-26 94248]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-11-26 118312]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-11-26 306216]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-11-26 116776]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-11-26 114216]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-11-28 232488]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-11-26 105000]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-11-09 204328]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-02 2428552]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-01-27 140512]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-11-09 167976]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-11-09 119848]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-11-09 123944]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-11-09 133160]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-01-27 37088]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-03 645048]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-08-19 27760]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-08 279616]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-16 56344]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-12 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PSKMAD
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 17:50 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:27]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-30 14:40]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-30 14:40]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core.job
- c:\users\YaoTheHong\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 10:54]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA.job
- c:\users\YaoTheHong\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 10:54]
.
2013-04-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 07:47]
.
2013-04-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 07:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-08-12 283240]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-04-14 12:46:01
ComboFix-quarantined-files.txt 2013-04-14 04:45
ComboFix2.txt 2011-11-27 08:55
.
Pre-Run: 90,375,983,104 bytes free
Post-Run: 90,049,466,368 bytes free
.
- - End Of File - - 3B7226A5E5A6C668114D6C886D989427
Edited by AlanY, 14 April 2013 - 01:29 AM.