Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Infected Alureon / Sirefef

Started by kryptonaus , Apr 02 2012 05:42 PM

This topic is locked

44 replies to this topic

#1 kryptonaus

Member

Members
39 posts

Posted 02 April 2012 - 05:42 PM

EDIT: Moved to Virus, Trojan, Spyware, and Malware Removal Logs G-Mod

Hi,

I would really really appreciate it if anyone is able to help me, just tell me what logs I need to post and I will go ahead.

I started getting google links redirects, Malware Bytes did not find anything but Microsoft Security Essentials found Alureon.FP and Sirefef.J, Sirefef.W, Sirefef.B, Sirefef.Y, Sirefef.U also Zbot. MSE cleans them up but they reappear after 10 minutes or so.

I can not configure Windows Firewall, has been interfered with by the trojans I think.

If I restart the computer the startup repair utility runs saying that repair is required. The utility cannot repair the system and I have to restore to the last restore point and it starts all over again with the trojans found by MSE.

I am running Win7 64 bit.

Any and all help greatly appreciated.

Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by DELL at 9:04:31 on 2012-04-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2174 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 222.127.106.89:3128
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\DELL\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
uRun: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~2\TrayServer_en.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
StartupFolder: C:\Users\DELL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CHECKF~1.LNK - C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download All By FlashGet3 - C:\Users\DELL\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - C:\Users\DELL\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: kuaiche.com\software
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{F6D3D7A6-8613-4238-AC06-2BF711AB1E5F} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{F6D3D7A6-8613-4238-AC06-2BF711AB1E5F}\14C69656E602C41626 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F6D3D7A6-8613-4238-AC06-2BF711AB1E5F}\2373430326 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F6D3D7A6-8613-4238-AC06-2BF711AB1E5F}\44C494E4B4 : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{F6D3D7A6-8613-4238-AC06-2BF711AB1E5F}\77962756C6563737 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\DELL\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO-X64: FlashGetBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [FAStartup]
mRun-x64: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~2\TrayServer_en.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\q4u1iziz.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - component: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\q4u1iziz.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - component: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\q4u1iziz.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-15 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-10 155648]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-2-21 2409800]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-15 673088]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-15 2320920]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 azvusb;Virtual USB Hub;C:\Windows\system32\DRIVERS\azvusb.sys --> C:\Windows\system32\DRIVERS\azvusb.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 abmnwrxl;abmnwrxl;\??\C:\Windows\system32\drivers\abmnwrxl.sys --> C:\Windows\system32\drivers\abmnwrxl.sys [?]
S1 aibhmzzd;aibhmzzd;\??\C:\Windows\system32\drivers\aibhmzzd.sys --> C:\Windows\system32\drivers\aibhmzzd.sys [?]
S1 eicjognu;eicjognu;\??\C:\Windows\system32\drivers\eicjognu.sys --> C:\Windows\system32\drivers\eicjognu.sys [?]
S1 hyefoczi;hyefoczi;\??\C:\Windows\system32\drivers\hyefoczi.sys --> C:\Windows\system32\drivers\hyefoczi.sys [?]
S1 sxmgttpv;sxmgttpv;\??\C:\Windows\system32\drivers\sxmgttpv.sys --> C:\Windows\system32\drivers\sxmgttpv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys [?]
S3 MODRC;PCTV Dib Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys --> C:\Windows\system32\DRIVERS\modrc.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RDID1045;FANTOM-X;C:\Windows\system32\Drivers\rdwm1045.sys --> C:\Windows\system32\Drivers\rdwm1045.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-3 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-04-02 23:04:19 50000 ----a-w- C:\Windows\System32\drivers\aibhmzzd.sys
2012-04-02 22:47:59 50000 ----a-w- C:\Windows\System32\drivers\eicjognu.sys
2012-04-02 22:41:14 50000 ----a-w- C:\Windows\System32\drivers\hyefoczi.sys
2012-04-02 22:28:30 50000 ----a-w- C:\Windows\System32\drivers\abmnwrxl.sys
2012-04-02 22:16:39 50000 ----a-w- C:\Windows\System32\drivers\sxmgttpv.sys
2012-04-02 22:16:29 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B27B9B1-8835-4916-977E-4B28523D9425}\offreg.dll
2012-04-02 22:04:21 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-02 22:04:10 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D6777A0-08D5-457B-AA01-850ACC99DDBB}\gapaengine.dll
2012-04-02 22:03:50 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B27B9B1-8835-4916-977E-4B28523D9425}\mpengine.dll
2012-04-02 12:35:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-02 05:57:10 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-02 05:57:02 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-02 05:56:49 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-04-02 05:29:20 -------- d-----we C:\Windows\system64
2012-04-01 00:31:03 98816 ----a-w- C:\Windows\sed.exe
2012-04-01 00:31:03 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-01 00:31:03 256000 ----a-w- C:\Windows\PEV.exe
2012-04-01 00:31:03 208896 ----a-w- C:\Windows\MBR.exe
2012-04-01 00:30:55 -------- d-s---w- C:\ComboFix
2012-03-31 12:31:11 8738464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-31 11:34:53 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-31 10:33:16 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-13 10:07:50 134 ----a-w- C:\hosts-perm.bat
2012-03-13 08:51:50 -------- d-----w- C:\Users\DELL\AppData\Roaming\Malwarebytes
2012-03-13 08:51:39 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-13 08:51:38 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-13 08:51:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-06 06:19:11 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
.
==================== Find3M ====================
.
2012-03-31 12:31:14 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-02 07:19:50 2892 ----a-w- C:\Windows\SysWow64\audcon.sys
.
============= FINISH: 9:05:15.32 ===============

Edited by boopme, 02 April 2012 - 08:26 PM.

BC Ads
BleepingComputer.com

#2 kryptonaus

Member

Members
39 posts

Posted 03 April 2012 - 01:00 AM

It appears that I am having the same issues as posted by DaveC24 so followed the same advice as given by JSntgRvr and run aswMBR.

Below are the logs from that and attached MBR.dat (which looks like it has errors)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-03 15:16:17
-----------------------------
15:16:17.894 OS Version: Windows x64 6.1.7600
15:16:17.894 Number of processors: 4 586 0x2505
15:16:17.894 ComputerName: DELL-PC UserName: DELL
15:16:19.189 Initialize success
15:21:15.566 AVAST engine defs: 12040201
15:21:27.266 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:21:27.266 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
15:21:27.281 Disk 0 MBR read successfully
15:21:27.281 Disk 0 MBR scan
15:21:27.359 Disk 0 Windows 7 default MBR code
15:21:27.375 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
15:21:27.422 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
15:21:27.469 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230919 MB offset 30926848
15:21:27.484 Disk 0 Partition - 00 0F Extended LBA 230918 MB offset 503851008
15:21:27.515 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 230917 MB offset 503853056
15:21:27.609 Disk 0 scanning C:\Windows\system32\drivers
15:21:40.994 Service scanning
15:22:10.509 Modules scanning
15:22:10.509 Disk 0 trace - called modules:
15:22:10.540 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
15:22:10.556 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c52060]
15:22:10.556 3 CLASSPNP.SYS[fffff88001a8d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049d8050]
15:22:13.520 AVAST engine scan C:\Windows
15:22:17.373 AVAST engine scan C:\Windows\system32
15:26:57.128 AVAST engine scan C:\Windows\system32\drivers
15:27:12.994 AVAST engine scan C:\Users\DELL
15:40:06.734 AVAST engine scan C:\ProgramData
15:47:57.976 Scan finished successfully
15:55:49.034 Disk 0 MBR has been saved successfully to "C:\Users\DELL\Desktop\MBR.dat"
15:55:49.175 The log file has been saved successfully to "C:\Users\DELL\Desktop\aswMBR.txt"

Attached Files

MBR.zip 577bytes 0 downloads

#3 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 03 April 2012 - 01:06 AM

Hello krpytonaus and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
- Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.
- Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:

NEXT:

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

NEXT:

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure SKIP is selected, then click Continue.
Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

NEXT:

Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

NEXT:

Running OTL

We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"

Copy and Paste the following code into the Posted Image

textbox.

msconfig
safebootminimal
activex
drivers32
netsvcs
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
wininit.exe
tdx.sys
afd.sys
/md5stop
type "C:\ComboFix.txt" /c
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#4 kryptonaus

Member

Members
39 posts

Posted 03 April 2012 - 02:14 AM

1)________________________________________________________________________________

Hello ST and thanks for taking the time to help me out, I really value and appreciate your assistance.
Please find below the logs generated from the utilities as requested.

2)________________________________________________________________________________

16:48:24.0022 6168 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
16:48:24.0724 6168 ============================================================
16:48:24.0724 6168 Current date / time: 2012/04/03 16:48:24.0724
16:48:24.0724 6168 SystemInfo:
16:48:24.0724 6168
16:48:24.0724 6168 OS Version: 6.1.7600 ServicePack: 0.0
16:48:24.0724 6168 Product type: Workstation
16:48:24.0724 6168 ComputerName: DELL-PC
16:48:24.0724 6168 UserName: DELL
16:48:24.0724 6168 Windows directory: C:\Windows
16:48:24.0724 6168 System windows directory: C:\Windows
16:48:24.0724 6168 Running under WOW64
16:48:24.0724 6168 Processor architecture: Intel x64
16:48:24.0724 6168 Number of processors: 4
16:48:24.0724 6168 Page size: 0x1000
16:48:24.0724 6168 Boot type: Normal boot
16:48:24.0724 6168 ============================================================
16:48:25.0239 6168 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:48:25.0301 6168 Drive \Device\Harddisk1\DR1 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:48:25.0301 6168 \Device\Harddisk0\DR0:
16:48:25.0301 6168 MBR used
16:48:25.0301 6168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
16:48:25.0301 6168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x1C303830
16:48:25.0317 6168 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E083000, BlocksNum 0x1C302800
16:48:25.0317 6168 \Device\Harddisk1\DR1:
16:48:25.0317 6168 MBR used
16:48:25.0317 6168 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEEA000
16:48:25.0410 6168 Initialize success
16:48:25.0410 6168 ============================================================
16:48:30.0683 6576 ============================================================
16:48:30.0683 6576 Scan started
16:48:30.0683 6576 Mode: Manual; SigCheck; TDLFS;
16:48:30.0683 6576 ============================================================
16:48:31.0635 6576 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
16:48:31.0713 6576 1394ohci - ok
16:48:31.0791 6576 abmnwrxl (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\abmnwrxl.sys
16:48:31.0822 6576 abmnwrxl - ok
16:48:31.0884 6576 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:48:31.0931 6576 ACPI - ok
16:48:31.0994 6576 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:48:32.0056 6576 AcpiPmi - ok
16:48:32.0196 6576 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:48:32.0290 6576 AdobeFlashPlayerUpdateSvc - ok
16:48:32.0430 6576 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:48:32.0462 6576 adp94xx - ok
16:48:32.0508 6576 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:48:32.0524 6576 adpahci - ok
16:48:32.0602 6576 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:48:32.0633 6576 adpu320 - ok
16:48:32.0696 6576 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:48:32.0774 6576 AeLookupSvc - ok
16:48:32.0820 6576 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:48:32.0883 6576 AERTFilters - ok
16:48:32.0961 6576 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
16:48:33.0008 6576 AFD - ok
16:48:33.0070 6576 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:48:33.0101 6576 agp440 - ok
16:48:33.0148 6576 aibhmzzd (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\aibhmzzd.sys
16:48:33.0164 6576 aibhmzzd - ok
16:48:33.0226 6576 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:48:33.0304 6576 ALG - ok
16:48:33.0366 6576 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:48:33.0398 6576 aliide - ok
16:48:33.0460 6576 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe
16:48:33.0522 6576 AMD External Events Utility - ok
16:48:33.0554 6576 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:48:33.0569 6576 amdide - ok
16:48:33.0600 6576 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:48:33.0632 6576 AmdK8 - ok
16:48:33.0788 6576 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
16:48:33.0959 6576 amdkmdag - ok
16:48:34.0271 6576 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
16:48:34.0334 6576 amdkmdap - ok
16:48:34.0365 6576 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:48:34.0412 6576 AmdPPM - ok
16:48:34.0443 6576 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
16:48:34.0458 6576 amdsata - ok
16:48:34.0552 6576 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:48:34.0599 6576 amdsbs - ok
16:48:34.0630 6576 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
16:48:34.0646 6576 amdxata - ok
16:48:34.0724 6576 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:48:34.0755 6576 AppID - ok
16:48:34.0802 6576 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:48:34.0880 6576 AppIDSvc - ok
16:48:34.0958 6576 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
16:48:35.0020 6576 Appinfo - ok
16:48:35.0098 6576 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:48:35.0145 6576 Apple Mobile Device - ok
16:48:35.0238 6576 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:48:35.0254 6576 arc - ok
16:48:35.0285 6576 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:48:35.0301 6576 arcsas - ok
16:48:35.0349 6576 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:48:35.0395 6576 AsyncMac - ok
16:48:35.0458 6576 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:48:35.0473 6576 atapi - ok
16:48:35.0536 6576 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
16:48:35.0567 6576 AtiHdmiService - ok
16:48:35.0645 6576 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
16:48:35.0770 6576 AudioEndpointBuilder - ok
16:48:35.0801 6576 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
16:48:35.0848 6576 AudioSrv - ok
16:48:35.0926 6576 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
16:48:35.0988 6576 AxInstSV - ok
16:48:36.0082 6576 azvusb (9f4320ba8e7ce2342517b182a2f2c0e6) C:\Windows\system32\DRIVERS\azvusb.sys
16:48:36.0113 6576 azvusb - ok
16:48:36.0207 6576 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:48:36.0238 6576 b06bdrv - ok
16:48:36.0300 6576 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:48:36.0316 6576 b57nd60a - ok
16:48:36.0441 6576 BCM43XX (0b0df4cd7c2c188c95c4e09c568ad54a) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:48:36.0550 6576 BCM43XX - ok
16:48:36.0612 6576 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
16:48:36.0628 6576 BcmVWL - ok
16:48:36.0659 6576 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:48:36.0706 6576 BDESVC - ok
16:48:36.0784 6576 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:48:36.0831 6576 Beep - ok
16:48:36.0893 6576 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
16:48:36.0971 6576 BITS - ok
16:48:37.0033 6576 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:48:37.0065 6576 blbdrive - ok
16:48:37.0143 6576 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:48:37.0205 6576 Bonjour Service - ok
16:48:37.0267 6576 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
16:48:37.0299 6576 bowser - ok
16:48:37.0361 6576 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:48:37.0392 6576 BrFiltLo - ok
16:48:37.0423 6576 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:48:37.0455 6576 BrFiltUp - ok
16:48:37.0501 6576 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:48:37.0564 6576 BridgeMP - ok
16:48:37.0626 6576 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
16:48:37.0689 6576 Browser - ok
16:48:37.0735 6576 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:48:37.0798 6576 Brserid - ok
16:48:37.0829 6576 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:48:37.0845 6576 BrSerWdm - ok
16:48:37.0891 6576 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:48:37.0923 6576 BrUsbMdm - ok
16:48:37.0954 6576 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:48:37.0969 6576 BrUsbSer - ok
16:48:38.0032 6576 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
16:48:38.0079 6576 BthEnum - ok
16:48:38.0125 6576 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:48:38.0157 6576 BTHMODEM - ok
16:48:38.0203 6576 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:48:38.0235 6576 BthPan - ok
16:48:38.0297 6576 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
16:48:38.0344 6576 BTHPORT - ok
16:48:38.0406 6576 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:48:38.0469 6576 bthserv - ok
16:48:38.0500 6576 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
16:48:38.0547 6576 BTHUSB - ok
16:48:38.0593 6576 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
16:48:38.0609 6576 btwaudio - ok
16:48:38.0640 6576 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
16:48:38.0656 6576 btwavdt - ok
16:48:38.0703 6576 btwdins (d65aa164acd0f6706dbcfbbcc9731584) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:48:38.0781 6576 btwdins - ok
16:48:38.0827 6576 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:48:38.0843 6576 btwl2cap - ok
16:48:38.0874 6576 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
16:48:38.0890 6576 btwrchid - ok
16:48:38.0968 6576 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
16:48:38.0999 6576 BVRPMPR5a64 - ok
16:48:39.0061 6576 ccohifqb (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\ccohifqb.sys
16:48:39.0093 6576 ccohifqb - ok
16:48:39.0139 6576 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:48:39.0202 6576 cdfs - ok
16:48:39.0280 6576 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:48:39.0311 6576 cdrom - ok
16:48:39.0373 6576 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
16:48:39.0451 6576 CertPropSvc - ok
16:48:39.0514 6576 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:48:39.0545 6576 circlass - ok
16:48:39.0592 6576 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:48:39.0639 6576 CLFS - ok
16:48:39.0701 6576 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:39.0748 6576 clr_optimization_v2.0.50727_32 - ok
16:48:39.0779 6576 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:48:39.0810 6576 clr_optimization_v2.0.50727_64 - ok
16:48:39.0888 6576 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:48:39.0904 6576 clr_optimization_v4.0.30319_32 - ok
16:48:39.0982 6576 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:48:39.0997 6576 clr_optimization_v4.0.30319_64 - ok
16:48:40.0138 6576 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:48:40.0169 6576 CmBatt - ok
16:48:40.0247 6576 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:48:40.0278 6576 cmdide - ok
16:48:40.0341 6576 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
16:48:40.0372 6576 CNG - ok
16:48:40.0403 6576 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:48:40.0419 6576 Compbatt - ok
16:48:40.0450 6576 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:48:40.0497 6576 CompositeBus - ok
16:48:40.0528 6576 COMSysApp - ok
16:48:40.0575 6576 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:48:40.0590 6576 crcdisk - ok
16:48:40.0621 6576 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
16:48:40.0684 6576 CryptSvc - ok
16:48:40.0731 6576 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:48:40.0762 6576 CtClsFlt - ok
16:48:40.0871 6576 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:48:41.0011 6576 cvhsvc - ok
16:48:41.0136 6576 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
16:48:41.0214 6576 DcomLaunch - ok
16:48:41.0261 6576 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:48:41.0323 6576 defragsvc - ok
16:48:41.0401 6576 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
16:48:41.0479 6576 DfsC - ok
16:48:41.0542 6576 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
16:48:41.0651 6576 Dhcp - ok
16:48:41.0667 6576 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:48:41.0729 6576 discache - ok
16:48:41.0760 6576 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:48:41.0776 6576 Disk - ok
16:48:41.0823 6576 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
16:48:41.0885 6576 Dnscache - ok
16:48:41.0979 6576 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
16:48:42.0041 6576 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
16:48:42.0041 6576 DockLoginService - detected UnsignedFile.Multi.Generic (1)
16:48:42.0213 6576 dosyrptt (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\dosyrptt.sys
16:48:42.0244 6576 dosyrptt - ok
16:48:42.0322 6576 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
16:48:42.0400 6576 dot3svc - ok
16:48:42.0447 6576 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
16:48:42.0525 6576 DPS - ok
16:48:42.0587 6576 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:48:42.0603 6576 drmkaud - ok
16:48:42.0681 6576 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
16:48:42.0743 6576 DXGKrnl - ok
16:48:42.0805 6576 dxobwnrs (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\dxobwnrs.sys
16:48:42.0821 6576 dxobwnrs - ok
16:48:42.0883 6576 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:48:42.0946 6576 EapHost - ok
16:48:43.0055 6576 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:48:43.0164 6576 ebdrv - ok
16:48:43.0211 6576 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
16:48:43.0242 6576 EFS - ok
16:48:43.0320 6576 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
16:48:43.0383 6576 ehRecvr - ok
16:48:43.0414 6576 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:48:43.0476 6576 ehSched - ok
16:48:43.0554 6576 eicjognu (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\eicjognu.sys
16:48:43.0570 6576 eicjognu - ok
16:48:43.0632 6576 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:48:43.0663 6576 elxstor - ok
16:48:43.0710 6576 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:48:43.0757 6576 ErrDev - ok
16:48:43.0819 6576 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:48:43.0897 6576 EventSystem - ok
16:48:43.0975 6576 ewusbnet (477bc304201197f4057090bd60af1739) C:\Windows\system32\DRIVERS\ewusbnet.sys
16:48:44.0038 6576 ewusbnet - ok
16:48:44.0116 6576 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:48:44.0163 6576 exfat - ok
16:48:44.0225 6576 Fabs - ok
16:48:44.0303 6576 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
16:48:44.0334 6576 FACAP - ok
16:48:44.0443 6576 FAService (cf3c4bc3c771242593d5392fa54c040e) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
16:48:44.0865 6576 FAService - ok
16:48:44.0989 6576 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:48:45.0036 6576 fastfat - ok
16:48:45.0099 6576 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
16:48:45.0223 6576 Fax - ok
16:48:45.0286 6576 fbmwuhdo (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\fbmwuhdo.sys
16:48:45.0301 6576 fbmwuhdo - ok
16:48:45.0333 6576 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:48:45.0348 6576 fdc - ok
16:48:45.0379 6576 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:48:45.0442 6576 fdPHost - ok
16:48:45.0489 6576 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:48:45.0535 6576 FDResPub - ok
16:48:45.0551 6576 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:48:45.0582 6576 FileInfo - ok
16:48:45.0598 6576 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:48:45.0645 6576 Filetrace - ok
16:48:45.0769 6576 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:48:45.0894 6576 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
16:48:45.0894 6576 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
16:48:45.0941 6576 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:48:46.0050 6576 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:48:46.0050 6576 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:48:46.0206 6576 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:48:46.0237 6576 flpydisk - ok
16:48:46.0284 6576 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:48:46.0331 6576 FltMgr - ok
16:48:46.0409 6576 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
16:48:46.0534 6576 FontCache - ok
16:48:46.0596 6576 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:48:46.0612 6576 FontCache3.0.0.0 - ok
16:48:46.0690 6576 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:48:46.0721 6576 FsDepends - ok
16:48:46.0737 6576 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:48:46.0752 6576 Fs_Rec - ok
16:48:46.0799 6576 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:48:46.0830 6576 fvevol - ok
16:48:46.0846 6576 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:48:46.0861 6576 gagp30kx - ok
16:48:46.0908 6576 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:48:46.0939 6576 GEARAspiWDM - ok
16:48:46.0986 6576 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
16:48:47.0002 6576 GoToAssist - ok
16:48:47.0049 6576 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
16:48:47.0111 6576 gpsvc - ok
16:48:47.0158 6576 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:48:47.0205 6576 gupdate - ok
16:48:47.0220 6576 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:48:47.0251 6576 gupdatem - ok
16:48:47.0329 6576 gzeitjbe (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\gzeitjbe.sys
16:48:47.0345 6576 gzeitjbe - ok
16:48:47.0392 6576 haccagoe (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\haccagoe.sys
16:48:47.0407 6576 haccagoe - ok
16:48:47.0439 6576 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:48:47.0485 6576 hcw85cir - ok
16:48:47.0517 6576 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:48:47.0532 6576 HDAudBus - ok
16:48:47.0595 6576 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:48:47.0610 6576 HECIx64 - ok
16:48:47.0626 6576 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:48:47.0657 6576 HidBatt - ok
16:48:47.0673 6576 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:48:47.0704 6576 HidBth - ok
16:48:47.0704 6576 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:48:47.0751 6576 HidIr - ok
16:48:47.0782 6576 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:48:47.0829 6576 hidserv - ok
16:48:47.0891 6576 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:48:47.0907 6576 HidUsb - ok
16:48:47.0938 6576 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
16:48:48.0016 6576 hkmsvc - ok
16:48:48.0047 6576 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
16:48:48.0094 6576 HomeGroupListener - ok
16:48:48.0141 6576 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
16:48:48.0172 6576 HomeGroupProvider - ok
16:48:48.0234 6576 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:48:48.0265 6576 HpSAMD - ok
16:48:48.0297 6576 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:48:48.0343 6576 HTTP - ok
16:48:48.0437 6576 hwdatacard (8f9b0fc4ec3a8194bd4cbc5ed3e7abeb) C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:48:48.0499 6576 hwdatacard - ok
16:48:48.0515 6576 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:48:48.0531 6576 hwpolicy - ok
16:48:48.0609 6576 hyefoczi (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\hyefoczi.sys
16:48:48.0640 6576 hyefoczi - ok
16:48:48.0702 6576 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:48:48.0733 6576 i8042prt - ok
16:48:48.0780 6576 iamzfvbz (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\iamzfvbz.sys
16:48:48.0796 6576 iamzfvbz - ok
16:48:48.0843 6576 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
16:48:48.0889 6576 iaStor - ok
16:48:48.0936 6576 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
16:48:48.0983 6576 iaStorV - ok
16:48:49.0045 6576 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:48:49.0108 6576 idsvc - ok
16:48:49.0155 6576 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:48:49.0155 6576 iirsp - ok
16:48:49.0233 6576 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
16:48:49.0311 6576 IKEEXT - ok
16:48:49.0357 6576 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
16:48:49.0373 6576 Impcd - ok
16:48:49.0467 6576 IntcAzAudAddService (697c927e0de2abaf1a5f455033f687cd) C:\Windows\system32\drivers\RTKVHD64.sys
16:48:49.0561 6576 IntcAzAudAddService - ok
16:48:49.0592 6576 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:48:49.0608 6576 intelide - ok
16:48:49.0655 6576 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:48:49.0686 6576 intelppm - ok
16:48:49.0748 6576 iomahovb (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\iomahovb.sys
16:48:49.0764 6576 iomahovb - ok
16:48:49.0811 6576 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:48:49.0873 6576 IPBusEnum - ok
16:48:49.0920 6576 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:48:49.0967 6576 IpFilterDriver - ok
16:48:49.0998 6576 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
16:48:50.0076 6576 iphlpsvc - ok
16:48:50.0092 6576 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:48:50.0107 6576 IPMIDRV - ok
16:48:50.0138 6576 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:48:50.0185 6576 IPNAT - ok
16:48:50.0263 6576 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
16:48:50.0357 6576 iPod Service - ok
16:48:50.0388 6576 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:48:50.0419 6576 IRENUM - ok
16:48:50.0435 6576 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:48:50.0450 6576 isapnp - ok
16:48:50.0482 6576 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:48:50.0513 6576 iScsiPrt - ok
16:48:50.0561 6576 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:48:50.0592 6576 kbdclass - ok
16:48:50.0607 6576 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:48:50.0623 6576 kbdhid - ok
16:48:50.0670 6576 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:48:50.0685 6576 KeyIso - ok
16:48:50.0717 6576 kibsvsca (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\kibsvsca.sys
16:48:50.0732 6576 kibsvsca - ok
16:48:50.0763 6576 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
16:48:50.0795 6576 KSecDD - ok
16:48:50.0810 6576 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
16:48:50.0841 6576 KSecPkg - ok
16:48:50.0857 6576 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:48:50.0904 6576 ksthunk - ok
16:48:50.0951 6576 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:48:51.0029 6576 KtmRm - ok
16:48:51.0091 6576 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
16:48:51.0107 6576 L1C - ok
16:48:51.0153 6576 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
16:48:51.0231 6576 LanmanServer - ok
16:48:51.0278 6576 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
16:48:51.0341 6576 LanmanWorkstation - ok
16:48:51.0372 6576 lgoljdcl (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\lgoljdcl.sys
16:48:51.0387 6576 lgoljdcl - ok
16:48:51.0450 6576 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:48:51.0497 6576 lltdio - ok
16:48:51.0559 6576 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:48:51.0621 6576 lltdsvc - ok
16:48:51.0637 6576 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:48:51.0684 6576 lmhosts - ok
16:48:51.0762 6576 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:48:51.0824 6576 LMS - ok
16:48:51.0918 6576 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:48:51.0933 6576 LSI_FC - ok
16:48:51.0949 6576 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:48:51.0965 6576 LSI_SAS - ok
16:48:51.0980 6576 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:48:51.0996 6576 LSI_SAS2 - ok
16:48:52.0011 6576 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:48:52.0043 6576 LSI_SCSI - ok
16:48:52.0074 6576 ltsbhhmq (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\ltsbhhmq.sys
16:48:52.0089 6576 ltsbhhmq - ok
16:48:52.0121 6576 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:48:52.0167 6576 luafv - ok
16:48:52.0230 6576 MAUSBFASTTRACKPRO (066991e50a5cbbeefb2ec6880069cdb5) C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys
16:48:52.0245 6576 MAUSBFASTTRACKPRO - ok
16:48:52.0292 6576 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
16:48:52.0339 6576 Mcx2Svc - ok
16:48:52.0370 6576 mcztkowa (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\mcztkowa.sys
16:48:52.0386 6576 mcztkowa - ok
16:48:52.0417 6576 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:48:52.0433 6576 megasas - ok
16:48:52.0448 6576 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:48:52.0479 6576 MegaSR - ok
16:48:52.0542 6576 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:48:52.0604 6576 MMCSS - ok
16:48:52.0635 6576 mod7700 - ok
16:48:52.0651 6576 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:48:52.0698 6576 Modem - ok
16:48:52.0729 6576 MODRC (b677cc41e3d1c4640abece098ac2d4e3) C:\Windows\system32\DRIVERS\modrc.sys
16:48:52.0760 6576 MODRC - ok
16:48:52.0791 6576 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:48:52.0823 6576 monitor - ok
16:48:52.0869 6576 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:48:52.0885 6576 mouclass - ok
16:48:52.0932 6576 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:48:52.0947 6576 mouhid - ok
16:48:52.0979 6576 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:48:52.0994 6576 mountmgr - ok
16:48:53.0041 6576 mpewtqhe (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\mpewtqhe.sys
16:48:53.0057 6576 mpewtqhe - ok
16:48:53.0088 6576 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
16:48:53.0103 6576 MpFilter - ok
16:48:53.0135 6576 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:48:53.0150 6576 mpio - ok
16:48:53.0166 6576 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:48:53.0181 6576 MpNWMon - ok
16:48:53.0197 6576 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:48:53.0244 6576 mpsdrv - ok
16:48:53.0259 6576 mrldlmrd (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\mrldlmrd.sys
16:48:53.0275 6576 mrldlmrd - ok
16:48:53.0291 6576 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:48:53.0322 6576 MRxDAV - ok
16:48:53.0353 6576 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:48:53.0384 6576 mrxsmb - ok
16:48:53.0400 6576 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:48:53.0431 6576 mrxsmb10 - ok
16:48:53.0478 6576 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:48:53.0525 6576 mrxsmb20 - ok
16:48:53.0525 6576 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
16:48:53.0540 6576 msahci - ok
16:48:53.0556 6576 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:48:53.0587 6576 msdsm - ok
16:48:53.0618 6576 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:48:53.0649 6576 MSDTC - ok
16:48:53.0681 6576 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:48:53.0727 6576 Msfs - ok
16:48:53.0743 6576 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:48:53.0790 6576 mshidkmdf - ok
16:48:53.0821 6576 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:48:53.0837 6576 msisadrv - ok
16:48:53.0883 6576 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:48:53.0930 6576 MSiSCSI - ok
16:48:53.0946 6576 msiserver - ok
16:48:53.0993 6576 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:48:54.0024 6576 MSKSSRV - ok
16:48:54.0117 6576 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
16:48:54.0149 6576 MsMpSvc - ok
16:48:54.0164 6576 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:48:54.0227 6576 MSPCLOCK - ok
16:48:54.0242 6576 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:48:54.0305 6576 MSPQM - ok
16:48:54.0336 6576 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:48:54.0351 6576 MsRPC - ok
16:48:54.0398 6576 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:48:54.0429 6576 mssmbios - ok
16:48:54.0445 6576 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:48:54.0492 6576 MSTEE - ok
16:48:54.0507 6576 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:48:54.0523 6576 MTConfig - ok
16:48:54.0539 6576 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:48:54.0554 6576 Mup - ok
16:48:54.0585 6576 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
16:48:54.0663 6576 napagent - ok
16:48:54.0710 6576 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:48:54.0741 6576 NativeWifiP - ok
16:48:54.0788 6576 naxocvat (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\naxocvat.sys
16:48:54.0804 6576 naxocvat - ok
16:48:54.0866 6576 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:48:54.0913 6576 NDIS - ok
16:48:54.0929 6576 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:48:54.0975 6576 NdisCap - ok
16:48:54.0991 6576 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:48:55.0038 6576 NdisTapi - ok
16:48:55.0053 6576 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:48:55.0100 6576 Ndisuio - ok
16:48:55.0116 6576 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:48:55.0178 6576 NdisWan - ok
16:48:55.0194 6576 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:48:55.0241 6576 NDProxy - ok
16:48:55.0287 6576 nebjxrgz (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\nebjxrgz.sys
16:48:55.0303 6576 nebjxrgz - ok
16:48:55.0319 6576 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:48:55.0350 6576 NetBIOS - ok
16:48:55.0365 6576 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:48:55.0428 6576 NetBT - ok
16:48:55.0475 6576 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:48:55.0490 6576 Netlogon - ok
16:48:55.0553 6576 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:48:55.0631 6576 Netman - ok
16:48:55.0662 6576 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:48:55.0740 6576 netprofm - ok
16:48:55.0802 6576 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:48:55.0896 6576 NetTcpPortSharing - ok
16:48:56.0083 6576 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:48:56.0099 6576 nfrd960 - ok
16:48:56.0145 6576 nhbgmcbq (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\nhbgmcbq.sys
16:48:56.0161 6576 nhbgmcbq - ok
16:48:56.0208 6576 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:48:56.0239 6576 NisDrv - ok
16:48:56.0317 6576 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
16:48:56.0364 6576 NisSrv - ok
16:48:56.0426 6576 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
16:48:56.0504 6576 NlaSvc - ok
16:48:56.0567 6576 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:48:56.0629 6576 Npfs - ok
16:48:56.0691 6576 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:48:56.0769 6576 nsi - ok
16:48:56.0801 6576 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:48:56.0832 6576 nsiproxy - ok
16:48:56.0910 6576 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
16:48:57.0003 6576 Ntfs - ok
16:48:57.0035 6576 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:48:57.0081 6576 Null - ok
16:48:57.0128 6576 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
16:48:57.0159 6576 nvraid - ok
16:48:57.0191 6576 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
16:48:57.0206 6576 nvstor - ok
16:48:57.0222 6576 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:48:57.0237 6576 nv_agp - ok
16:48:57.0284 6576 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:48:57.0315 6576 ohci1394 - ok
16:48:57.0393 6576 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:48:57.0440 6576 ose - ok
16:48:57.0581 6576 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:48:57.0877 6576 osppsvc - ok
16:48:58.0002 6576 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:48:58.0049 6576 p2pimsvc - ok
16:48:58.0111 6576 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:48:58.0142 6576 p2psvc - ok
16:48:58.0220 6576 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:48:58.0236 6576 Parport - ok
16:48:58.0267 6576 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:48:58.0283 6576 partmgr - ok
16:48:58.0298 6576 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:48:58.0345 6576 PcaSvc - ok
16:48:58.0376 6576 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:48:58.0407 6576 pci - ok
16:48:58.0407 6576 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:48:58.0423 6576 pciide - ok
16:48:58.0454 6576 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:58.0470 6576 pcmcia - ok
16:48:58.0485 6576 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:48:58.0501 6576 pcw - ok
16:48:58.0532 6576 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:48:58.0610 6576 PEAUTH - ok
16:48:58.0704 6576 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:48:58.0735 6576 PerfHost - ok
16:48:58.0875 6576 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
16:48:59.0000 6576 pla - ok
16:48:59.0078 6576 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
16:48:59.0156 6576 PlugPlay - ok
16:48:59.0203 6576 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:48:59.0219 6576 PNRPAutoReg - ok
16:48:59.0265 6576 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:48:59.0297 6576 PNRPsvc - ok
16:48:59.0359 6576 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
16:48:59.0437 6576 PolicyAgent - ok
16:48:59.0484 6576 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:48:59.0546 6576 Power - ok
16:48:59.0624 6576 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:59.0671 6576 PptpMiniport - ok
16:48:59.0718 6576 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:48:59.0733 6576 Processor - ok
16:48:59.0780 6576 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
16:48:59.0889 6576 ProfSvc - ok
16:48:59.0921 6576 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:48:59.0952 6576 ProtectedStorage - ok
16:48:59.0983 6576 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:49:00.0045 6576 Psched - ok
16:49:00.0077 6576 pvwqefbh (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\pvwqefbh.sys
16:49:00.0108 6576 pvwqefbh - ok
16:49:00.0170 6576 pxcdcxnu (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\pxcdcxnu.sys
16:49:00.0186 6576 pxcdcxnu - ok
16:49:00.0233 6576 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:49:00.0248 6576 PxHlpa64 - ok
16:49:00.0311 6576 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:49:00.0389 6576 ql2300 - ok
16:49:00.0404 6576 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:49:00.0435 6576 ql40xx - ok
16:49:00.0467 6576 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:49:00.0513 6576 QWAVE - ok
16:49:00.0529 6576 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:49:00.0560 6576 QWAVEdrv - ok
16:49:00.0623 6576 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
16:49:00.0654 6576 RapiMgr - ok
16:49:00.0685 6576 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:49:00.0732 6576 RasAcd - ok
16:49:00.0779 6576 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:49:00.0841 6576 RasAgileVpn - ok
16:49:00.0872 6576 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:49:00.0950 6576 RasAuto - ok
16:49:01.0028 6576 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:49:01.0091 6576 Rasl2tp - ok
16:49:01.0122 6576 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
16:49:01.0184 6576 RasMan - ok
16:49:01.0200 6576 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:49:01.0262 6576 RasPppoe - ok
16:49:01.0309 6576 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:49:01.0356 6576 RasSstp - ok
16:49:01.0387 6576 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:49:01.0449 6576 rdbss - ok
16:49:01.0512 6576 RDID1045 (723d34d89b43f01f47b91b73b3c4ad26) C:\Windows\system32\Drivers\rdwm1045.sys
16:49:01.0574 6576 RDID1045 - ok
16:49:01.0605 6576 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:49:01.0621 6576 rdpbus - ok
16:49:01.0637 6576 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:49:01.0699 6576 RDPCDD - ok
16:49:01.0715 6576 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:49:01.0761 6576 RDPENCDD - ok
16:49:01.0777 6576 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:49:01.0824 6576 RDPREFMP - ok
16:49:01.0855 6576 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:49:01.0917 6576 RDPWD - ok
16:49:01.0964 6576 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:49:01.0980 6576 rdyboost - ok
16:49:02.0042 6576 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:49:02.0120 6576 RemoteAccess - ok
16:49:02.0136 6576 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:49:02.0214 6576 RemoteRegistry - ok
16:49:02.0261 6576 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:49:02.0307 6576 RFCOMM - ok
16:49:02.0339 6576 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:49:02.0401 6576 RpcEptMapper - ok
16:49:02.0432 6576 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:49:02.0448 6576 RpcLocator - ok
16:49:02.0495 6576 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
16:49:02.0557 6576 RpcSs - ok
16:49:02.0604 6576 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:49:02.0666 6576 rspndr - ok
16:49:02.0713 6576 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
16:49:02.0729 6576 RSUSBSTOR - ok
16:49:02.0775 6576 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:49:02.0791 6576 SamSs - ok
16:49:02.0807 6576 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:49:02.0838 6576 sbp2port - ok
16:49:02.0869 6576 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:49:02.0931 6576 SCardSvr - ok
16:49:02.0994 6576 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
16:49:03.0009 6576 SCDEmu - ok
16:49:03.0041 6576 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:49:03.0103 6576 scfilter - ok
16:49:03.0212 6576 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
16:49:03.0306 6576 Schedule - ok
16:49:03.0337 6576 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
16:49:03.0399 6576 SCPolicySvc - ok
16:49:03.0446 6576 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
16:49:03.0493 6576 SDRSVC - ok
16:49:03.0555 6576 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:49:03.0618 6576 secdrv - ok
16:49:03.0665 6576 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
16:49:03.0743 6576 seclogon - ok
16:49:03.0789 6576 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:49:03.0867 6576 SENS - ok
16:49:03.0930 6576 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:49:04.0039 6576 SensrSvc - ok
16:49:04.0086 6576 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:49:04.0117 6576 Serenum - ok
16:49:04.0164 6576 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:49:04.0195 6576 Serial - ok
16:49:04.0242 6576 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:49:04.0273 6576 sermouse - ok
16:49:04.0335 6576 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
16:49:04.0398 6576 SessionEnv - ok
16:49:04.0460 6576 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:49:04.0492 6576 sffdisk - ok
16:49:04.0523 6576 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:49:04.0538 6576 sffp_mmc - ok
16:49:04.0585 6576 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:49:04.0616 6576 sffp_sd - ok
16:49:04.0663 6576 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:49:04.0679 6576 sfloppy - ok
16:49:04.0757 6576 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
16:49:04.0804 6576 Sftfs - ok
16:49:04.0882 6576 sftlist (f821b6c5d3fd23e11cbb613f61c94c98) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:49:05.0022 6576 sftlist - ok
16:49:05.0069 6576 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:49:05.0100 6576 Sftplay - ok
16:49:05.0147 6576 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:49:05.0162 6576 Sftredir - ok
16:49:05.0209 6576 SftService (cf53dcce55e500f51089774e851e7363) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
16:49:05.0334 6576 SftService - ok
16:49:05.0381 6576 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
16:49:05.0396 6576 Sftvol - ok
16:49:05.0443 6576 sftvsa (db7213fcb2bc1b4f0c5cc5af344abcd0) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:49:05.0584 6576 sftvsa - ok
16:49:05.0646 6576 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:49:05.0708 6576 SharedAccess - ok
16:49:05.0802 6576 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
16:49:05.0864 6576 ShellHWDetection - ok
16:49:05.0958 6576 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:49:05.0974 6576 SiSRaid2 - ok
16:49:06.0020 6576 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:49:06.0052 6576 SiSRaid4 - ok
16:49:06.0114 6576 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:49:06.0192 6576 Smb - ok
16:49:06.0239 6576 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:49:06.0286 6576 SNMPTRAP - ok
16:49:06.0317 6576 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:49:06.0348 6576 spldr - ok
16:49:06.0395 6576 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
16:49:06.0520 6576 Spooler - ok
16:49:06.0629 6576 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
16:49:06.0894 6576 sppsvc - ok
16:49:06.0941 6576 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:49:07.0034 6576 sppuinotify - ok
16:49:07.0081 6576 sprtsvc_DellComms (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
16:49:07.0206 6576 sprtsvc_DellComms - ok
16:49:07.0253 6576 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
16:49:07.0378 6576 sprtsvc_DellSupportCenter - ok
16:49:07.0440 6576 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
16:49:07.0487 6576 srv - ok
16:49:07.0549 6576 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
16:49:07.0580 6576 srv2 - ok
16:49:07.0643 6576 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
16:49:07.0674 6576 srvnet - ok
16:49:07.0814 6576 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:49:07.0877 6576 SSDPSRV - ok
16:49:07.0970 6576 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:49:08.0641 6576 SstpSvc - ok
16:49:08.0813 6576 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:49:08.0828 6576 stexstor - ok
16:49:08.0922 6576 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:49:08.0953 6576 StillCam - ok
16:49:09.0016 6576 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
16:49:09.0078 6576 stisvc - ok
16:49:09.0140 6576 stxrlnaz (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\stxrlnaz.sys
16:49:09.0156 6576 stxrlnaz - ok
16:49:09.0218 6576 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:49:09.0234 6576 swenum - ok
16:49:09.0296 6576 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:49:09.0374 6576 swprv - ok
16:49:09.0437 6576 sxmgttpv (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\sxmgttpv.sys
16:49:09.0468 6576 sxmgttpv - ok
16:49:09.0530 6576 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
16:49:09.0562 6576 SynTP - ok
16:49:09.0640 6576 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
16:49:09.0764 6576 SysMain - ok
16:49:09.0811 6576 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
16:49:09.0858 6576 TabletInputService - ok
16:49:09.0905 6576 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
16:49:09.0983 6576 TapiSrv - ok
16:49:10.0014 6576 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:49:10.0092 6576 TBS - ok
16:49:10.0170 6576 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
16:49:10.0264 6576 Tcpip - ok
16:49:10.0342 6576 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
16:49:10.0420 6576 TCPIP6 - ok
16:49:10.0466 6576 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:49:10.0513 6576 tcpipreg - ok
16:49:10.0544 6576 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:49:10.0607 6576 TDPIPE - ok
16:49:10.0622 6576 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:49:10.0669 6576 TDTCP - ok
16:49:10.0700 6576 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:49:10.0747 6576 tdx - ok
16:49:10.0794 6576 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:49:10.0841 6576 TermDD - ok
16:49:10.0888 6576 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
16:49:10.0981 6576 TermService - ok
16:49:11.0028 6576 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:49:11.0137 6576 Themes - ok
16:49:11.0200 6576 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:49:11.0246 6576 THREADORDER - ok
16:49:11.0309 6576 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:49:11.0371 6576 TrkWks - ok
16:49:11.0418 6576 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
16:49:11.0465 6576 TrustedInstaller - ok
16:49:11.0543 6576 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:49:11.0605 6576 tssecsrv - ok
16:49:11.0668 6576 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:49:11.0714 6576 tunnel - ok
16:49:11.0761 6576 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
16:49:11.0792 6576 TurboB - ok
16:49:11.0839 6576 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
16:49:11.0870 6576 TurboBoost - ok
16:49:11.0902 6576 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:49:11.0917 6576 uagp35 - ok
16:49:11.0964 6576 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
16:49:12.0026 6576 udfs - ok
16:49:12.0073 6576 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:49:12.0104 6576 UI0Detect - ok
16:49:12.0136 6576 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:49:12.0167 6576 uliagpkx - ok
16:49:12.0198 6576 ulyfgxxk (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\ulyfgxxk.sys
16:49:12.0214 6576 ulyfgxxk - ok
16:49:12.0276 6576 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:49:12.0307 6576 umbus - ok
16:49:12.0323 6576 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:49:12.0354 6576 UmPass - ok
16:49:12.0479 6576 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:49:12.0713 6576 UNS - ok
16:49:12.0775 6576 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:49:12.0838 6576 upnphost - ok
16:49:12.0916 6576 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:49:12.0947 6576 USBAAPL64 - ok
16:49:12.0994 6576 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
16:49:13.0025 6576 usbccgp - ok
16:49:13.0087 6576 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:49:13.0118 6576 usbcir - ok
16:49:13.0181 6576 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
16:49:13.0196 6576 usbehci - ok
16:49:13.0259 6576 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
16:49:13.0290 6576 usbhub - ok
16:49:13.0321 6576 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:49:13.0337 6576 usbohci - ok
16:49:13.0399 6576 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:49:13.0415 6576 usbprint - ok
16:49:13.0462 6576 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:49:13.0477 6576 USBSTOR - ok
16:49:13.0555 6576 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:49:13.0571 6576 usbuhci - ok
16:49:13.0633 6576 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
16:49:13.0664 6576 usbvideo - ok
16:49:13.0758 6576 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
16:49:13.0774 6576 usb_rndisx - ok
16:49:13.0836 6576 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:49:13.0914 6576 UxSms - ok
16:49:13.0961 6576 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:49:13.0992 6576 VaultSvc - ok
16:49:14.0039 6576 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:49:14.0070 6576 vdrvroot - ok
16:49:14.0117 6576 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
16:49:14.0179 6576 vds - ok
16:49:14.0226 6576 vfcxhtnk (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\vfcxhtnk.sys
16:49:14.0257 6576 vfcxhtnk - ok
16:49:14.0320 6576 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:49:14.0351 6576 vga - ok
16:49:14.0398 6576 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:49:14.0460 6576 VgaSave - ok
16:49:14.0491 6576 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:49:14.0507 6576 vhdmp - ok
16:49:14.0538 6576 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:49:14.0554 6576 viaide - ok
16:49:14.0600 6576 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:49:14.0616 6576 volmgr - ok
16:49:14.0663 6576 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:49:14.0678 6576 volmgrx - ok
16:49:14.0725 6576 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:49:14.0756 6576 volsnap - ok
16:49:14.0788 6576 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:49:14.0819 6576 vsmraid - ok
16:49:14.0897 6576 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
16:49:14.0975 6576 VSS - ok
16:49:15.0022 6576 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:49:15.0068 6576 vwifibus - ok
16:49:15.0100 6576 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:49:15.0131 6576 vwififlt - ok
16:49:15.0178 6576 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:49:15.0224 6576 vwifimp - ok
16:49:15.0256 6576 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:49:15.0318 6576 W32Time - ok
16:49:15.0365 6576 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:49:15.0396 6576 WacomPen - ok
16:49:15.0458 6576 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0521 6576 WANARP - ok
16:49:15.0521 6576 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0568 6576 Wanarpv6 - ok
16:49:15.0661 6576 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:49:15.0926 6576 WatAdminSvc - ok
16:49:15.0989 6576 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
16:49:16.0129 6576 wbengine - ok
16:49:16.0176 6576 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:49:16.0223 6576 WbioSrvc - ok
16:49:16.0301 6576 wcbqvsgk (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\wcbqvsgk.sys
16:49:16.0316 6576 wcbqvsgk - ok
16:49:16.0394 6576 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
16:49:16.0426 6576 WcesComm - ok
16:49:16.0488 6576 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
16:49:16.0535 6576 wcncsvc - ok
16:49:16.0582 6576 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:49:16.0628 6576 WcsPlugInService - ok
16:49:16.0675 6576 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:49:16.0706 6576 Wd - ok
16:49:16.0738 6576 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:49:16.0784 6576 Wdf01000 - ok
16:49:16.0831 6576 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:49:16.0878 6576 WdiServiceHost - ok
16:49:16.0894 6576 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:49:16.0925 6576 WdiSystemHost - ok
16:49:16.0987 6576 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
16:49:17.0034 6576 WebClient - ok
16:49:17.0081 6576 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:49:17.0143 6576 Wecsvc - ok
16:49:17.0190 6576 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:49:17.0252 6576 wercplsupport - ok
16:49:17.0299 6576 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:49:17.0362 6576 WerSvc - ok
16:49:17.0424 6576 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:49:17.0471 6576 WfpLwf - ok
16:49:17.0549 6576 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:49:17.0580 6576 WimFltr - ok
16:49:17.0596 6576 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:49:17.0642 6576 WIMMount - ok
16:49:17.0705 6576 WinDefend - ok
16:49:17.0705 6576 WinHttpAutoProxySvc - ok
16:49:17.0783 6576 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:49:17.0845 6576 Winmgmt - ok
16:49:17.0939 6576 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
16:49:18.0064 6576 WinRM - ok
16:49:18.0173 6576 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
16:49:18.0235 6576 WinUsb - ok
16:49:18.0329 6576 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:49:18.0376 6576 Wlansvc - ok
16:49:18.0438 6576 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:49:18.0454 6576 WmiAcpi - ok
16:49:18.0547 6576 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:49:18.0594 6576 wmiApSrv - ok
16:49:18.0656 6576 WMPNetworkSvc - ok
16:49:18.0719 6576 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:49:18.0766 6576 WPCSvc - ok
16:49:18.0812 6576 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
16:49:18.0859 6576 WPDBusEnum - ok
16:49:18.0922 6576 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:49:18.0968 6576 ws2ifsl - ok
16:49:19.0046 6576 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
16:49:19.0093 6576 wscsvc - ok
16:49:19.0171 6576 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:49:19.0202 6576 WSDPrintDevice - ok
16:49:19.0218 6576 WSearch - ok
16:49:19.0312 6576 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
16:49:19.0436 6576 wuauserv - ok
16:49:19.0499 6576 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
16:49:19.0530 6576 WudfPf - ok
16:49:19.0592 6576 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:49:19.0639 6576 WUDFRd - ok
16:49:19.0702 6576 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
16:49:19.0717 6576 wudfsvc - ok
16:49:19.0780 6576 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:49:19.0811 6576 WwanSvc - ok
16:49:19.0858 6576 wxurkrxl (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\wxurkrxl.sys
16:49:19.0873 6576 wxurkrxl - ok
16:49:19.0951 6576 xavxonog (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\xavxonog.sys
16:49:19.0967 6576 xavxonog - ok
16:49:20.0014 6576 xawmdunk (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\xawmdunk.sys
16:49:20.0029 6576 xawmdunk - ok
16:49:20.0076 6576 xeqvvqju (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\xeqvvqju.sys
16:49:20.0092 6576 xeqvvqju - ok
16:49:20.0185 6576 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:49:20.0419 6576 YahooAUService - ok
16:49:20.0544 6576 yfchlisv (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\yfchlisv.sys
16:49:20.0560 6576 yfchlisv - ok
16:49:20.0638 6576 ykmotyro (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\ykmotyro.sys
16:49:20.0653 6576 ykmotyro - ok
16:49:20.0684 6576 zbhtdojh (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\zbhtdojh.sys
16:49:20.0700 6576 zbhtdojh - ok
16:49:20.0747 6576 zdfwszss (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\zdfwszss.sys
16:49:20.0762 6576 zdfwszss - ok
16:49:20.0794 6576 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:49:21.0043 6576 \Device\Harddisk0\DR0 - ok
16:49:21.0059 6576 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:49:21.0277 6576 \Device\Harddisk1\DR1 - ok
16:49:21.0277 6576 Boot (0x1200) (836dccc9841d3bd1ada993f80295c293) \Device\Harddisk0\DR0\Partition0
16:49:21.0277 6576 \Device\Harddisk0\DR0\Partition0 - ok
16:49:21.0293 6576 Boot (0x1200) (11e23f7817304f96c37801ecc3ad08fc) \Device\Harddisk0\DR0\Partition1
16:49:21.0293 6576 \Device\Harddisk0\DR0\Partition1 - ok
16:49:21.0308 6576 Boot (0x1200) (84cb68820c2b65c1971168b7b9da5dd7) \Device\Harddisk0\DR0\Partition2
16:49:21.0308 6576 \Device\Harddisk0\DR0\Partition2 - ok
16:49:21.0324 6576 Boot (0x1200) (aba52a99109f20d5c20371b48dac1025) \Device\Harddisk1\DR1\Partition0
16:49:21.0324 6576 \Device\Harddisk1\DR1\Partition0 - ok
16:49:21.0324 6576 ============================================================
16:49:21.0324 6576 Scan finished
16:49:21.0324 6576 ============================================================
16:49:21.0324 6068 Detected object count: 3
16:49:21.0324 6068 Actual detected object count: 3
16:50:02.0633 6068 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:02.0633 6068 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:02.0633 6068 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:02.0633 6068 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:02.0633 6068 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:02.0633 6068 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

3)________________________________________________________________________________

Farbar Service Scanner Version: 01-03-2012
Ran by DELL (administrator) on 03-04-2012 at 16:52:16
Running from "C:\Users\DELL\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 10:09] - [2009-07-14 11:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 09:36] - [2009-07-14 11:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-14 10:36] - [2009-07-14 11:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

4)________________________________________________________________________________

OTL logfile created on: 4/3/2012 4:55:08 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\DELL\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 44.67% Memory free
7.73 Gb Paging File | 5.43 Gb Available in Paging File | 70.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 225.51 Gb Total Space | 115.05 Gb Free Space | 51.02% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 225.50 Gb Total Space | 100.97 Gb Free Space | 44.78% Space Free | Partition Type: NTFS
Drive H: | 7.45 Gb Total Space | 1.01 Gb Free Space | 13.59% Space Free | Partition Type: FAT32

Computer Name: DELL-PC | User Name: DELL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/03 16:53:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\DELL\Desktop\OTL.exe
PRC - [2012/03/23 11:08:46 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/22 04:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 01:06:42 | 000,511,448 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
PRC - [2010/06/10 10:16:26 | 000,226,576 | ---- | M] (PCTV Systems S.à r.l.) -- C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe
PRC - [2010/05/22 02:58:30 | 000,673,088 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/05/20 21:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 21:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/04/24 03:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 03:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/04/12 18:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2010/02/21 22:52:32 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010/02/21 22:52:32 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/02/21 22:52:00 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2010/02/10 04:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/15 18:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/10/15 18:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/10/01 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/27 19:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/07/14 11:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/07/02 09:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/06/25 07:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/10 00:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 23:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 23:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/05 20:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
PRC - [2009/05/05 20:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
PRC - [2009/02/24 15:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/23 11:08:47 | 001,014,744 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/16 13:16:19 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\94eb4ca06f43edf88bbdecd3729657d5\System.Management.ni.dll
MOD - [2011/04/16 11:06:46 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f9fe5fb8add34a7107252b0cc957180f\System.Web.Services.ni.dll
MOD - [2011/04/16 11:06:18 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4ea95056046fdf87f06ae807308b627\System.Windows.Forms.ni.dll
MOD - [2011/04/16 11:06:13 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2a34e74599686e7383ae90670a994cdf\System.Drawing.ni.dll
MOD - [2011/04/16 11:05:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\167c8c3817ba1f48fe7396cc56f557e3\System.Xml.ni.dll
MOD - [2011/04/16 11:05:54 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\50c67f851ae3df2d0ab7d86fd1c5c7e0\System.ni.dll
MOD - [2011/04/16 11:05:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9d054fc9618b81d5703af1662cd11135\System.Configuration.ni.dll
MOD - [2011/04/16 11:05:49 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ebdaeaeb9f66c9035b5f11431f10cda4\mscorlib.ni.dll
MOD - [2011/03/22 04:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/22 04:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/25 01:06:44 | 000,161,240 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/02/25 01:06:44 | 000,047,576 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/02/25 01:06:34 | 007,508,480 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtGui4.dll
MOD - [2011/02/25 01:06:34 | 002,101,760 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtCore4.dll
MOD - [2011/02/25 01:06:34 | 000,911,872 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll
MOD - [2011/02/25 01:06:34 | 000,334,848 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXml4.dll
MOD - [2010/06/01 07:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/05/04 12:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/02/21 22:53:28 | 000,089,416 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2010/02/21 22:52:36 | 000,059,208 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2010/02/21 22:51:24 | 000,247,624 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2010/02/10 04:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/10 04:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/10 04:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/10 04:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/10 04:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/10 04:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/11/25 16:33:36 | 000,517,632 | ---- | M] () -- C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\q4u1iziz.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll
MOD - [2009/10/15 18:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
MOD - [2009/10/15 18:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/10/15 18:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
MOD - [2009/09/28 15:52:34 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2009/07/14 11:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/14 11:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/02/28 03:56:34 | 000,016,768 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/01/23 04:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/18 12:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/03 03:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 09:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/10 00:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/03/31 22:31:14 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/02/16 10:51:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/15 13:03:25 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/05/22 02:58:30 | 000,673,088 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/04/24 03:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 03:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/21 22:52:00 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2009/10/01 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/10/01 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/08/27 19:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 23:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/05 20:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms)
SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/07 13:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/05/31 19:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 19:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/03 16:48:09 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mrldlmrd.sys -- (mrldlmrd)
DRV:64bit: - [2012/04/03 16:42:24 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\wcbqvsgk.sys -- (wcbqvsgk)
DRV:64bit: - [2012/04/03 16:25:52 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\stxrlnaz.sys -- (stxrlnaz)
DRV:64bit: - [2012/04/03 16:09:50 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ccohifqb.sys -- (ccohifqb)
DRV:64bit: - [2012/04/03 15:54:31 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\yfchlisv.sys -- (yfchlisv)
DRV:64bit: - [2012/04/03 15:40:51 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\zbhtdojh.sys -- (zbhtdojh)
DRV:64bit: - [2012/04/03 15:37:10 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\kibsvsca.sys -- (kibsvsca)
DRV:64bit: - [2012/04/03 15:21:52 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\gzeitjbe.sys -- (gzeitjbe)
DRV:64bit: - [2012/04/03 14:56:14 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dxobwnrs.sys -- (dxobwnrs)
DRV:64bit: - [2012/04/03 14:49:42 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\zdfwszss.sys -- (zdfwszss)
DRV:64bit: - [2012/04/03 14:34:12 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\lgoljdcl.sys -- (lgoljdcl)
DRV:64bit: - [2012/04/03 14:17:40 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dosyrptt.sys -- (dosyrptt)
DRV:64bit: - [2012/04/03 14:01:39 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fbmwuhdo.sys -- (fbmwuhdo)
DRV:64bit: - [2012/04/03 13:45:37 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\xawmdunk.sys -- (xawmdunk)
DRV:64bit: - [2012/04/03 13:29:37 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vfcxhtnk.sys -- (vfcxhtnk)
DRV:64bit: - [2012/04/03 13:13:34 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ltsbhhmq.sys -- (ltsbhhmq)
DRV:64bit: - [2012/04/03 12:57:33 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\iamzfvbz.sys -- (iamzfvbz)
DRV:64bit: - [2012/04/03 12:41:31 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\pvwqefbh.sys -- (pvwqefbh)
DRV:64bit: - [2012/04/03 12:25:59 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\wxurkrxl.sys -- (wxurkrxl)
DRV:64bit: - [2012/04/03 12:09:29 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\xeqvvqju.sys -- (xeqvvqju)
DRV:64bit: - [2012/04/03 11:53:33 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\iomahovb.sys -- (iomahovb)
DRV:64bit: - [2012/04/03 11:37:27 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ulyfgxxk.sys -- (ulyfgxxk)
DRV:64bit: - [2012/04/03 11:21:26 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mpewtqhe.sys -- (mpewtqhe)
DRV:64bit: - [2012/04/03 11:05:22 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\nebjxrgz.sys -- (nebjxrgz)
DRV:64bit: - [2012/04/03 10:49:22 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\haccagoe.sys -- (haccagoe)
DRV:64bit: - [2012/04/03 10:33:03 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\nhbgmcbq.sys -- (nhbgmcbq)
DRV:64bit: - [2012/04/03 10:17:54 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mcztkowa.sys -- (mcztkowa)
DRV:64bit: - [2012/04/03 10:01:19 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\naxocvat.sys -- (naxocvat)
DRV:64bit: - [2012/04/03 09:45:17 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ykmotyro.sys -- (ykmotyro)
DRV:64bit: - [2012/04/03 09:29:16 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\xavxonog.sys -- (xavxonog)
DRV:64bit: - [2012/04/03 09:15:09 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\pxcdcxnu.sys -- (pxcdcxnu)
DRV:64bit: - [2012/04/03 09:04:19 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aibhmzzd.sys -- (aibhmzzd)
DRV:64bit: - [2012/04/03 08:47:59 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\eicjognu.sys -- (eicjognu)
DRV:64bit: - [2012/04/03 08:41:14 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\hyefoczi.sys -- (hyefoczi)
DRV:64bit: - [2012/04/03 08:28:30 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\abmnwrxl.sys -- (abmnwrxl)
DRV:64bit: - [2012/04/03 08:16:39 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\sxmgttpv.sys -- (sxmgttpv)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/12/07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/07/13 04:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/02 13:33:42 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/05/08 05:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/07 20:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/24 03:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 03:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 03:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 03:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/04/23 13:23:30 | 000,026,440 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modrc.sys -- (MODRC)
DRV:64bit: - [2010/04/12 18:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/04 13:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 23:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/03 08:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/01/23 04:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/23 03:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/12/23 03:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/03 03:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/27 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/21 17:16:54 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/10/01 03:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/18 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/18 01:14:00 | 000,081,920 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1045.sys -- (RDID1045)
DRV:64bit: - [2009/09/10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/08/24 10:14:30 | 000,054,784 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\azvusb.sys -- (azvusb)
DRV:64bit: - [2009/07/14 11:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 11:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 11:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 10:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 10:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/03 16:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/03 16:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/03 16:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/03 16:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/16 04:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 10:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/25 10:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/02 03:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {695840CD-BD42-45FD-89F0-F44EE784C67F}
IE:64bit: - HKLM\..\SearchScopes\{695840CD-BD42-45FD-89F0-F44EE784C67F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9664A9F3-4087-4A27-B876-8374CF73A9D2}
IE - HKLM\..\SearchScopes\{9664A9F3-4087-4A27-B876-8374CF73A9D2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1635418107-2633849355-2390042986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
IE - HKU\S-1-5-21-1635418107-2633849355-2390042986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1635418107-2633849355-2390042986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com.au/
IE - HKU\S-1-5-21-1635418107-2633849355-2390042986-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1635418107-2633849355-2390042986-1000\..\SearchScopes,DefaultScope = {9664A9F3-4087-4A27-B876-8374CF73A9D2}
IE - HKU\S-1-5-21-1635418107-2633849355-2390042986-1000\..\SearchScopes\{5F3BEBD5-F6C6-A4B8-EDD2-A6F5F61813A8}: "URL" = http://www.buzqo.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-401-0-...
IE - HKU\S-1-5-21-1635418107-2633849355-2390042986-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1635418107-2633849355-2390042986-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1635418107-2633849355-2390042986-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 222.127.106.89:3128

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: capturefoxmovie@advancity.net:0.7.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/05/27 18:30:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/05/27 18:30:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/23 11:08:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/03 15:41:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/25 17:18:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/12/25 17:18:52 | 000,000,000 | ---D | M]

[2011/03/07 17:11:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DELL\AppData\Roaming\Mozilla\Extensions
[2011/03/07 17:11:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DELL\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/03 15:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\q4u1iziz.default\extensions
[2011/01/31 18:10:16 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\q4u1iziz.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011/11/26 16:44:42 | 000,000,000 | ---D | M] (Capture Fox) -- C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\q4u1iziz.default\extensions\capturefoxmovie@advancity.net
[2011/06/28 11:14:41 | 000,001,735 | ---- | M] () -- C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\q4u1iziz.default\searchplugins\ask.uk.xml
[2012/04/03 15:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/03 15:41:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/05/27 18:30:53 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/05/27 18:30:54 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2012/04/03 15:41:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\DELL\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\Trayserver_EN.exe (MAGIX AG)
O4 - HKU\S-1-5-21-1635418107-2633849355-2390042986-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1635418107-2633849355-2390042986-1000..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-1635418107-2633849355-2390042986-1000..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe (PCTV Systems S.à r.l.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1635418107-2633849355-2390042986-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Download All By FlashGet3 - C:\Users\DELL\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download By FlashGet3 - C:\Users\DELL\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\DELL\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download By FlashGet3 - C:\Users\DELL\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1635418107-2633849355-2390042986-1000\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6D3D7A6-8613-4238-AC06-2BF711AB1E5F}: DhcpNameServer = 10.1.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/16 10:50:10 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{77a6cd79-f489-11e0-9d52-f04da2467924}\Shell - "" = AutoRun
O33 - MountPoints2\{77a6cd79-f489-11e0-9d52-f04da2467924}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{77a6cd7e-f489-11e0-9d52-f04da2467924}\Shell - "" = AutoRun
O33 - MountPoints2\{77a6cd7e-f489-11e0-9d52-f04da2467924}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpReg: mcui_exe - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS -
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS -
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {190120A2-7455-5009-252A-E5C73B95D94B} - Internet Explorer
ActiveX: {1E4FB9DC-AC10-1FCB-2745-D07E4871F39A} - Browser Customizations
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {516A70F5-E41F-6E82-07FE-68C896CD696D} - Microsoft Windows Media Player
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D1A10127-2727-B050-F63C-DC0744AB953A} - Browser Customizations
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FE426412-23BA-8CBC-F249-D4DB965FD164} - Microsoft Windows Media Player 12.0
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/03 16:53:40 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\DELL\Desktop\OTL.exe
[2012/04/03 16:48:09 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mrldlmrd.sys
[2012/04/03 16:42:24 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wcbqvsgk.sys
[2012/04/03 16:25:52 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stxrlnaz.sys
[2012/04/03 16:09:50 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ccohifqb.sys
[2012/04/03 15:54:31 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\yfchlisv.sys
[2012/04/03 15:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/03 15:41:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/03 15:41:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/03 15:41:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/03 15:40:50 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zbhtdojh.sys
[2012/04/03 15:37:09 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\kibsvsca.sys
[2012/04/03 15:21:52 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\gzeitjbe.sys
[2012/04/03 15:14:48 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\DELL\Desktop\aswMBR.exe
[2012/04/03 14:56:14 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxobwnrs.sys
[2012/04/03 14:49:42 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zdfwszss.sys
[2012/04/03 14:34:12 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\lgoljdcl.sys
[2012/04/03 14:17:40 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dosyrptt.sys
[2012/04/03 14:01:39 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fbmwuhdo.sys
[2012/04/03 13:45:37 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xawmdunk.sys
[2012/04/03 13:29:37 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vfcxhtnk.sys
[2012/04/03 13:13:34 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ltsbhhmq.sys
[2012/04/03 12:57:33 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\iamzfvbz.sys
[2012/04/03 12:41:31 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pvwqefbh.sys
[2012/04/03 12:25:59 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wxurkrxl.sys
[2012/04/03 12:09:29 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xeqvvqju.sys
[2012/04/03 11:53:33 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\iomahovb.sys
[2012/04/03 11:37:27 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ulyfgxxk.sys
[2012/04/03 11:21:26 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mpewtqhe.sys
[2012/04/03 11:05:22 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nebjxrgz.sys
[2012/04/03 10:49:22 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\haccagoe.sys
[2012/04/03 10:35:43 | 002,068,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\DELL\Desktop\TDSSKiller.exe
[2012/04/03 10:33:03 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nhbgmcbq.sys
[2012/04/03 10:17:53 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mcztkowa.sys
[2012/04/03 10:01:19 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\naxocvat.sys
[2012/04/03 09:45:17 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ykmotyro.sys
[2012/04/03 09:29:16 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xavxonog.sys
[2012/04/03 09:15:09 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pxcdcxnu.sys
[2012/04/03 09:04:19 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\aibhmzzd.sys
[2012/04/03 09:02:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\DELL\Desktop\dds.scr
[2012/04/03 08:47:59 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\eicjognu.sys
[2012/04/03 08:41:14 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hyefoczi.sys
[2012/04/03 08:28:30 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\abmnwrxl.sys
[2012/04/03 08:16:39 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sxmgttpv.sys
[2012/04/02 22:35:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/02 15:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/02 15:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/04/02 15:56:49 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/04/02 15:29:20 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/04/01 10:31:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/01 10:31:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/01 10:31:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/01 10:30:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/01 10:30:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/01 10:30:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/01 10:28:56 | 004,452,445 | R--- | C] (Swearware) -- C:\Users\DELL\Desktop\ComboFix.exe
[2012/03/31 22:31:11 | 008,738,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/03/31 21:34:53 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/31 21:34:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/13 18:51:50 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\Malwarebytes
[2012/03/13 18:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/13 18:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/13 18:51:38 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/13 18:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2012/04/03 16:53:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\DELL\Desktop\OTL.exe
[2012/04/03 16:49:07 | 000,337,137 | ---- | M] () -- C:\Users\DELL\Desktop\FSS.exe
[2012/04/03 16:48:09 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mrldlmrd.sys
[2012/04/03 16:42:24 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wcbqvsgk.sys
[2012/04/03 16:29:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/03 16:25:52 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stxrlnaz.sys
[2012/04/03 16:09:50 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ccohifqb.sys
[2012/04/03 16:08:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/03 15:59:39 | 000,000,577 | ---- | M] () -- C:\Users\DELL\Desktop\MBR.zip
[2012/04/03 15:55:49 | 000,000,512 | ---- | M] () -- C:\Users\DELL\Desktop\MBR.dat
[2012/04/03 15:54:31 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\yfchlisv.sys
[2012/04/03 15:41:37 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/03 15:41:37 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/03 15:41:37 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/03 15:41:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/03 15:40:51 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zbhtdojh.sys
[2012/04/03 15:37:10 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\kibsvsca.sys
[2012/04/03 15:21:52 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\gzeitjbe.sys
[2012/04/03 15:15:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\DELL\Desktop\aswMBR.exe
[2012/04/03 14:56:14 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxobwnrs.sys
[2012/04/03 14:55:41 | 000,302,592 | ---- | M] () -- C:\Users\DELL\Desktop\8vfwurs2.exe
[2012/04/03 14:49:42 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zdfwszss.sys
[2012/04/03 14:34:12 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\lgoljdcl.sys
[2012/04/03 14:17:40 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dosyrptt.sys
[2012/04/03 14:01:39 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fbmwuhdo.sys
[2012/04/03 13:45:37 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xawmdunk.sys
[2012/04/03 13:29:37 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vfcxhtnk.sys
[2012/04/03 13:13:34 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ltsbhhmq.sys
[2012/04/03 12:57:33 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\iamzfvbz.sys
[2012/04/03 12:41:31 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pvwqefbh.sys
[2012/04/03 12:25:59 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wxurkrxl.sys
[2012/04/03 12:09:29 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xeqvvqju.sys
[2012/04/03 11:53:33 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\iomahovb.sys
[2012/04/03 11:37:27 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ulyfgxxk.sys
[2012/04/03 11:21:26 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mpewtqhe.sys
[2012/04/03 11:05:22 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nebjxrgz.sys
[2012/04/03 10:49:22 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\haccagoe.sys
[2012/04/03 10:33:03 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nhbgmcbq.sys
[2012/04/03 10:17:54 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mcztkowa.sys
[2012/04/03 10:01:19 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\naxocvat.sys
[2012/04/03 09:45:17 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ykmotyro.sys
[2012/04/03 09:29:16 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xavxonog.sys
[2012/04/03 09:15:09 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pxcdcxnu.sys
[2012/04/03 09:04:19 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\aibhmzzd.sys
[2012/04/03 09:02:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\DELL\Desktop\dds.scr
[2012/04/03 08:51:38 | 000,730,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/03 08:51:38 | 000,626,722 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/03 08:51:38 | 000,107,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/03 08:47:59 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\eicjognu.sys
[2012/04/03 08:41:14 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hyefoczi.sys
[2012/04/03 08:28:30 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\abmnwrxl.sys
[2012/04/03 08:16:39 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sxmgttpv.sys
[2012/04/03 08:05:41 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 08:05:41 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 07:58:54 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/04/03 07:58:24 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/03 07:57:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/03 07:57:36 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/02 22:32:16 | 002,048,824 | ---- | M] () -- C:\Users\DELL\Desktop\tdsskiller.zip
[2012/04/02 15:57:22 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/02 15:57:11 | 000,744,400 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/02 10:34:54 | 002,068,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\DELL\Desktop\TDSSKiller.exe
[2012/04/01 10:28:56 | 004,452,445 | R--- | M] (Swearware) -- C:\Users\DELL\Desktop\ComboFix.exe
[2012/03/31 22:31:14 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/31 22:31:14 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/31 22:31:11 | 008,738,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/03/13 20:07:50 | 000,000,134 | ---- | M] () -- C:\hosts-perm.bat
[2012/03/13 18:51:39 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/13 18:45:39 | 000,000,307 | ---- | M] () -- C:\Users\DELL\Desktop\iExplore - Shortcut.lnk
[2012/03/13 18:44:58 | 001,008,141 | ---- | M] () -- C:\Users\DELL\Desktop\iExplore.exe

========== Files Created - No Company Name ==========

[2012/04/03 16:48:58 | 000,337,137 | ---- | C] () -- C:\Users\DELL\Desktop\FSS.exe
[2012/04/03 15:59:39 | 000,000,577 | ---- | C] () -- C:\Users\DELL\Desktop\MBR.zip
[2012/04/03 15:55:49 | 000,000,512 | ---- | C] () -- C:\Users\DELL\Desktop\MBR.dat
[2012/04/03 14:55:31 | 000,302,592 | ---- | C] () -- C:\Users\DELL\Desktop\8vfwurs2.exe
[2012/04/02 22:31:59 | 002,048,824 | ---- | C] () -- C:\Users\DELL\Desktop\tdsskiller.zip
[2012/04/02 15:57:22 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/04/02 15:57:05 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/01 10:31:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/01 10:31:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/01 10:31:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/01 10:31:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/01 10:31:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/31 21:34:53 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 20:33:16 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/03/13 20:07:50 | 000,000,134 | ---- | C] () -- C:\hosts-perm.bat
[2012/03/13 18:51:39 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/13 18:45:39 | 000,000,307 | ---- | C] () -- C:\Users\DELL\Desktop\iExplore - Shortcut.lnk
[2012/03/13 18:44:45 | 001,008,141 | ---- | C] () -- C:\Users\DELL\Desktop\iExplore.exe
[2012/03/02 17:19:50 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2012/03/02 17:18:59 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011/11/14 16:29:32 | 000,271,872 | ---- | C] () -- C:\Windows\SysWow64\PWContextMenu.dll
[2011/11/14 16:29:32 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll
[2011/11/14 16:29:32 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\glut.dll
[2011/07/23 15:42:57 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2011/06/27 10:26:59 | 006,475,776 | ---- | C] () -- C:\Windows\SysWow64\PSP VintageWarmer2.dll
[2011/06/19 13:09:38 | 000,000,257 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/06/19 13:09:38 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/06/19 13:09:20 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/06/19 13:09:20 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/06/19 13:08:51 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/06/19 13:08:51 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/06/19 13:08:51 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/06/19 13:06:24 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/06/02 14:36:20 | 000,510,976 | ---- | C] () -- C:\Windows\SysWow64\synsoacc.dll
[2011/04/28 08:10:12 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2011/03/25 14:37:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/03 16:30:58 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll
[2011/01/31 18:16:20 | 000,007,607 | ---- | C] () -- C:\Users\DELL\AppData\Local\Resmon.ResmonCfg
[2011/01/31 17:15:14 | 000,000,598 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2011/01/31 17:14:56 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/11/05 12:08:43 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010/11/05 12:08:17 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010/11/04 22:06:10 | 000,744,400 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/15 15:39:38 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/08/15 14:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/15 13:18:25 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >
[2011/05/01 19:26:50 | 000,000,045 | ---- | M] () -- C:\FLVDirect.exe
[2007/11/07 05:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: AFD.SYS >
[2009/07/14 09:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\SysNative\drivers\afd.sys
[2009/07/14 09:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\system64\drivers\afd.sys
[2009/07/14 09:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1a38e2b78a3fe5b8\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1a38e2b78a3fe5b8\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys

< MD5 for: EXPLORER.EXE >
[2010/08/15 15:46:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 16:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/08/15 15:46:25 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/08/15 15:46:25 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 16:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\DELL\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\DELL\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\DELL\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\DELL\AppData\Local\Temp\RarSFX3\procs\explorer.exe
[2010/08/15 15:46:20 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/08/15 15:46:16 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/08/15 15:46:25 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010/08/15 15:46:25 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/08/15 15:46:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\DELL\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\DELL\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\DELL\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\DELL\AppData\Local\Temp\RarSFX3\h\explorer.exe
[2010/08/15 15:46:25 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/08/15 15:46:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 11:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/08/15 15:46:25 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/08/15 15:46:20 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 16:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/08/15 15:46:16 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/08/15 15:46:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: TDX.SYS >
[2009/07/14 09:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\SysNative\drivers\tdx.sys
[2009/07/14 09:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\system64\drivers\tdx.sys
[2009/07/14 09:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2009/07/14 11:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\drivers\volsnap.sys
[2009/07/14 11:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
[2009/07/14 11:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\system64\drivers\volsnap.sys
[2009/07/14 11:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
[2009/07/14 11:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/14 11:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 11:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\system64\wininit.exe
[2009/07/14 11:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 11:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/08/15 15:46:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\DELL\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\DELL\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\DELL\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\DELL\AppData\Local\Temp\RarSFX3\winlogon.exe
[2010/08/15 15:46:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/08/15 15:46:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\system64\winlogon.exe
[2010/08/15 15:46:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< type "C:\ComboFix.txt" /c >
ComboFix 12-03-31.03 - DELL 04/01/2012 10:33:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2182 [GMT 10:00]
Running from: c:\users\DELL\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\Tone2.exe
C:\install.exe
c:\users\DELL\AppData\Local\TempDIR
c:\users\DELL\AppData\Local\TempDIR\BetterInstaller.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 00:40 . 2012-04-01 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-31 12:31 . 2012-03-31 12:31 8738464 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-31 11:34 . 2012-03-31 12:31 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-31 11:34 . 2012-03-31 11:34 -------- d-----w- c:\windows\system32\Macromed
2012-03-13 10:07 . 2012-03-13 10:07 134 ----a-w- C:\hosts-perm.bat
2012-03-13 08:51 . 2012-03-13 08:51 -------- d-----w- c:\users\DELL\AppData\Roaming\Malwarebytes
2012-03-13 08:51 . 2012-03-13 08:51 -------- d-----w- c:\programdata\Malwarebytes
2012-03-13 08:51 . 2012-03-13 08:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-13 08:51 . 2011-12-10 05:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 06:19 . 2012-03-06 06:19 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-02 08:27 . 2009-09-17 06:20 1695232 ----a-w- c:\windows\system32\synsoacc.dll
2012-03-02 07:19 . 2012-03-02 07:19 -------- d-----w- c:\programdata\Syncrosoft
2012-03-02 07:19 . 2012-03-02 07:19 2892 ----a-w- c:\windows\SysWow64\audcon.sys
2012-03-02 07:19 . 2012-03-02 10:03 -------- d-----w- c:\programdata\eLicenser
2012-03-02 07:18 . 2012-03-02 07:18 -------- d-----w- c:\programdata\Arturia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 12:31 . 2012-01-24 09:57 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-05-31 5252408]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-02-24 511448]
"RemoTerm.exe"="c:\program files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-06-10 226576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-21 95560]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"TrayServer"="c:\progra~2\MAGIX\MOVIE_~2\TrayServer_en.exe" [2008-11-13 90112]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-30 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-07 421736]
.
c:\users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
Check for Updates.lnk - c:\program files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [2009-4-17 238864]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-02-21 12:51 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 253600]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 136176]
R3 MODRC;PCTV Dib Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RDID1045;FANTOM-X;c:\windows\system32\Drivers\rdwm1045.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-27 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-21 2409800]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 12:31]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 22:49]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 22:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
"combofix"="c:\combofix\CF15813.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zebrbus
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 222.127.106.89:3128
IE: Download All By FlashGet3 - c:\users\DELL\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\DELL\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{3A5B3F28-452C-4779-8ECA-5791E312C640}: NameServer = 123.200.191.17 123.200.191.18
FF - ProfilePath - c:\users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\q4u1iziz.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Brother\Brmfcmon\BrMfimon.exe
c:\program files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-04-01 10:49:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-01 00:49
.
Pre-Run: 123,754,307,584 bytes free
Post-Run: 124,533,215,232 bytes free
.
- - End Of File - - 6478FF90B90023675F4AB1A00DE8E3A0

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/23 11:08:47 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/23 11:08:47 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/23 11:08:47 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/03/23 11:08:46 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/03/23 11:08:46 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/23 11:08:46 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/14 11:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/14 11:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/14 11:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/02/24 15:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/02/24 15:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/03/23 11:08:47 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/03/23 11:08:47 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/03/23 11:08:47 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/03/23 11:08:46 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/03/23 11:08:46 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/03/23 11:08:46 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/14 11:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/14 11:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/14 11:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/02/24 15:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/02/24 15:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >

OTL Extras logfile created on: 4/3/2012 4:55:08 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\DELL\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 44.67% Memory free
7.73 Gb Paging File | 5.43 Gb Available in Paging File | 70.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 225.51 Gb Total Space | 115.05 Gb Free Space | 51.02% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 225.50 Gb Total Space | 100.97 Gb Free Space | 44.78% Space Free | Partition Type: NTFS
Drive H: | 7.45 Gb Total Space | 1.01 Gb Free Space | 13.59% Space Free | Partition Type: FAT32

Computer Name: DELL-PC | User Name: DELL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1635418107-2633849355-2390042986-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}" = TVCenter
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{372D0C6A-070B-49AA-AB73-ABDDFA5C2F5D}" = FastAccess
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{3B6074E5-5823-9363-851C-25F9DDB1E477}" = ccc-utility64
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73089240-023C-11E0-9AE3-2BA1DFD72085}" = M-Audio FastTrackPro Driver 6.0.7 (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{B7D0C3BC-CB39-3CA1-9295-A23A93994893}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"DW WLAN Card" = DW WLAN Card
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.3
"RolandRDID0045" = FANTOM-X Driver
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 beta 5 (64-bit)
"z3ta+_x64_is1" = rgc:audio z3ta+ 1.5 (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
"{089ADAE8-1C3C-402B-83ED-6CFD0D536F8F}" = MAGIX Movie Edit Pro 17 Plus Download Version
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1170BEDA-359C-4202-A5BF-CCA919E7B917}" = CCC Help Danish
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1976B721-8F15-4B86-92D2-725364AF8CE0}" = AUSkey software 1.4.0.3
"{19DE6032-D3EE-D664-FA63-452431599161}" = CCC Help Norwegian
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW
"{24BBD0E3-4579-9EF5-6081-DE56129D093A}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}" = Dell Communications (Support Software)
"{39EFAC6A-639E-3CE3-2B62-EF8518AD8326}" = CCC Help Chinese Traditional
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3E88F774-1C97-445D-873F-988C0D704B61}" = MAGIX Screenshare
"{3ED3BC2E-141A-BFB0-D48C-E8DDA3A461E7}" = ccc-core-static
"{42CFD768-94A5-4C0D-A49A-88B536BAC551}" = FileNet Desktop eForms
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57B21E43-056F-9E58-8774-20E8A89B5347}" = CCC Help English
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65A30A52-B4CA-006E-8750-8366C9693C77}" = CCC Help Russian
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66C5E9B6-2D87-D7E8-9B8F-BFCAD7105AD1}" = Catalyst Control Center Graphics Previews Common
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{6F3AB64A-CC2D-C533-C5CD-30420E2DC578}" = Skins
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78AE5FAE-C641-311B-9CC8-CEBB87FAF795}" = CCC Help Japanese
"{798CA202-699B-49CC-95EE-BD01411A42E4}" =
"{7BCA9417-A611-CC28-9471-6250EC9666EB}" = Catalyst Control Center Graphics Full Existing
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CBEA175-8D35-4343-8A47-DBF36F86C033}" = MYOB Premier Accounting 2006 (v15)
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84D04D4F-2201-4AED-BE9A-FFA62069CA19}_is1" = reFX Nexus 1.0.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{891BB3F0-F157-4C82-8882-F920D7E9D42F}" = StitcherUnlimited2009 AdLM
"{8C28F118-03B5-4756-F83C-C31C851D1FF3}" = CCC Help Chinese Standard
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95E58BA1-2E10-B49E-283C-3C170C098149}" = CCC Help Dutch
"{9635D462-1B39-E171-BA1C-32A036572251}" = CCC Help Spanish
"{992AC5B1-52BC-4CD8-9419-70B51D11F01B}" = MAGIX Speed burnR (MSI)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A3B31D43-75F4-4CF4-8330-6DE62C3540FA}_is1" = Standalone Flash Player 1.2
"{A4147C0B-A939-B87E-A6AB-71837A52AFEC}" = Catalyst Control Center Core Implementation
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.124
"{A8ACDFFF-093C-8898-E1B8-9388277CD805}" = CCC Help Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AACCA3ED-9F2F-4336-8A80-B09D90DBB91B}" = Autodesk Stitcher Unlimited 2009
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro
"{AD96D90D-33D8-4820-8243-072500472E12}" = SampleRobot®
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B47669BF-36B7-B33B-69C9-A2E7AAA36017}" = CCC Help German
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52D6FF6-308B-2395-72EE-CA72216F8618}" = CCC Help Korean
"{C5422D6A-6CC4-82CA-C28F-249DC0C846B5}" = Catalyst Control Center Graphics Full New
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CEC73671-6AFB-CC2B-203B-2A00E8901755}" = Catalyst Control Center Graphics Previews Vista
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7058431-BC8D-71B7-136F-6FFA32C5C7C2}" = CCC Help Swedish
"{D7833BB9-9F94-462E-89ED-EDD1B12CA40A}" = Fantom-X Editor
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF2D5BCE-AEC0-49F1-B0F8-80E0F603F024}" = MYOB Payroll Tax Forms
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ECBA603F-259F-9C33-85DE-0D7E3FCAB407}" = CCC Help Finnish
"{EE14D3B8-D4A6-EEC6-A37E-FC77CBF6A5FE}" = CCC Help Italian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26E3E58-D6E5-3C61-7A7C-20D61017C26A}" = CCC Help French
"{FB9F4BEA-283B-18FA-3DA4-B757214528F3}" = Catalyst Control Center Localization All
"{FE6D5F28-4C11-4197-66CA-48AA4AECD833}" = Catalyst Control Center Graphics Light
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"ASIO4ALL" = ASIO4ALL
"CDex" = CDex extraction audio
"Collab" = Collab
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.8
"e-Record 6" = e-Record 6
"FlashGet 3.3" = FlashGet 3.3
"FormatFactory" = FormatFactory 2.60
"Free HD Converter_is1" = Free HD Converter V 1.7
"Freez Screen Video Capture v1.2_is1" = Freez Screen Video Capture v1.2
"GoToAssist" = GoToAssist 8.0.0.514
"IL Download Manager" = IL Download Manager
"IMVPureTools" = ImmerVision PURE TOOLS
"InstallShield_{7CBEA175-8D35-4343-8A47-DBF36F86C033}" = MYOB Premier Accounting 2006 (v15)
"InstallShield_{D7833BB9-9F94-462E-89ED-EDD1B12CA40A}" = Fantom-X Editor
"InstallShield_{DF2D5BCE-AEC0-49F1-B0F8-80E0F603F024}" = MYOB Payroll Tax Forms
"MAGIX 3D Maker UK" = MAGIX 3D Maker (embeded)
"MAGIX Movie Edit Pro 15 Plus Download version UK" = MAGIX Movie Edit Pro 15 Plus Download version 8.0.5.8 (UK)
"MAGIX Screenshare UK" = MAGIX Screenshare 4.3.6.1987 (UK)
"MAGIX_MSI_Videodeluxe17_plus" = MAGIX Movie Edit Pro 17 Plus Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"MyTomTom" = MyTomTom 3.0.2.267
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"PTGui" = PTGui Pro 8.3.3
"Toxic Biohazard" = Toxic Biohazard
"Virgin Mobile" = Virgin Mobile
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZD Soft Screen Recorder" = ZD Soft Screen Recorder 4.1.3.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1635418107-2633849355-2390042986-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fba5444ff75cc0ab" = PCWin Speaker Record for Windows 7 & Vista

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2011 6:19:10 AM | Computer Name = DELL-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/28/2011 6:29:12 AM | Computer Name = DELL-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/28/2011 6:15:34 PM | Computer Name = DELL-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/28/2011 6:25:45 PM | Computer Name = DELL-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/28/2011 10:36:46 PM | Computer Name = DELL-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/28/2011 10:54:44 PM | Computer Name = DELL-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The operation timed out

Error - 10/29/2011 6:09:22 AM | Computer Name = DELL-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/29/2011 11:52:57 PM | Computer Name = DELL-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/30/2011 12:03:07 AM | Computer Name = DELL-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/30/2011 6:56:29 PM | Computer Name = DELL-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 4/3/2012 12:28:19 AM | Computer Name = DELL-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/3/2012 12:52:22 AM | Computer Name = DELL-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/3/2012 12:53:15 AM | Computer Name = DELL-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/3/2012 12:53:16 AM | Computer Name = DELL-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/3/2012 12:53:17 AM | Computer Name = DELL-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/3/2012 12:53:22 AM | Computer Name = DELL-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/3/2012 1:23:18 AM | Computer Name = DELL-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/3/2012 1:53:19 AM | Computer Name = DELL-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/3/2012 2:23:17 AM | Computer Name = DELL-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/3/2012 2:53:18 AM | Computer Name = DELL-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

< End of report >

5)________________________________________________________________________________

Computer is running as normal however every 10 mintes or so MSE is alerting me to one of the viruses:
Sirefef.J
Sirefef.W
Sirefef.Y
Sirefef.U
Sirefef.B
Alureon.FP

Also, some java viruses pop up from time to time.

I have not restarted the computer in 12 hours as it was entering Startup Recovery each time and I was being forced to restore to the most recent restore point as nothing else would work.

#5 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 03 April 2012 - 02:42 AM

Hi kryptonaus!

Not a problem! I'm glad to be of assistance!

It looks like we'll need to do some work in the registry to repair some corrupt data in there.

I have not restarted the computer in 12 hours as it was entering Startup Recovery each time and I was being forced to restore to the most recent restore point as nothing else would work.

Okay, thanks for that information.

Do you have access to a USB/Flash Drive that we could use?

Edited by SweetTech, 03 April 2012 - 02:43 AM.

#6 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 03 April 2012 - 02:50 AM

Do you have access to a USB/Flash Drive that we could use?

If so, please do this for me:

Running FRST

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#7 kryptonaus

Member

Members
39 posts

Posted 03 April 2012 - 03:27 AM

ok, doing that now, thanks.

#8 kryptonaus

Member

Members
39 posts

Posted 03 April 2012 - 04:03 AM

Ok, here is the log from that....

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 03-04-2012 18:32:33
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe [798728 2010-12-07] (Avid Technology, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-21] (Sensible Vision )
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms [206064 2009-05-05] (SupportSoft, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~2\TrayServer_en.exe [90112 2008-11-12] (MAGIX AG)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-24] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [345 2012-04-02] ()
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-23] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-23] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-17] (Sun Microsystems, Inc.)
HKU\DELL\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-05-31] (Yahoo! Inc.)
HKU\DELL\...\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" [511448 2011-02-24] (TomTom)
HKU\DELL\...\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe [226576 2010-06-09] (PCTV Systems S.à r.l.)
HKU\DELL\...\Policies\system: [disableregistrytools] 0
HKLM-x32\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-05-21] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Lsa: [Notification Packages] scecli
FAPassSync
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-03-31] (Adobe Systems Incorporated)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [1253376 2009-08-27] (MAGIX AG)
3 FirebirdServerMAGIXInstance; "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe" [3276800 2008-08-06] (MAGIX®)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [651720 2011-02-15] (Macrovision Europe Ltd.)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
2 btwdins; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
2 sprtsvc_DellSupportCenter; "c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter [x]

========================== Drivers (Whitelisted) =============

1 abmnwrxl; C:\Windows\System32\Drivers\abmnwrxl.sys [50000 2012-04-02] (Microsoft Corporation)
1 aibhmzzd; C:\Windows\System32\Drivers\aibhmzzd.sys [50000 2012-04-02] (Microsoft Corporation)
3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6233088 2010-01-22] (ATI Technologies Inc.)
3 azvusb; C:\Windows\System32\Drivers\azvusb.sys [54784 2009-08-23] (AzureWave Technologies, Inc.)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 BVRPMPR5a64; C:\Windows\System32\Drivers\BVRPMPR5a64.sys [35840 2010-06-01] (Avanquest Software)
1 ccohifqb; C:\Windows\System32\Drivers\ccohifqb.sys [50000 2012-04-03] (Microsoft Corporation)
1 cwpskvjq; C:\Windows\System32\Drivers\cwpskvjq.sys [50000 2012-04-03] (Microsoft Corporation)
1 dosyrptt; C:\Windows\System32\Drivers\dosyrptt.sys [50000 2012-04-02] (Microsoft Corporation)
1 dxobwnrs; C:\Windows\System32\Drivers\dxobwnrs.sys [50000 2012-04-02] (Microsoft Corporation)
1 eicjognu; C:\Windows\System32\Drivers\eicjognu.sys [50000 2012-04-02] (Microsoft Corporation)
3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
1 fbmwuhdo; C:\Windows\System32\Drivers\fbmwuhdo.sys [50000 2012-04-02] (Microsoft Corporation)
1 fdscwqxh; C:\Windows\System32\Drivers\fdscwqxh.sys [50000 2012-04-03] (Microsoft Corporation)
1 gzeitjbe; C:\Windows\System32\Drivers\gzeitjbe.sys [50000 2012-04-03] (Microsoft Corporation)
1 haccagoe; C:\Windows\System32\Drivers\haccagoe.sys [50000 2012-04-02] (Microsoft Corporation)
1 hotciujf; C:\Windows\System32\Drivers\hotciujf.sys [50000 2012-04-03] (Microsoft Corporation)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [117248 2009-09-10] (Huawei Technologies Co., Ltd.)
1 hyefoczi; C:\Windows\System32\Drivers\hyefoczi.sys [50000 2012-04-02] (Microsoft Corporation)
1 iamzfvbz; C:\Windows\System32\Drivers\iamzfvbz.sys [50000 2012-04-02] (Microsoft Corporation)
1 iomahovb; C:\Windows\System32\Drivers\iomahovb.sys [50000 2012-04-02] (Microsoft Corporation)
1 kibsvsca; C:\Windows\System32\Drivers\kibsvsca.sys [50000 2012-04-03] (Microsoft Corporation)
1 lgoljdcl; C:\Windows\System32\Drivers\lgoljdcl.sys [50000 2012-04-02] (Microsoft Corporation)
1 ltsbhhmq; C:\Windows\System32\Drivers\ltsbhhmq.sys [50000 2012-04-02] (Microsoft Corporation)
1 lzvaotup; C:\Windows\System32\Drivers\lzvaotup.sys [50000 2012-04-03] (Microsoft Corporation)
3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.)
1 mcztkowa; C:\Windows\System32\Drivers\mcztkowa.sys [50000 2012-04-02] (Microsoft Corporation)
1 mlldvwcn; C:\Windows\System32\Drivers\mlldvwcn.sys [50000 2012-04-03] (Microsoft Corporation)
3 MODRC; C:\Windows\System32\Drivers\MODRC.sys [26440 2010-04-22] (DiBcom S.A.)
1 mpewtqhe; C:\Windows\System32\Drivers\mpewtqhe.sys [50000 2012-04-02] (Microsoft Corporation)
1 mrldlmrd; C:\Windows\System32\Drivers\mrldlmrd.sys [50000 2012-04-03] (Microsoft Corporation)
1 mxhapcqe; C:\Windows\System32\Drivers\mxhapcqe.sys [50000 2012-04-03] (Microsoft Corporation)
1 naxocvat; C:\Windows\System32\Drivers\naxocvat.sys [50000 2012-04-02] (Microsoft Corporation)
1 nebjxrgz; C:\Windows\System32\Drivers\nebjxrgz.sys [50000 2012-04-02] (Microsoft Corporation)
1 nhbgmcbq; C:\Windows\System32\Drivers\nhbgmcbq.sys [50000 2012-04-02] (Microsoft Corporation)
1 okijtpdv; C:\Windows\System32\Drivers\okijtpdv.sys [50000 2012-04-03] (Microsoft Corporation)
1 ouigwydh; C:\Windows\System32\Drivers\ouigwydh.sys [50000 2012-04-03] (Microsoft Corporation)
1 pvwqefbh; C:\Windows\System32\Drivers\pvwqefbh.sys [50000 2012-04-02] (Microsoft Corporation)
1 pxcdcxnu; C:\Windows\System32\Drivers\pxcdcxnu.sys [50000 2012-04-02] (Microsoft Corporation)
3 RDID1045; C:\Windows\System32\Drivers\rdwm1045.sys [81920 2009-09-17] (Roland Corporation)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
1 stxrlnaz; C:\Windows\System32\Drivers\stxrlnaz.sys [50000 2012-04-03] (Microsoft Corporation)
1 sxmgttpv; C:\Windows\System32\Drivers\sxmgttpv.sys [50000 2012-04-02] (Microsoft Corporation)
1 tcwjqbin; C:\Windows\System32\Drivers\tcwjqbin.sys [50000 2012-04-03] (Microsoft Corporation)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
1 ulyfgxxk; C:\Windows\System32\Drivers\ulyfgxxk.sys [50000 2012-04-02] (Microsoft Corporation)
1 vfcxhtnk; C:\Windows\System32\Drivers\vfcxhtnk.sys [50000 2012-04-02] (Microsoft Corporation)
1 wcbqvsgk; C:\Windows\System32\Drivers\wcbqvsgk.sys [50000 2012-04-03] (Microsoft Corporation)
1 wcidgxlq; C:\Windows\System32\Drivers\wcidgxlq.sys [50000 2012-04-03] (Microsoft Corporation)
1 wxurkrxl; C:\Windows\System32\Drivers\wxurkrxl.sys [50000 2012-04-02] (Microsoft Corporation)
1 xavxonog; C:\Windows\System32\Drivers\xavxonog.sys [50000 2012-04-02] (Microsoft Corporation)
1 xawmdunk; C:\Windows\System32\Drivers\xawmdunk.sys [50000 2012-04-02] (Microsoft Corporation)
1 xeqvvqju; C:\Windows\System32\Drivers\xeqvvqju.sys [50000 2012-04-02] (Microsoft Corporation)
1 yfchlisv; C:\Windows\System32\Drivers\yfchlisv.sys [50000 2012-04-03] (Microsoft Corporation)
1 ykmotyro; C:\Windows\System32\Drivers\ykmotyro.sys [50000 2012-04-02] (Microsoft Corporation)
1 zbhtdojh; C:\Windows\System32\Drivers\zbhtdojh.sys [50000 2012-04-03] (Microsoft Corporation)
1 zdfwszss; C:\Windows\System32\Drivers\zdfwszss.sys [50000 2012-04-02] (Microsoft Corporation)
3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-03 03:28 - 2012-04-03 03:28 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lzvaotup.sys
2012-04-03 03:22 - 2012-04-03 03:22 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mlldvwcn.sys
2012-04-03 03:12 - 2012-04-03 03:12 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hotciujf.sys
2012-04-03 03:02 - 2012-04-03 03:02 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\okijtpdv.sys
2012-04-03 02:47 - 2012-04-03 02:47 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcwjqbin.sys
2012-04-03 02:38 - 2012-04-03 03:28 - 0148528 ____A C:\TDSSKiller.2.7.24.0_03.04.2012_17.38.32_log.txt
2012-04-03 02:37 - 2012-04-03 02:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fdscwqxh.sys
2012-04-03 02:34 - 2012-04-03 02:34 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mxhapcqe.sys
2012-04-03 02:24 - 2012-04-03 02:24 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ouigwydh.sys
2012-04-03 02:13 - 2012-04-03 02:13 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wcidgxlq.sys
2012-04-03 02:03 - 2012-04-03 02:03 - 0059846 ____A C:\Users\DELL\Desktop\Extras.Txt
2012-04-03 02:02 - 2012-04-03 02:02 - 0244690 ____A C:\Users\DELL\Desktop\OTL.Txt
2012-04-03 02:01 - 2012-04-03 02:01 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cwpskvjq.sys
2012-04-03 01:53 - 2012-04-03 01:53 - 0593920 ____A (OldTimer Tools) C:\Users\DELL\Desktop\OTL.exe
2012-04-03 01:52 - 2012-04-03 01:52 - 0003397 ____A C:\Users\DELL\Desktop\FSS.txt
2012-04-03 01:48 - 2012-04-03 01:51 - 0147068 ____A C:\TDSSKiller.2.7.24.0_03.04.2012_16.48.24_log.txt
2012-04-03 01:48 - 2012-04-03 01:49 - 0337137 ____A C:\Users\DELL\Desktop\FSS.exe
2012-04-03 01:48 - 2012-04-03 01:48 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrldlmrd.sys
2012-04-03 01:42 - 2012-04-03 01:42 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wcbqvsgk.sys
2012-04-03 01:25 - 2012-04-03 01:25 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\stxrlnaz.sys
2012-04-03 01:09 - 2012-04-03 01:09 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ccohifqb.sys
2012-04-03 00:59 - 2012-04-03 00:59 - 0000577 ____A C:\Users\DELL\Desktop\MBR.zip
2012-04-03 00:55 - 2012-04-03 00:55 - 0002069 ____A C:\Users\DELL\Desktop\aswMBR.txt
2012-04-03 00:55 - 2012-04-03 00:55 - 0000512 ____A C:\Users\DELL\Desktop\MBR.dat
2012-04-03 00:54 - 2012-04-03 00:54 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yfchlisv.sys
2012-04-03 00:41 - 2012-04-03 00:41 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-03 00:41 - 2012-04-03 00:41 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-03 00:41 - 2012-04-03 00:41 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-03 00:40 - 2012-04-03 00:40 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zbhtdojh.sys
2012-04-03 00:38 - 2012-04-03 00:38 - 0908576 ____A (Sun Microsystems, Inc.) C:\Users\DELL\Downloads\jxpiinstall.exe
2012-04-03 00:37 - 2012-04-03 00:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kibsvsca.sys
2012-04-03 00:21 - 2012-04-03 00:21 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\gzeitjbe.sys
2012-04-03 00:14 - 2012-04-03 00:15 - 4731392 ____A (AVAST Software) C:\Users\DELL\Desktop\aswMBR.exe
2012-04-03 00:06 - 2012-04-03 00:08 - 0144732 ____A C:\TDSSKiller.2.7.24.0_03.04.2012_15.06.51_log.txt
2012-04-02 23:56 - 2012-04-02 23:56 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxobwnrs.sys
2012-04-02 23:55 - 2012-04-02 23:55 - 0302592 ____A C:\Users\DELL\Desktop\8vfwurs2.exe
2012-04-02 23:49 - 2012-04-02 23:49 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zdfwszss.sys
2012-04-02 23:34 - 2012-04-02 23:34 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lgoljdcl.sys
2012-04-02 23:17 - 2012-04-02 23:17 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dosyrptt.sys
2012-04-02 23:01 - 2012-04-02 23:01 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fbmwuhdo.sys
2012-04-02 22:45 - 2012-04-02 22:45 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xawmdunk.sys
2012-04-02 22:29 - 2012-04-02 22:29 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vfcxhtnk.sys
2012-04-02 22:13 - 2012-04-02 22:13 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ltsbhhmq.sys
2012-04-02 21:57 - 2012-04-02 21:57 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\iamzfvbz.sys
2012-04-02 21:41 - 2012-04-02 21:41 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pvwqefbh.sys
2012-04-02 21:25 - 2012-04-02 21:25 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wxurkrxl.sys
2012-04-02 21:09 - 2012-04-02 21:09 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xeqvvqju.sys
2012-04-02 20:53 - 2012-04-02 20:53 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\iomahovb.sys
2012-04-02 20:37 - 2012-04-02 20:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ulyfgxxk.sys
2012-04-02 20:21 - 2012-04-02 20:21 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mpewtqhe.sys
2012-04-02 20:05 - 2012-04-02 20:05 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nebjxrgz.sys
2012-04-02 19:49 - 2012-04-02 19:49 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\haccagoe.sys
2012-04-02 19:35 - 2012-04-02 19:37 - 0137832 ____A C:\TDSSKiller.2.7.24.0_03.04.2012_10.35.52_log.txt
2012-04-02 19:35 - 2012-04-01 19:34 - 2068528 ____A (Kaspersky Lab ZAO) C:\Users\DELL\Desktop\TDSSKiller.exe
2012-04-02 19:33 - 2012-04-02 19:33 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nhbgmcbq.sys
2012-04-02 19:17 - 2012-04-02 19:17 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mcztkowa.sys
2012-04-02 19:01 - 2012-04-02 19:01 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\naxocvat.sys
2012-04-02 18:45 - 2012-04-02 18:45 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ykmotyro.sys
2012-04-02 18:29 - 2012-04-02 18:29 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xavxonog.sys
2012-04-02 18:15 - 2012-04-02 18:15 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pxcdcxnu.sys
2012-04-02 18:11 - 2012-04-02 18:11 - 0012622 ____A C:\Users\DELL\Desktop\Attach.txt
2012-04-02 18:07 - 2012-04-02 18:07 - 0028863 ____A C:\Users\DELL\Desktop\DDS.txt
2012-04-02 18:04 - 2012-04-02 18:04 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\aibhmzzd.sys
2012-04-02 18:02 - 2012-04-02 18:02 - 0607260 ____R (Swearware) C:\Users\DELL\Desktop\dds.scr
2012-04-02 17:47 - 2012-04-02 17:47 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\eicjognu.sys
2012-04-02 17:41 - 2012-04-02 17:41 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hyefoczi.sys
2012-04-02 17:28 - 2012-04-02 17:28 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\abmnwrxl.sys
2012-04-02 17:16 - 2012-04-02 17:16 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sxmgttpv.sys
2012-04-02 17:04 - 2012-01-31 07:44 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-04-02 07:35 - 2012-04-02 07:35 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-02 07:32 - 2012-04-02 07:35 - 0138570 ____A C:\TDSSKiller.2.7.24.0_02.04.2012_22.32.56_log.txt
2012-04-02 07:31 - 2012-04-02 07:32 - 2048824 ____A C:\Users\DELL\Desktop\tdsskiller.zip
2012-04-02 00:57 - 2012-04-03 07:55 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-02 00:57 - 2012-04-03 07:55 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-02 00:57 - 2012-04-02 00:57 - 0002154 ____A C:\Windows\epplauncher.mif
2012-04-02 00:56 - 2010-04-09 06:06 - 0374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-04-02 00:29 - 2012-04-02 00:29 - 0000000 ____D C:\Windows\system64
2012-03-31 19:49 - 2012-03-31 19:49 - 0020718 ____A C:\ComboFix.txt
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-31 19:31 - 2011-06-26 01:45 - 0256000 ____A C:\Windows\PEV.exe
2012-03-31 19:31 - 2010-11-07 12:20 - 0208896 ____A C:\Windows\MBR.exe
2012-03-31 19:31 - 2009-04-19 23:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-03-31 19:31 - 2000-08-30 19:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-03-31 19:31 - 2000-08-30 19:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-03-31 19:31 - 2000-08-30 19:00 - 0098816 ____A C:\Windows\sed.exe
2012-03-31 19:31 - 2000-08-30 19:00 - 0080412 ____A C:\Windows\grep.exe
2012-03-31 19:31 - 2000-08-30 19:00 - 0068096 ____A C:\Windows\zip.exe
2012-03-31 19:30 - 2012-04-03 07:55 - 0000000 ___SD C:\ComboFix
2012-03-31 19:30 - 2012-04-03 07:52 - 0000000 ____D C:\Qoobox
2012-03-31 19:30 - 2012-04-02 15:27 - 0000000 ____D C:\Windows\ERDNT
2012-03-31 19:28 - 2012-03-31 19:28 - 4452445 ____R (Swearware) C:\Users\DELL\Desktop\ComboFix.exe
2012-03-31 07:31 - 2012-03-31 07:31 - 8738464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-31 06:34 - 2012-04-03 03:29 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-31 06:34 - 2012-03-31 07:31 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-31 06:34 - 2012-03-31 06:34 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-31 05:33 - 2012-04-02 16:58 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-13 05:07 - 2012-03-13 05:07 - 0000134 ____A C:\hosts-perm.bat
2012-03-13 03:51 - 2012-03-13 03:51 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-13 03:51 - 2012-03-13 03:51 - 0001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-13 03:51 - 2012-03-13 03:51 - 0000000 ____D C:\Users\DELL\Application Data\Malwarebytes
2012-03-13 03:51 - 2012-03-13 03:51 - 0000000 ____D C:\Users\DELL\AppData\Roaming\Malwarebytes
2012-03-13 03:51 - 2012-03-13 03:51 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-13 03:51 - 2012-03-13 03:51 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-03-13 03:51 - 2012-03-13 03:51 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-13 03:51 - 2012-03-13 03:51 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-13 03:51 - 2011-12-10 00:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-13 03:50 - 2012-03-13 03:50 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\DELL\Downloads\mbam--setup-1.60.1.1000.exe
2012-03-13 03:47 - 2012-03-31 18:52 - 0000443 ____A C:\rkill.log
2012-03-13 03:45 - 2012-03-13 03:45 - 0000307 ____A C:\Users\DELL\Desktop\iExplore - Shortcut.lnk
2012-03-13 03:44 - 2012-03-13 03:44 - 1008141 ____A C:\Users\DELL\Desktop\iExplore.exe

============ 3 Months Modified Files and Folders =============

2012-04-03 18:32 - 2012-04-03 18:32 - 0000000 ____D C:\FRST
2012-04-03 07:56 - 2009-07-14 02:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-04-03 07:56 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-03 07:56 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-03 07:56 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-03 07:56 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-03 07:56 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-03 07:56 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-03 07:56 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-03 07:56 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-04-03 07:56 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-03 07:56 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-03 07:56 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-04-03 07:56 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\Setup
2012-04-03 07:56 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\com
2012-04-03 07:56 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-04-03 07:56 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\servicing
2012-04-03 07:56 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\IME
2012-04-03 07:56 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-03 07:55 - 2012-04-02 00:57 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-03 07:55 - 2012-04-02 00:57 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-03 07:55 - 2012-03-31 19:30 - 0000000 ___SD C:\ComboFix
2012-04-03 07:55 - 2011-05-01 04:26 - 0000000 ____D C:\Data
2012-04-03 07:55 - 2010-11-03 02:49 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-03 07:55 - 2010-08-15 00:10 - 0000000 ____D C:\DELL
2012-04-03 07:55 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration
2012-04-03 07:54 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-03 07:54 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\Speech
2012-04-03 07:52 - 2012-03-31 19:30 - 0000000 ____D C:\Qoobox
2012-04-03 07:52 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-03 07:52 - 2009-07-13 22:18 - 0000000 __SHD C:\$Recycle.Bin
2012-04-03 03:29 - 2012-03-31 06:34 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-03 03:29 - 2009-07-14 00:10 - 1855344 ____A C:\Windows\WindowsUpdate.log
2012-04-03 03:28 - 2012-04-03 03:28 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lzvaotup.sys
2012-04-03 03:28 - 2012-04-03 02:38 - 0148528 ____A C:\TDSSKiller.2.7.24.0_03.04.2012_17.38.32_log.txt
2012-04-03 03:25 - 2009-07-14 00:13 - 0730554 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-03 03:24 - 2009-07-13 23:51 - 0259259 ____A C:\Windows\setupact.log
2012-04-03 03:22 - 2012-04-03 03:22 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mlldvwcn.sys
2012-04-03 03:12 - 2012-04-03 03:12 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hotciujf.sys
2012-04-03 03:08 - 2011-02-21 17:50 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-03 03:02 - 2012-04-03 03:02 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\okijtpdv.sys
2012-04-03 02:47 - 2012-04-03 02:47 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcwjqbin.sys
2012-04-03 02:37 - 2012-04-03 02:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fdscwqxh.sys
2012-04-03 02:34 - 2012-04-03 02:34 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mxhapcqe.sys
2012-04-03 02:24 - 2012-04-03 02:24 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ouigwydh.sys
2012-04-03 02:13 - 2012-04-03 02:13 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wcidgxlq.sys
2012-04-03 02:03 - 2012-04-03 02:03 - 0059846 ____A C:\Users\DELL\Desktop\Extras.Txt
2012-04-03 02:02 - 2012-04-03 02:02 - 0244690 ____A C:\Users\DELL\Desktop\OTL.Txt
2012-04-03 02:01 - 2012-04-03 02:01 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cwpskvjq.sys
2012-04-03 01:53 - 2012-04-03 01:53 - 0593920 ____A (OldTimer Tools) C:\Users\DELL\Desktop\OTL.exe
2012-04-03 01:52 - 2012-04-03 01:52 - 0003397 ____A C:\Users\DELL\Desktop\FSS.txt
2012-04-03 01:51 - 2012-04-03 01:48 - 0147068 ____A C:\TDSSKiller.2.7.24.0_03.04.2012_16.48.24_log.txt
2012-04-03 01:49 - 2012-04-03 01:48 - 0337137 ____A C:\Users\DELL\Desktop\FSS.exe
2012-04-03 01:48 - 2012-04-03 01:48 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrldlmrd.sys
2012-04-03 01:42 - 2012-04-03 01:42 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wcbqvsgk.sys
2012-04-03 01:25 - 2012-04-03 01:25 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\stxrlnaz.sys
2012-04-03 01:09 - 2012-04-03 01:09 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ccohifqb.sys
2012-04-03 00:59 - 2012-04-03 00:59 - 0000577 ____A C:\Users\DELL\Desktop\MBR.zip
2012-04-03 00:55 - 2012-04-03 00:55 - 0002069 ____A C:\Users\DELL\Desktop\aswMBR.txt
2012-04-03 00:55 - 2012-04-03 00:55 - 0000512 ____A C:\Users\DELL\Desktop\MBR.dat
2012-04-03 00:54 - 2012-04-03 00:54 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yfchlisv.sys
2012-04-03 00:41 - 2012-04-03 00:41 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-03 00:41 - 2012-04-03 00:41 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-03 00:41 - 2012-04-03 00:41 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-03 00:41 - 2010-08-14 21:56 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-03 00:40 - 2012-04-03 00:40 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zbhtdojh.sys
2012-04-03 00:38 - 2012-04-03 00:38 - 0908576 ____A (Sun Microsystems, Inc.) C:\Users\DELL\Downloads\jxpiinstall.exe
2012-04-03 00:37 - 2012-04-03 00:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kibsvsca.sys
2012-04-03 00:21 - 2012-04-03 00:21 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\gzeitjbe.sys
2012-04-03 00:15 - 2012-04-03 00:14 - 4731392 ____A (AVAST Software) C:\Users\DELL\Desktop\aswMBR.exe
2012-04-03 00:08 - 2012-04-03 00:06 - 0144732 ____A C:\TDSSKiller.2.7.24.0_03.04.2012_15.06.51_log.txt
2012-04-02 23:56 - 2012-04-02 23:56 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxobwnrs.sys
2012-04-02 23:55 - 2012-04-02 23:55 - 0302592 ____A C:\Users\DELL\Desktop\8vfwurs2.exe
2012-04-02 23:49 - 2012-04-02 23:49 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zdfwszss.sys
2012-04-02 23:37 - 2010-11-06 16:21 - 0000000 ____D C:\Users\DELL\Local Settings\Yahoo
2012-04-02 23:37 - 2010-11-06 16:21 - 0000000 ____D C:\Users\DELL\Local Settings\Application Data\Yahoo
2012-04-02 23:37 - 2010-11-06 16:21 - 0000000 ____D C:\Users\DELL\AppData\Local\Yahoo
2012-04-02 23:34 - 2012-04-02 23:34 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lgoljdcl.sys
2012-04-02 23:17 - 2012-04-02 23:17 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dosyrptt.sys
2012-04-02 23:01 - 2012-04-02 23:01 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fbmwuhdo.sys
2012-04-02 22:45 - 2012-04-02 22:45 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xawmdunk.sys
2012-04-02 22:29 - 2012-04-02 22:29 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vfcxhtnk.sys
2012-04-02 22:13 - 2012-04-02 22:13 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ltsbhhmq.sys
2012-04-02 21:57 - 2012-04-02 21:57 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\iamzfvbz.sys
2012-04-02 21:41 - 2012-04-02 21:41 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pvwqefbh.sys
2012-04-02 21:25 - 2012-04-02 21:25 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wxurkrxl.sys
2012-04-02 21:09 - 2012-04-02 21:09 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xeqvvqju.sys
2012-04-02 20:53 - 2012-04-02 20:53 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\iomahovb.sys
2012-04-02 20:37 - 2012-04-02 20:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ulyfgxxk.sys
2012-04-02 20:21 - 2012-04-02 20:21 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mpewtqhe.sys
2012-04-02 20:05 - 2012-04-02 20:05 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nebjxrgz.sys
2012-04-02 19:49 - 2012-04-02 19:49 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\haccagoe.sys
2012-04-02 19:37 - 2012-04-02 19:35 - 0137832 ____A C:\TDSSKiller.2.7.24.0_03.04.2012_10.35.52_log.txt
2012-04-02 19:33 - 2012-04-02 19:33 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nhbgmcbq.sys
2012-04-02 19:17 - 2012-04-02 19:17 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mcztkowa.sys
2012-04-02 19:01 - 2012-04-02 19:01 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\naxocvat.sys
2012-04-02 18:45 - 2012-04-02 18:45 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ykmotyro.sys
2012-04-02 18:29 - 2012-04-02 18:29 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xavxonog.sys
2012-04-02 18:15 - 2012-04-02 18:15 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pxcdcxnu.sys
2012-04-02 18:11 - 2012-04-02 18:11 - 0012622 ____A C:\Users\DELL\Desktop\Attach.txt
2012-04-02 18:07 - 2012-04-02 18:07 - 0028863 ____A C:\Users\DELL\Desktop\DDS.txt
2012-04-02 18:04 - 2012-04-02 18:04 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\aibhmzzd.sys
2012-04-02 18:02 - 2012-04-02 18:02 - 0607260 ____R (Swearware) C:\Users\DELL\Desktop\dds.scr
2012-04-02 17:47 - 2012-04-02 17:47 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\eicjognu.sys
2012-04-02 17:41 - 2012-04-02 17:41 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hyefoczi.sys
2012-04-02 17:28 - 2012-04-02 17:28 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\abmnwrxl.sys
2012-04-02 17:16 - 2012-04-02 17:16 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sxmgttpv.sys
2012-04-02 17:05 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-02 17:05 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-02 16:58 - 2012-03-31 05:33 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-02 16:58 - 2011-02-21 17:50 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-02 16:58 - 2010-10-14 03:53 - 0000000 ____D C:\users\DELL
2012-04-02 16:58 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-02 16:57 - 2010-08-14 23:49 - 3111534592 __ASH C:\hiberfil.sys
2012-04-02 16:57 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-02 15:27 - 2012-03-31 19:30 - 0000000 ____D C:\Windows\ERDNT
2012-04-02 15:27 - 2009-07-14 02:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-02 07:35 - 2012-04-02 07:35 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-02 07:35 - 2012-04-02 07:32 - 0138570 ____A C:\TDSSKiller.2.7.24.0_02.04.2012_22.32.56_log.txt
2012-04-02 07:32 - 2012-04-02 07:31 - 2048824 ____A C:\Users\DELL\Desktop\tdsskiller.zip
2012-04-02 00:57 - 2012-04-02 00:57 - 0002154 ____A C:\Windows\epplauncher.mif
2012-04-02 00:57 - 2010-11-04 07:06 - 0744400 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-02 00:29 - 2012-04-02 00:29 - 0000000 ____D C:\Windows\system64
2012-04-01 19:34 - 2012-04-02 19:35 - 2068528 ____A (Kaspersky Lab ZAO) C:\Users\DELL\Desktop\TDSSKiller.exe
2012-03-31 19:49 - 2012-03-31 19:49 - 0020718 ____A C:\ComboFix.txt
2012-03-31 19:42 - 2009-07-13 21:34 - 67108864 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-03-31 19:42 - 2009-07-13 21:34 - 19136512 ____A C:\Windows\System32\config\SYSTEM.bak
2012-03-31 19:42 - 2009-07-13 21:34 - 1048576 ____A C:\Windows\System32\config\DEFAULT.bak
2012-03-31 19:42 - 2009-07-13 21:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-03-31 19:42 - 2009-07-13 21:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-31 19:41 - 2012-03-31 19:41 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-31 19:28 - 2012-03-31 19:28 - 4452445 ____R (Swearware) C:\Users\DELL\Desktop\ComboFix.exe
2012-03-31 18:58 - 2010-08-14 23:49 - 0470706 ____A C:\Windows\PFRO.log
2012-03-31 18:52 - 2012-03-13 03:47 - 0000443 ____A C:\rkill.log
2012-03-31 07:31 - 2012-03-31 07:31 - 8738464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-31 07:31 - 2012-03-31 06:34 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-31 07:31 - 2012-01-24 04:57 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-31 06:34 - 2012-03-31 06:34 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-30 03:24 - 2011-01-31 02:14 - 0000000 ____D C:\Users\DELL\Application Data\BITS
2012-03-30 03:24 - 2011-01-31 02:14 - 0000000 ____D C:\Users\DELL\AppData\Roaming\BITS
2012-03-25 17:16 - 2009-07-14 00:08 - 0032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-13 05:07 - 2012-03-13 05:07 - 0000134 ____A C:\hosts-perm.bat
2012-03-13 03:51 - 2012-03-13 03:51 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-13 03:51 - 2012-03-13 03:51 - 0001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-13 03:51 - 2012-03-13 03:51 - 0000000 ____D C:\Users\DELL\Application Data\Malwarebytes
2012-03-13 03:51 - 2012-03-13 03:51 - 0000000 ____D C:\Users\DELL\AppData\Roaming\Malwarebytes
2012-03-13 03:51 - 2012-03-13 03:51 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-13 03:51 - 2012-03-13 03:51 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-03-13 03:51 - 2012-03-13 03:51 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-13 03:51 - 2012-03-13 03:51 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-13 03:50 - 2012-03-13 03:50 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\DELL\Downloads\mbam--setup-1.60.1.1000.exe
2012-03-13 03:46 - 2010-08-14 22:12 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-03-13 03:45 - 2012-03-13 03:45 - 0000307 ____A C:\Users\DELL\Desktop\iExplore - Shortcut.lnk
2012-03-13 03:44 - 2012-03-13 03:44 - 1008141 ____A C:\Users\DELL\Desktop\iExplore.exe
2012-03-13 00:51 - 2010-10-14 03:53 - 0000000 ____D C:\Users\DELL\Local Settings\SoftThinks
2012-03-13 00:51 - 2010-10-14 03:53 - 0000000 ____D C:\Users\DELL\Local Settings\Application Data\SoftThinks
2012-03-13 00:51 - 2010-10-14 03:53 - 0000000 ____D C:\Users\DELL\AppData\Local\SoftThinks
2012-03-02 04:37 - 2011-07-19 05:32 - 0076108 ____A C:\Windows\DPINST.LOG
2012-03-02 02:19 - 2012-03-02 02:19 - 0002892 ____A () C:\Windows\SysWOW64\audcon.sys
2012-03-01 00:52 - 2010-12-20 15:33 - 0000000 ____D C:\Users\DELL\Local Settings\Deployment
2012-03-01 00:52 - 2010-12-20 15:33 - 0000000 ____D C:\Users\DELL\Local Settings\Application Data\Deployment
2012-03-01 00:52 - 2010-12-20 15:33 - 0000000 ____D C:\Users\DELL\AppData\Local\Deployment
2012-02-18 22:55 - 2012-02-18 22:47 - 0000000 ____D C:\eac3to
2012-02-18 22:47 - 2012-02-18 22:47 - 0000000 ____D C:\virtualdub
2012-02-18 22:47 - 2012-02-18 22:46 - 1666139 ____A C:\Users\DELL\Downloads\VirtualDubMod_1_5_10_2_b2542.zip
2012-02-18 22:46 - 2012-02-18 22:46 - 4191873 ____A C:\Users\DELL\Downloads\eac3to.zip
2012-02-18 22:46 - 2012-02-18 22:46 - 2000324 ____A C:\Users\DELL\Downloads\cdex_151.exe
2012-02-18 22:46 - 2012-02-18 22:46 - 0000989 ____A C:\Users\DELL\Desktop\CDex.lnk
2012-02-18 22:46 - 2012-02-18 22:46 - 0000000 ____D C:\Program Files (x86)\CDex_150
2012-02-18 22:45 - 2011-01-02 15:41 - 0000000 ____D C:\Users\DELL\Local Settings\Application Data\Apple Computer
2012-02-18 22:45 - 2011-01-02 15:41 - 0000000 ____D C:\Users\DELL\Local Settings\Apple Computer
2012-02-18 22:45 - 2011-01-02 15:41 - 0000000 ____D C:\Users\DELL\AppData\Local\Apple Computer
2012-02-12 17:31 - 2010-11-04 07:06 - 0000000 ____D C:\Users\DELL\Application Data\SoftGrid Client
2012-02-12 17:31 - 2010-11-04 07:06 - 0000000 ____D C:\Users\DELL\AppData\Roaming\SoftGrid Client
2012-02-06 02:52 - 2012-02-06 02:38 - 136600820 ____A C:\Users\DELL\Downloads\DMS_-_AV3.rar
2012-02-03 22:29 - 2011-06-27 20:14 - 0002089 ____A C:\Users\Public\Desktop\Free YouTube Downloader.lnk
2012-02-03 22:29 - 2011-06-27 20:14 - 0002089 ____A C:\Users\All Users\Desktop\Free YouTube Downloader.lnk
2012-02-03 22:29 - 2011-06-27 20:14 - 0000000 ____D C:\Program Files (x86)\Free YouTube Downloader
2012-02-03 22:28 - 2012-02-03 22:28 - 0148456 ____A (Somoto Ltd.) C:\Users\DELL\Downloads\FreeYouTubeDownloaderInstaller(2).exe
2012-01-31 07:44 - 2012-04-02 17:04 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-29 02:39 - 2012-01-29 02:39 - 0000000 __HDC C:\Users\All Users\Application Data\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-01-29 02:39 - 2012-01-29 02:39 - 0000000 __HDC C:\Users\All Users\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-01-29 02:39 - 2012-01-29 02:39 - 0000000 __HDC C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-01-29 02:38 - 2012-01-29 02:38 - 0000000 __HDC C:\Users\All Users\Application Data\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2012-01-29 02:38 - 2012-01-29 02:38 - 0000000 __HDC C:\Users\All Users\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2012-01-29 02:38 - 2012-01-29 02:38 - 0000000 __HDC C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2012-01-24 03:27 - 2012-01-24 03:27 - 0148456 ____A (Somoto Ltd.) C:\Users\DELL\Downloads\FreeYouTubeDownloaderInstaller.exe
2012-01-24 01:24 - 2012-01-22 18:33 - 0000000 ____D C:\Users\DELL\Application Data\Uxox
2012-01-24 01:24 - 2012-01-22 18:33 - 0000000 ____D C:\Users\DELL\AppData\Roaming\Uxox
2012-01-24 01:24 - 2012-01-16 16:58 - 0000000 ____D C:\Users\DELL\Local Settings\CdWebnt5
2012-01-24 01:24 - 2012-01-16 16:58 - 0000000 ____D C:\Users\DELL\Local Settings\Application Data\CdWebnt5
2012-01-24 01:24 - 2012-01-16 16:58 - 0000000 ____D C:\Users\DELL\AppData\Local\CdWebnt5
2012-01-24 01:23 - 2011-05-22 17:25 - 0471898 ____A C:\Windows\ntbtlog.txt
2012-01-24 01:16 - 2012-01-22 18:33 - 0000000 ____D C:\Users\DELL\Application Data\Awd
2012-01-24 01:16 - 2012-01-22 18:33 - 0000000 ____D C:\Users\DELL\AppData\Roaming\Awd
2012-01-14 17:32 - 2012-01-14 17:32 - 0000000 __HDC C:\Users\All Users\Application Data\{13C5090D-8DAD-437E-B069-232C287DA432}
2012-01-14 17:32 - 2012-01-14 17:32 - 0000000 __HDC C:\Users\All Users\{13C5090D-8DAD-437E-B069-232C287DA432}
2012-01-14 17:32 - 2012-01-14 17:32 - 0000000 __HDC C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}
2012-01-11 00:12 - 2011-07-19 04:54 - 0000349 ____A C:\Users\Public\Documents\PCLECHAL.INI
2012-01-11 00:12 - 2011-07-19 04:54 - 0000349 ____A C:\Users\All Users\Documents\PCLECHAL.INI
2012-01-06 20:26 - 2010-11-04 07:08 - 0000000 ____D C:\Users\DELL\Application Data\Skype
2012-01-06 20:26 - 2010-11-04 07:08 - 0000000 ____D C:\Users\DELL\AppData\Roaming\Skype
2012-01-06 20:06 - 2010-10-14 03:53 - 0000000 ____D C:\Users\DELL\AppData\LocalLow
2012-01-06 19:51 - 2011-03-24 23:37 - 0000000 ____D C:\Users\DELL\Application Data\skypePM
2012-01-06 19:51 - 2011-03-24 23:37 - 0000000 ____D C:\Users\DELL\AppData\Roaming\skypePM

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3956.52 MB
Available physical RAM: 3371.02 MB
Total Pagefile: 3954.67 MB
Available Pagefile: 3358.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:225.51 GB) (Free:114.79 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (New Volume) (Fixed) (Total:225.5 GB) (Free:100.97 GB) NTFS
5 Drive g: () (Removable) (Total:0.24 GB) (Free:0.23 GB) FAT32
6 Drive h: () (Removable) (Total:7.45 GB) (Free:1.01 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 241 MB 0 B
Disk 2 Online 7640 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 225 GB 14 GB
Partition 0 Extended 225 GB 240 GB
Partition 4 Logical 225 GB 240 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 FAT Partition 100 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 225 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E New Volume NTFS Partition 225 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 241 MB 11 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 241 MB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7636 MB 4096 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 7636 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-30 01:13

======================= End Of Log ==========================

#9 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 04 April 2012 - 12:34 AM

I'm looking over that log file right now, I should have new instructions for you to perform shortly.

#10 kryptonaus

Member

Members
39 posts

Posted 04 April 2012 - 12:46 AM

Thanks ST !

#11 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 04 April 2012 - 12:49 AM

Hi kryptonaus!

Thanks ST !

Not a problem!

On completion of this fix, the issue you were experiencing with your computer going into Start-Up Repair on reboot should be fixed.

Please run the following fix below.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
HKU\DELL\...\Policies\system: [disableregistrytools] 0
SubSystems: [Windows] ==> ZeroAccess
1 abmnwrxl; C:\Windows\System32\Drivers\abmnwrxl.sys [50000 2012-04-02] (Microsoft Corporation)
1 aibhmzzd; C:\Windows\System32\Drivers\aibhmzzd.sys [50000 2012-04-02] (Microsoft Corporation)
1 ccohifqb; C:\Windows\System32\Drivers\ccohifqb.sys [50000 2012-04-03] (Microsoft Corporation)
1 cwpskvjq; C:\Windows\System32\Drivers\cwpskvjq.sys [50000 2012-04-03] (Microsoft Corporation)
1 dosyrptt; C:\Windows\System32\Drivers\dosyrptt.sys [50000 2012-04-02] (Microsoft Corporation)
1 dxobwnrs; C:\Windows\System32\Drivers\dxobwnrs.sys [50000 2012-04-02] (Microsoft Corporation)
1 eicjognu; C:\Windows\System32\Drivers\eicjognu.sys [50000 2012-04-02] (Microsoft Corporation)
1 fbmwuhdo; C:\Windows\System32\Drivers\fbmwuhdo.sys [50000 2012-04-02] (Microsoft Corporation)
1 fdscwqxh; C:\Windows\System32\Drivers\fdscwqxh.sys [50000 2012-04-03] (Microsoft Corporation)
1 gzeitjbe; C:\Windows\System32\Drivers\gzeitjbe.sys [50000 2012-04-03] (Microsoft Corporation)
1 haccagoe; C:\Windows\System32\Drivers\haccagoe.sys [50000 2012-04-02] (Microsoft Corporation)
1 hotciujf; C:\Windows\System32\Drivers\hotciujf.sys [50000 2012-04-03] (Microsoft Corporation)
1 hyefoczi; C:\Windows\System32\Drivers\hyefoczi.sys [50000 2012-04-02] (Microsoft Corporation)
1 iamzfvbz; C:\Windows\System32\Drivers\iamzfvbz.sys [50000 2012-04-02] (Microsoft Corporation)
1 iomahovb; C:\Windows\System32\Drivers\iomahovb.sys [50000 2012-04-02] (Microsoft Corporation)
1 kibsvsca; C:\Windows\System32\Drivers\kibsvsca.sys [50000 2012-04-03] (Microsoft Corporation)
1 lgoljdcl; C:\Windows\System32\Drivers\lgoljdcl.sys [50000 2012-04-02] (Microsoft Corporation)
1 ltsbhhmq; C:\Windows\System32\Drivers\ltsbhhmq.sys [50000 2012-04-02] (Microsoft Corporation)
1 lzvaotup; C:\Windows\System32\Drivers\lzvaotup.sys [50000 2012-04-03] (Microsoft Corporation)
1 mcztkowa; C:\Windows\System32\Drivers\mcztkowa.sys [50000 2012-04-02] (Microsoft Corporation)
1 mlldvwcn; C:\Windows\System32\Drivers\mlldvwcn.sys [50000 2012-04-03] (Microsoft Corporation)
1 mpewtqhe; C:\Windows\System32\Drivers\mpewtqhe.sys [50000 2012-04-02] (Microsoft Corporation)
1 mrldlmrd; C:\Windows\System32\Drivers\mrldlmrd.sys [50000 2012-04-03] (Microsoft Corporation)
1 mxhapcqe; C:\Windows\System32\Drivers\mxhapcqe.sys [50000 2012-04-03] (Microsoft Corporation)
1 naxocvat; C:\Windows\System32\Drivers\naxocvat.sys [50000 2012-04-02] (Microsoft Corporation)
1 nebjxrgz; C:\Windows\System32\Drivers\nebjxrgz.sys [50000 2012-04-02] (Microsoft Corporation)
1 nhbgmcbq; C:\Windows\System32\Drivers\nhbgmcbq.sys [50000 2012-04-02] (Microsoft Corporation)
1 okijtpdv; C:\Windows\System32\Drivers\okijtpdv.sys [50000 2012-04-03] (Microsoft Corporation)
1 ouigwydh; C:\Windows\System32\Drivers\ouigwydh.sys [50000 2012-04-03] (Microsoft Corporation)
1 pvwqefbh; C:\Windows\System32\Drivers\pvwqefbh.sys [50000 2012-04-02] (Microsoft Corporation)
1 pxcdcxnu; C:\Windows\System32\Drivers\pxcdcxnu.sys [50000 2012-04-02] (Microsoft Corporation)
1 stxrlnaz; C:\Windows\System32\Drivers\stxrlnaz.sys [50000 2012-04-03] (Microsoft Corporation)
1 sxmgttpv; C:\Windows\System32\Drivers\sxmgttpv.sys [50000 2012-04-02] (Microsoft Corporation)
1 tcwjqbin; C:\Windows\System32\Drivers\tcwjqbin.sys [50000 2012-04-03] (Microsoft Corporation)
1 ulyfgxxk; C:\Windows\System32\Drivers\ulyfgxxk.sys [50000 2012-04-02] (Microsoft Corporation)
1 vfcxhtnk; C:\Windows\System32\Drivers\vfcxhtnk.sys [50000 2012-04-02] (Microsoft Corporation)
1 wcbqvsgk; C:\Windows\System32\Drivers\wcbqvsgk.sys [50000 2012-04-03] (Microsoft Corporation)
1 wcidgxlq; C:\Windows\System32\Drivers\wcidgxlq.sys [50000 2012-04-03] (Microsoft Corporation)
1 wxurkrxl; C:\Windows\System32\Drivers\wxurkrxl.sys [50000 2012-04-02] (Microsoft Corporation)
1 xavxonog; C:\Windows\System32\Drivers\xavxonog.sys [50000 2012-04-02] (Microsoft Corporation)
1 xawmdunk; C:\Windows\System32\Drivers\xawmdunk.sys [50000 2012-04-02] (Microsoft Corporation)
1 xeqvvqju; C:\Windows\System32\Drivers\xeqvvqju.sys [50000 2012-04-02] (Microsoft Corporation)
1 yfchlisv; C:\Windows\System32\Drivers\yfchlisv.sys [50000 2012-04-03] (Microsoft Corporation)
1 ykmotyro; C:\Windows\System32\Drivers\ykmotyro.sys [50000 2012-04-02] (Microsoft Corporation)
1 zbhtdojh; C:\Windows\System32\Drivers\zbhtdojh.sys [50000 2012-04-03] (Microsoft Corporation)
1 zdfwszss; C:\Windows\System32\Drivers\zdfwszss.sys [50000 2012-04-02] (Microsoft Corporation)
2012-04-03 03:28 - 2012-04-03 03:28 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lzvaotup.sys
2012-04-03 03:22 - 2012-04-03 03:22 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mlldvwcn.sys
2012-04-03 03:12 - 2012-04-03 03:12 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hotciujf.sys
2012-04-03 03:02 - 2012-04-03 03:02 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\okijtpdv.sys
2012-04-03 02:47 - 2012-04-03 02:47 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcwjqbin.sys
2012-04-03 02:37 - 2012-04-03 02:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fdscwqxh.sys
2012-04-03 02:34 - 2012-04-03 02:34 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mxhapcqe.sys
2012-04-03 02:24 - 2012-04-03 02:24 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ouigwydh.sys
2012-04-03 02:13 - 2012-04-03 02:13 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wcidgxlq.sys
2012-04-03 02:01 - 2012-04-03 02:01 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cwpskvjq.sys
2012-04-03 01:48 - 2012-04-03 01:48 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrldlmrd.sys
2012-04-03 01:42 - 2012-04-03 01:42 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wcbqvsgk.sys
2012-04-03 01:25 - 2012-04-03 01:25 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\stxrlnaz.sys
2012-04-03 01:09 - 2012-04-03 01:09 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ccohifqb.sys
2012-04-03 00:54 - 2012-04-03 00:54 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yfchlisv.sys
2012-04-03 00:40 - 2012-04-03 00:40 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zbhtdojh.sys
2012-04-03 00:37 - 2012-04-03 00:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kibsvsca.sys
2012-04-03 00:21 - 2012-04-03 00:21 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\gzeitjbe.sys
2012-04-02 23:56 - 2012-04-02 23:56 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxobwnrs.sys
2012-04-02 23:49 - 2012-04-02 23:49 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zdfwszss.sys
2012-04-02 23:34 - 2012-04-02 23:34 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lgoljdcl.sys
2012-04-02 23:17 - 2012-04-02 23:17 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dosyrptt.sys
2012-04-02 23:01 - 2012-04-02 23:01 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fbmwuhdo.sys
2012-04-02 22:45 - 2012-04-02 22:45 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xawmdunk.sys
2012-04-02 22:29 - 2012-04-02 22:29 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vfcxhtnk.sys
2012-04-02 22:13 - 2012-04-02 22:13 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ltsbhhmq.sys
2012-04-02 21:57 - 2012-04-02 21:57 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\iamzfvbz.sys
2012-04-02 21:41 - 2012-04-02 21:41 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pvwqefbh.sys
2012-04-02 21:25 - 2012-04-02 21:25 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wxurkrxl.sys
2012-04-02 21:09 - 2012-04-02 21:09 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xeqvvqju.sys
2012-04-02 20:53 - 2012-04-02 20:53 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\iomahovb.sys
2012-04-02 20:37 - 2012-04-02 20:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ulyfgxxk.sys
2012-04-02 20:21 - 2012-04-02 20:21 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mpewtqhe.sys
2012-04-02 20:05 - 2012-04-02 20:05 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nebjxrgz.sys
2012-04-02 19:49 - 2012-04-02 19:49 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\haccagoe.sys
2012-04-02 19:33 - 2012-04-02 19:33 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nhbgmcbq.sys
2012-04-02 19:17 - 2012-04-02 19:17 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mcztkowa.sys
2012-04-02 19:01 - 2012-04-02 19:01 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\naxocvat.sys
2012-04-02 18:45 - 2012-04-02 18:45 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ykmotyro.sys
2012-04-02 18:29 - 2012-04-02 18:29 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xavxonog.sys
2012-04-02 18:15 - 2012-04-02 18:15 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pxcdcxnu.sys
2012-04-02 18:04 - 2012-04-02 18:04 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\aibhmzzd.sys
2012-04-02 17:47 - 2012-04-02 17:47 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\eicjognu.sys
2012-04-02 17:41 - 2012-04-02 17:41 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hyefoczi.sys
2012-04-02 17:28 - 2012-04-02 17:28 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\abmnwrxl.sys
2012-04-02 17:16 - 2012-04-02 17:16 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sxmgttpv.sys
2012-03-31 05:33 - 2012-04-02 16:58 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-03 03:28 - 2012-04-03 03:28 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lzvaotup.sys
2012-04-03 03:22 - 2012-04-03 03:22 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mlldvwcn.sys
2012-04-03 03:12 - 2012-04-03 03:12 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hotciujf.sys
2012-04-03 03:02 - 2012-04-03 03:02 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\okijtpdv.sys
2012-04-03 02:47 - 2012-04-03 02:47 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcwjqbin.sys
2012-04-03 02:37 - 2012-04-03 02:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fdscwqxh.sys
2012-04-03 02:34 - 2012-04-03 02:34 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mxhapcqe.sys
2012-04-03 02:24 - 2012-04-03 02:24 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ouigwydh.sys
2012-04-03 02:13 - 2012-04-03 02:13 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wcidgxlq.sys
2012-04-03 02:01 - 2012-04-03 02:01 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cwpskvjq.sys
2012-04-03 01:48 - 2012-04-03 01:48 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrldlmrd.sys
2012-04-03 01:42 - 2012-04-03 01:42 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wcbqvsgk.sys
2012-04-03 01:25 - 2012-04-03 01:25 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\stxrlnaz.sys
2012-04-03 01:09 - 2012-04-03 01:09 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ccohifqb.sys
2012-04-03 00:54 - 2012-04-03 00:54 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yfchlisv.sys
2012-04-03 00:40 - 2012-04-03 00:40 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zbhtdojh.sys
2012-04-03 00:37 - 2012-04-03 00:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kibsvsca.sys
2012-04-03 00:21 - 2012-04-03 00:21 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\gzeitjbe.sys
2012-04-02 23:56 - 2012-04-02 23:56 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxobwnrs.sys
2012-04-02 23:49 - 2012-04-02 23:49 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zdfwszss.sys
2012-04-02 23:34 - 2012-04-02 23:34 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lgoljdcl.sys
2012-04-02 23:17 - 2012-04-02 23:17 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dosyrptt.sys
2012-04-02 23:01 - 2012-04-02 23:01 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fbmwuhdo.sys
2012-04-02 22:45 - 2012-04-02 22:45 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xawmdunk.sys
2012-04-02 22:29 - 2012-04-02 22:29 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vfcxhtnk.sys
2012-04-02 22:13 - 2012-04-02 22:13 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ltsbhhmq.sys
2012-04-02 21:57 - 2012-04-02 21:57 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\iamzfvbz.sys
2012-04-02 21:41 - 2012-04-02 21:41 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pvwqefbh.sys
2012-04-02 21:25 - 2012-04-02 21:25 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wxurkrxl.sys
2012-04-02 21:09 - 2012-04-02 21:09 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xeqvvqju.sys
2012-04-02 20:53 - 2012-04-02 20:53 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\iomahovb.sys
2012-04-02 20:37 - 2012-04-02 20:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ulyfgxxk.sys
2012-04-02 20:21 - 2012-04-02 20:21 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mpewtqhe.sys
2012-04-02 20:05 - 2012-04-02 20:05 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nebjxrgz.sys
2012-04-02 19:49 - 2012-04-02 19:49 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\haccagoe.sys
2012-04-02 19:33 - 2012-04-02 19:33 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nhbgmcbq.sys
2012-04-02 19:17 - 2012-04-02 19:17 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mcztkowa.sys
2012-04-02 19:01 - 2012-04-02 19:01 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\naxocvat.sys
2012-04-02 18:45 - 2012-04-02 18:45 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ykmotyro.sys
2012-04-02 18:29 - 2012-04-02 18:29 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xavxonog.sys
2012-04-02 18:15 - 2012-04-02 18:15 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pxcdcxnu.sys
2012-04-02 18:04 - 2012-04-02 18:04 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\aibhmzzd.sys
2012-04-02 17:47 - 2012-04-02 17:47 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\eicjognu.sys
2012-04-02 17:41 - 2012-04-02 17:41 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hyefoczi.sys
2012-04-02 17:28 - 2012-04-02 17:28 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\abmnwrxl.sys
2012-04-02 17:16 - 2012-04-02 17:16 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sxmgttpv.sys
2012-04-02 16:58 - 2012-03-31 05:33 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

NEXT:

Re-Running OTL

We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"

In the

box Cope & Paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
wininit.exe
tdx.sys
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. Fixlog.txt log.
3. OTL.txt & Extras.txt log files.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

#12 kryptonaus

Member

Members
39 posts

Posted 04 April 2012 - 12:53 AM

ok, doing this now, will report back soon.

#13 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 04 April 2012 - 12:58 AM

#14 kryptonaus

Member

Members
39 posts

Posted 04 April 2012 - 01:04 AM

ST, I restarted my system and this time it booted normally and did not enter system recovery mode. I rebooted again to make sure it was not a fluke and it once again booted normally. Do I still need to follow the above ?

Thanks