BleepingComputer.com: Google redirect and randomly opening Internet Explorer (I dont even HAVE internet explorer!)

Google has been redirecting, google images will only load a certain number of images and internet explorer opens randomly, when I do not even have it installed or use it. Also, phantom music/ads/speaking play when no programs or windows are open. I have run rkill, MalwareBytes and TDSS killer with no infected files being found. And that's where the extent of my knowledge runs out! You guys have helped me fix everything else, but now I finally need to post as I cannot finx this one based on other advice.
Much appreciated,
Cheers.

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom

OK, thanks! Here are the logs associated,
Cheers

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by southpaw at 9:50:42 on 2011-10-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3886.1439 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Dwm.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\System Control Manager\MSIService.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Users\southpaw\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\explorer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bw.startnow.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=339&product_id=679&affiliate_id=&channel=&toolbar_id=-1&toolbar_version=&install_country=CA&install_date=20111006&user_guid=FD01433579AA43CF9343A648A3E2924D&machine_id=21a2570a6daadae3cddd32dad71e08e4&browser=IE&os=win&os_version=6.1-x64-SP0
uDefault_Page_URL = hxxp://msi.msn.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Bell Canada Connection Manager] "C:\Program Files (x86)\Bell\Mobile Connect\BellCanadaCM.exe" -a
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\southpaw\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\southpaw\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\southpaw\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5561560C-9D6B-48DE-B86F-83D1A23A9BAE} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5561560C-9D6B-48DE-B86F-83D1A23A9BAE}\37F65747860716772E08993702960586F6E656 : DhcpNameServer = 209.91.107.11 209.121.225.11
TCP: Interfaces\{5561560C-9D6B-48DE-B86F-83D1A23A9BAE}\44343423 : DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120
TCP: Interfaces\{5561560C-9D6B-48DE-B86F-83D1A23A9BAE}\C696E6B6379737 : DhcpNameServer = 69.31.192.12 69.31.192.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Bell Canada Connection Manager] "C:\Program Files (x86)\Bell\Mobile Connect\BellCanadaCM.exe" -a
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {2670000A-7350-4f3c-8081-5663EE0C6C49}
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\southpaw\AppData\Roaming\Mozilla\Firefox\Profiles\xe444w9s.default\
FF - prefs.js: browser.search.selectedEngine - google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://bw.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=339&product_id=679&affiliate_id=&channel=&toolbar_id=-1&toolbar_version=&install_country=CA&install_date=20111006&user_guid=FD01433579AA43CF9343A648A3E2924D&machine_id=21a2570a6daadae3cddd32dad71e08e4&browser=FF&os=win&os_version=6.1-x64-SP0&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-11 13336]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\System Control Manager\MSIService.exe [2010-5-19 160768]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-11-20 82944]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-19 2320920]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-22 366152]
S3 CASMSI;SMSI Con App Svc;C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [2010-5-23 124184]
S3 EUCR;EUCR;C:\windows\system32\DRIVERS\EUCR6SK.SYS --> C:\windows\system32\DRIVERS\EUCR6SK.SYS [?]
S3 NWRmNet;Novatel Wireless RmNet Network Adapter;C:\windows\system32\DRIVERS\NWRmNet.sys --> C:\windows\system32\DRIVERS\NWRmNet.sys [?]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\windows\system32\DRIVERS\nwusbser2.sys --> C:\windows\system32\DRIVERS\nwusbser2.sys [?]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\windows\system32\PCTINDIS5X64.SYS --> C:\windows\system32\PCTINDIS5X64.SYS [?]
S3 ProfileImpSvc;Native WiFi Profile Importer;C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [2010-5-23 169240]
S3 SMSIRcAppSvc;SMSI Rc App Svc;C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe [2010-5-23 120088]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-28 23:35:55 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F06EF17-4972-4373-A50B-16AC917BAF12}\offreg.dll
2011-10-28 23:35:51 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F06EF17-4972-4373-A50B-16AC917BAF12}\mpengine.dll
2011-10-28 20:29:59 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2011-10-25 19:29:19 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-25 19:29:19 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-24 20:29:02 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2011-10-22 20:19:49 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-22 06:58:45 -------- d-----w- C:\Users\southpaw\AppData\Local\Secunia PSI
2011-10-22 06:58:09 -------- d-----w- C:\Program Files (x86)\Secunia
2011-10-21 23:00:45 -------- d-----w- C:\Users\southpaw\AppData\Roaming\Malwarebytes
2011-10-21 23:00:36 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-21 23:00:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-21 21:59:53 -------- d-----w- C:\Program Files\iPod
2011-10-21 21:59:52 -------- d-----w- C:\Program Files\iTunes
2011-10-21 21:59:52 -------- d-----w- C:\Program Files (x86)\iTunes
2011-10-21 21:58:04 -------- d-----w- C:\Program Files\Bonjour
2011-10-21 21:58:04 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-10-14 00:03:51 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax
2011-10-08 14:51:46 -------- d-----w- C:\Users\southpaw\AppData\Local\Microsoft Games
2011-10-06 03:25:11 -------- d-----w- C:\Users\southpaw\AppData\Local\Batchwork
2011-10-06 01:43:15 -------- d-----w- C:\Program Files (x86)\MSECache
.
==================== Find3M ====================
.
2011-10-28 14:55:05 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 11:06:03 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-10-01 03:21:20 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-09-06 03:07:02 3134976 ----a-w- C:\windows\System32\win32k.sys
2011-08-31 05:05:32 96104 ----a-w- C:\windows\System32\dns-sd.exe
2011-08-31 05:05:32 85864 ----a-w- C:\windows\System32\dnssd.dll
2011-08-31 05:05:32 61288 ----a-w- C:\windows\System32\jdns_sd.dll
2011-08-31 05:05:32 212840 ----a-w- C:\windows\System32\dnssdX.dll
2011-08-31 05:05:04 83816 ----a-w- C:\windows\SysWow64\dns-sd.exe
2011-08-31 05:05:04 73064 ----a-w- C:\windows\SysWow64\dnssd.dll
2011-08-31 05:05:04 50536 ----a-w- C:\windows\SysWow64\jdns_sd.dll
2011-08-31 05:05:04 178536 ----a-w- C:\windows\SysWow64\dnssdX.dll
2011-08-27 05:40:28 861184 ----a-w- C:\windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 72704 ----a-w- C:\windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\windows\SysWow64\MSNP.ax
.
============= FINISH: 9:59:31.93 ===============

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

• Do not run any other tool untill instructed to do so!
  
• please Do not Attach logs or put in code boxes.
  
• Tell me about any problems that have occurred during the fix.
  
• Tell me of any other symptoms you may be having as these can help also.
  
• Do not run anything while running a fix.
  
• Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following


• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Combofix does not produce a report, it just closes when it is finished running...what am I doing wrong?

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
  
• Wait 30 seconds, and then turn the computer on.
  
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  
• Ensure that the Safe Mode option is selected.
  
• Press Enter. The computer then begins to start in Safe mode.
  
• Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

Still nothing. I even re-installed combofix and it still closes immediately after scanning, even in safe mode. Am I doing something incorrectly?

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

17:27:58.0839 3752 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
17:27:59.0169 3752 ============================================================
17:27:59.0169 3752 Current date / time: 2011/10/30 17:27:59.0169
17:27:59.0169 3752 SystemInfo:
17:27:59.0169 3752
17:27:59.0169 3752 OS Version: 6.1.7600 ServicePack: 0.0
17:27:59.0169 3752 Product type: Workstation
17:27:59.0169 3752 ComputerName: SOUTHPAW-MSI
17:27:59.0169 3752 UserName: southpaw
17:27:59.0169 3752 Windows directory: C:\windows
17:27:59.0169 3752 System windows directory: C:\windows
17:27:59.0169 3752 Running under WOW64
17:27:59.0169 3752 Processor architecture: Intel x64
17:27:59.0169 3752 Number of processors: 4
17:27:59.0169 3752 Page size: 0x1000
17:27:59.0169 3752 Boot type: Normal boot
17:27:59.0169 3752 ============================================================
17:27:59.0539 3752 Initialize success
17:28:01.0411 4736 ============================================================
17:28:01.0411 4736 Scan started
17:28:01.0411 4736 Mode: Manual;
17:28:01.0411 4736 ============================================================
17:28:02.0781 4736 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
17:28:02.0791 4736 1394ohci - ok
17:28:02.0921 4736 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
17:28:02.0921 4736 ACPI - ok
17:28:03.0031 4736 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
17:28:03.0031 4736 AcpiPmi - ok
17:28:03.0151 4736 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
17:28:03.0161 4736 adp94xx - ok
17:28:03.0251 4736 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
17:28:03.0261 4736 adpahci - ok
17:28:03.0371 4736 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
17:28:03.0371 4736 adpu320 - ok
17:28:03.0651 4736 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
17:28:03.0661 4736 AFD - ok
17:28:03.0761 4736 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
17:28:03.0761 4736 agp440 - ok
17:28:03.0891 4736 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
17:28:03.0891 4736 aliide - ok
17:28:03.0981 4736 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
17:28:03.0981 4736 amdide - ok
17:28:04.0081 4736 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
17:28:04.0091 4736 AmdK8 - ok
17:28:04.0171 4736 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
17:28:04.0181 4736 AmdPPM - ok
17:28:04.0281 4736 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
17:28:04.0281 4736 amdsata - ok
17:28:04.0401 4736 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
17:28:04.0401 4736 amdsbs - ok
17:28:04.0521 4736 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
17:28:04.0521 4736 amdxata - ok
17:28:04.0621 4736 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
17:28:04.0621 4736 AppID - ok
17:28:04.0751 4736 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
17:28:04.0761 4736 arc - ok
17:28:04.0861 4736 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
17:28:04.0861 4736 arcsas - ok
17:28:04.0961 4736 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
17:28:04.0961 4736 ArcSoftKsUFilter - ok
17:28:05.0051 4736 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
17:28:05.0051 4736 AsyncMac - ok
17:28:05.0141 4736 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
17:28:05.0141 4736 atapi - ok
17:28:05.0291 4736 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\windows\system32\DRIVERS\athrx.sys
17:28:05.0331 4736 athr - ok
17:28:05.0481 4736 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
17:28:05.0491 4736 b06bdrv - ok
17:28:05.0591 4736 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
17:28:05.0591 4736 b57nd60a - ok
17:28:05.0701 4736 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
17:28:05.0701 4736 Beep - ok
17:28:05.0831 4736 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
17:28:05.0831 4736 blbdrive - ok
17:28:05.0951 4736 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
17:28:05.0951 4736 bowser - ok
17:28:06.0051 4736 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
17:28:06.0051 4736 BrFiltLo - ok
17:28:06.0161 4736 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
17:28:06.0161 4736 BrFiltUp - ok
17:28:06.0271 4736 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
17:28:06.0281 4736 Brserid - ok
17:28:06.0381 4736 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
17:28:06.0381 4736 BrSerWdm - ok
17:28:06.0481 4736 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
17:28:06.0481 4736 BrUsbMdm - ok
17:28:06.0591 4736 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
17:28:06.0591 4736 BrUsbSer - ok
17:28:06.0691 4736 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
17:28:06.0691 4736 BTHMODEM - ok
17:28:06.0831 4736 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
17:28:06.0831 4736 cdfs - ok
17:28:06.0931 4736 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
17:28:06.0931 4736 cdrom - ok
17:28:07.0051 4736 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
17:28:07.0051 4736 circlass - ok
17:28:07.0151 4736 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
17:28:07.0161 4736 CLFS - ok
17:28:07.0281 4736 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
17:28:07.0281 4736 CmBatt - ok
17:28:07.0371 4736 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
17:28:07.0371 4736 cmdide - ok
17:28:07.0471 4736 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
17:28:07.0481 4736 CNG - ok
17:28:07.0581 4736 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
17:28:07.0581 4736 Compbatt - ok
17:28:07.0692 4736 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
17:28:07.0692 4736 CompositeBus - ok
17:28:07.0792 4736 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
17:28:07.0792 4736 crcdisk - ok
17:28:07.0922 4736 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
17:28:07.0922 4736 DfsC - ok
17:28:08.0042 4736 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
17:28:08.0042 4736 discache - ok
17:28:08.0152 4736 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
17:28:08.0152 4736 Disk - ok
17:28:08.0272 4736 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
17:28:08.0272 4736 drmkaud - ok
17:28:08.0382 4736 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
17:28:08.0392 4736 DXGKrnl - ok
17:28:08.0532 4736 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
17:28:08.0632 4736 ebdrv - ok
17:28:08.0762 4736 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
17:28:08.0772 4736 elxstor - ok
17:28:08.0862 4736 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
17:28:08.0862 4736 ErrDev - ok
17:28:08.0972 4736 EUCR (89d11159b361dd1eac5dd4e9895c04a4) C:\windows\system32\DRIVERS\EUCR6SK.SYS
17:28:08.0982 4736 EUCR - ok
17:28:09.0082 4736 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
17:28:09.0082 4736 exfat - ok
17:28:09.0182 4736 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
17:28:09.0182 4736 fastfat - ok
17:28:09.0292 4736 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
17:28:09.0302 4736 fdc - ok
17:28:09.0402 4736 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
17:28:09.0402 4736 FileInfo - ok
17:28:09.0502 4736 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
17:28:09.0502 4736 Filetrace - ok
17:28:09.0612 4736 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
17:28:09.0612 4736 flpydisk - ok
17:28:09.0712 4736 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
17:28:09.0722 4736 FltMgr - ok
17:28:09.0812 4736 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
17:28:09.0812 4736 FsDepends - ok
17:28:09.0902 4736 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
17:28:09.0902 4736 Fs_Rec - ok
17:28:10.0032 4736 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
17:28:10.0032 4736 fvevol - ok
17:28:10.0142 4736 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
17:28:10.0142 4736 gagp30kx - ok
17:28:10.0242 4736 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:28:10.0242 4736 GEARAspiWDM - ok
17:28:10.0332 4736 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
17:28:10.0332 4736 hcw85cir - ok
17:28:10.0442 4736 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
17:28:10.0442 4736 HdAudAddService - ok
17:28:10.0542 4736 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
17:28:10.0542 4736 HDAudBus - ok
17:28:10.0642 4736 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
17:28:10.0642 4736 HECIx64 - ok
17:28:10.0742 4736 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
17:28:10.0742 4736 HidBatt - ok
17:28:10.0832 4736 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
17:28:10.0832 4736 HidBth - ok
17:28:10.0932 4736 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
17:28:10.0932 4736 HidIr - ok
17:28:11.0032 4736 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
17:28:11.0032 4736 HidUsb - ok
17:28:11.0152 4736 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
17:28:11.0152 4736 HpSAMD - ok
17:28:11.0272 4736 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
17:28:11.0282 4736 HTTP - ok
17:28:11.0372 4736 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
17:28:11.0372 4736 hwpolicy - ok
17:28:11.0652 4736 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
17:28:11.0652 4736 i8042prt - ok
17:28:11.0782 4736 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\windows\system32\DRIVERS\iaStor.sys
17:28:11.0792 4736 iaStor - ok
17:28:11.0912 4736 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
17:28:11.0912 4736 iaStorV - ok
17:28:12.0252 4736 igfx (677aa5991026a65ada128c4b59cf2bad) C:\windows\system32\DRIVERS\igdkmd64.sys
17:28:12.0472 4736 igfx - ok
17:28:12.0582 4736 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
17:28:12.0582 4736 iirsp - ok
17:28:12.0703 4736 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
17:28:12.0703 4736 Impcd - ok
17:28:12.0863 4736 IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\windows\system32\drivers\RTKVHD64.sys
17:28:12.0883 4736 IntcAzAudAddService - ok
17:28:13.0013 4736 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
17:28:13.0023 4736 IntcDAud - ok
17:28:13.0123 4736 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
17:28:13.0123 4736 intelide - ok
17:28:13.0213 4736 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
17:28:13.0213 4736 intelppm - ok
17:28:13.0263 4736 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
17:28:13.0263 4736 IpFilterDriver - ok
17:28:13.0363 4736 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
17:28:13.0373 4736 IPMIDRV - ok
17:28:13.0473 4736 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
17:28:13.0473 4736 IPNAT - ok
17:28:13.0583 4736 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
17:28:13.0583 4736 IRENUM - ok
17:28:13.0673 4736 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
17:28:13.0683 4736 isapnp - ok
17:28:13.0773 4736 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
17:28:13.0773 4736 iScsiPrt - ok
17:28:13.0883 4736 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
17:28:13.0883 4736 kbdclass - ok
17:28:13.0973 4736 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
17:28:13.0973 4736 kbdhid - ok
17:28:14.0083 4736 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
17:28:14.0083 4736 KSecDD - ok
17:28:14.0183 4736 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
17:28:14.0183 4736 KSecPkg - ok
17:28:14.0283 4736 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
17:28:14.0283 4736 ksthunk - ok
17:28:14.0413 4736 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
17:28:14.0423 4736 lltdio - ok
17:28:14.0573 4736 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
17:28:14.0583 4736 LSI_FC - ok
17:28:14.0683 4736 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
17:28:14.0693 4736 LSI_SAS - ok
17:28:14.0793 4736 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
17:28:14.0803 4736 LSI_SAS2 - ok
17:28:14.0923 4736 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
17:28:14.0923 4736 LSI_SCSI - ok
17:28:15.0023 4736 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
17:28:15.0023 4736 luafv - ok
17:28:15.0213 4736 MBAMProtector - ok
17:28:15.0343 4736 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
17:28:15.0343 4736 megasas - ok
17:28:15.0443 4736 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
17:28:15.0443 4736 MegaSR - ok
17:28:15.0483 4736 MGHwCtrl - ok
17:28:15.0593 4736 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
17:28:15.0593 4736 Modem - ok
17:28:15.0683 4736 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
17:28:15.0683 4736 monitor - ok
17:28:15.0783 4736 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
17:28:15.0783 4736 mouclass - ok
17:28:15.0903 4736 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
17:28:15.0913 4736 mouhid - ok
17:28:16.0013 4736 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
17:28:16.0023 4736 mountmgr - ok
17:28:16.0113 4736 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
17:28:16.0113 4736 mpio - ok
17:28:16.0203 4736 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
17:28:16.0203 4736 mpsdrv - ok
17:28:16.0293 4736 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
17:28:16.0303 4736 MRxDAV - ok
17:28:16.0403 4736 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
17:28:16.0413 4736 mrxsmb - ok
17:28:16.0593 4736 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
17:28:16.0603 4736 mrxsmb10 - ok
17:28:16.0914 4736 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
17:28:16.0924 4736 mrxsmb20 - ok
17:28:17.0244 4736 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
17:28:17.0244 4736 msahci - ok
17:28:17.0834 4736 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
17:28:17.0834 4736 msdsm - ok
17:28:18.0154 4736 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
17:28:18.0154 4736 Msfs - ok
17:28:18.0504 4736 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
17:28:18.0514 4736 mshidkmdf - ok
17:28:18.0854 4736 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
17:28:18.0864 4736 msisadrv - ok
17:28:19.0244 4736 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
17:28:19.0244 4736 MSKSSRV - ok
17:28:19.0644 4736 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
17:28:19.0644 4736 MSPCLOCK - ok
17:28:20.0284 4736 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
17:28:20.0284 4736 MSPQM - ok
17:28:20.0674 4736 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
17:28:20.0674 4736 MsRPC - ok
17:28:21.0014 4736 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
17:28:21.0014 4736 mssmbios - ok
17:28:21.0374 4736 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
17:28:21.0384 4736 MSTEE - ok
17:28:21.0825 4736 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
17:28:21.0825 4736 MTConfig - ok
17:28:22.0165 4736 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
17:28:22.0165 4736 Mup - ok
17:28:22.0575 4736 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
17:28:22.0585 4736 NativeWifiP - ok
17:28:23.0215 4736 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
17:28:23.0245 4736 NDIS - ok
17:28:23.0765 4736 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
17:28:23.0765 4736 NdisCap - ok
17:28:24.0135 4736 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
17:28:24.0135 4736 NdisTapi - ok
17:28:24.0265 4736 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
17:28:24.0265 4736 Ndisuio - ok
17:28:24.0605 4736 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
17:28:24.0605 4736 NdisWan - ok
17:28:24.0705 4736 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
17:28:24.0705 4736 NDProxy - ok
17:28:24.0815 4736 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
17:28:24.0825 4736 NetBIOS - ok
17:28:24.0905 4736 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
17:28:24.0915 4736 NetBT - ok
17:28:25.0035 4736 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
17:28:25.0035 4736 nfrd960 - ok
17:28:25.0175 4736 NPF (3ceee0be85d24d911b9c02714817774c) C:\windows\system32\drivers\npf.sys
17:28:25.0175 4736 NPF - ok
17:28:25.0265 4736 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
17:28:25.0275 4736 Npfs - ok
17:28:25.0365 4736 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
17:28:25.0365 4736 nsiproxy - ok
17:28:25.0535 4736 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
17:28:25.0585 4736 Ntfs - ok
17:28:25.0686 4736 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
17:28:25.0686 4736 Null - ok
17:28:25.0806 4736 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
17:28:25.0806 4736 nvraid - ok
17:28:25.0916 4736 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
17:28:25.0926 4736 nvstor - ok
17:28:26.0036 4736 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
17:28:26.0036 4736 nv_agp - ok
17:28:26.0376 4736 NWADI (17bcf5df3c54dcf2af2e164eb84a0169) C:\windows\system32\DRIVERS\NWADIenum.sys
17:28:26.0376 4736 NWADI - ok
17:28:26.0476 4736 NWRmNet (2cfeda5416c7c7a6123cd6cb4a7b1bc2) C:\windows\system32\DRIVERS\NWRmNet.sys
17:28:26.0476 4736 NWRmNet - ok
17:28:26.0576 4736 NWUSBModem (a3fadcf96abf4803e7a946cd48641ac3) C:\windows\system32\DRIVERS\nwusbmdm.sys
17:28:26.0576 4736 NWUSBModem - ok
17:28:26.0686 4736 NWUSBPort (a3fadcf96abf4803e7a946cd48641ac3) C:\windows\system32\DRIVERS\nwusbser.sys
17:28:26.0696 4736 NWUSBPort - ok
17:28:26.0866 4736 NWUSBPort2 (a3fadcf96abf4803e7a946cd48641ac3) C:\windows\system32\DRIVERS\nwusbser2.sys
17:28:26.0876 4736 NWUSBPort2 - ok
17:28:26.0956 4736 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
17:28:26.0966 4736 ohci1394 - ok
17:28:27.0106 4736 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
17:28:27.0106 4736 Parport - ok
17:28:27.0206 4736 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
17:28:27.0216 4736 partmgr - ok
17:28:27.0306 4736 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
17:28:27.0316 4736 pci - ok
17:28:27.0406 4736 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
17:28:27.0406 4736 pciide - ok
17:28:27.0496 4736 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
17:28:27.0506 4736 pcmcia - ok
17:28:27.0586 4736 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\windows\system32\PCTINDIS5X64.SYS
17:28:27.0586 4736 PCTINDIS5X64 - ok
17:28:27.0676 4736 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
17:28:27.0676 4736 pcw - ok
17:28:27.0806 4736 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
17:28:27.0816 4736 PEAUTH - ok
17:28:27.0976 4736 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
17:28:27.0976 4736 PptpMiniport - ok
17:28:28.0086 4736 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
17:28:28.0086 4736 Processor - ok
17:28:28.0216 4736 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
17:28:28.0216 4736 Psched - ok
17:28:28.0366 4736 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\windows\system32\DRIVERS\psi_mf.sys
17:28:28.0366 4736 PSI - ok
17:28:28.0506 4736 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
17:28:28.0536 4736 ql2300 - ok
17:28:28.0636 4736 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
17:28:28.0646 4736 ql40xx - ok
17:28:28.0726 4736 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
17:28:28.0726 4736 QWAVEdrv - ok
17:28:28.0786 4736 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
17:28:28.0786 4736 RasAcd - ok
17:28:28.0886 4736 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
17:28:28.0886 4736 RasAgileVpn - ok
17:28:29.0006 4736 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
17:28:29.0006 4736 Rasl2tp - ok
17:28:29.0136 4736 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
17:28:29.0146 4736 RasPppoe - ok
17:28:29.0246 4736 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
17:28:29.0256 4736 RasSstp - ok
17:28:29.0366 4736 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
17:28:29.0366 4736 rdbss - ok
17:28:29.0476 4736 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
17:28:29.0476 4736 rdpbus - ok
17:28:29.0586 4736 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
17:28:29.0586 4736 RDPCDD - ok
17:28:29.0696 4736 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
17:28:29.0696 4736 RDPENCDD - ok
17:28:29.0816 4736 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
17:28:29.0816 4736 RDPREFMP - ok
17:28:29.0926 4736 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
17:28:29.0926 4736 RDPWD - ok
17:28:30.0036 4736 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
17:28:30.0046 4736 rdyboost - ok
17:28:30.0156 4736 RimUsb - ok
17:28:30.0276 4736 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
17:28:30.0276 4736 RimVSerPort - ok
17:28:30.0386 4736 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
17:28:30.0386 4736 ROOTMODEM - ok
17:28:30.0526 4736 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
17:28:30.0526 4736 rspndr - ok
17:28:30.0626 4736 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\windows\system32\DRIVERS\Rt64win7.sys
17:28:30.0626 4736 RTL8167 - ok
17:28:30.0736 4736 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
17:28:30.0736 4736 sbp2port - ok
17:28:30.0826 4736 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
17:28:30.0826 4736 scfilter - ok
17:28:30.0946 4736 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
17:28:30.0946 4736 sdbus - ok
17:28:31.0076 4736 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
17:28:31.0076 4736 secdrv - ok
17:28:31.0226 4736 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
17:28:31.0226 4736 Serenum - ok
17:28:31.0326 4736 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
17:28:31.0326 4736 Serial - ok
17:28:31.0436 4736 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
17:28:31.0436 4736 sermouse - ok
17:28:31.0536 4736 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
17:28:31.0546 4736 sffdisk - ok
17:28:31.0646 4736 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
17:28:31.0646 4736 sffp_mmc - ok
17:28:31.0726 4736 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
17:28:31.0736 4736 sffp_sd - ok
17:28:31.0836 4736 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
17:28:31.0836 4736 sfloppy - ok
17:28:31.0966 4736 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
17:28:31.0966 4736 SiSRaid2 - ok
17:28:32.0066 4736 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
17:28:32.0066 4736 SiSRaid4 - ok
17:28:32.0186 4736 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
17:28:32.0186 4736 Smb - ok
17:28:32.0316 4736 smserial (7ae8bca90539ecbde87ac45ba1436be3) C:\windows\system32\DRIVERS\SmSerl64.sys
17:28:32.0346 4736 smserial - ok
17:28:32.0476 4736 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
17:28:32.0476 4736 spldr - ok
17:28:32.0586 4736 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
17:28:32.0596 4736 srv - ok
17:28:32.0737 4736 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
17:28:32.0737 4736 srv2 - ok
17:28:32.0847 4736 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
17:28:32.0847 4736 srvnet - ok
17:28:32.0987 4736 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
17:28:32.0987 4736 stexstor - ok
17:28:33.0087 4736 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
17:28:33.0087 4736 StillCam - ok
17:28:33.0197 4736 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
17:28:33.0197 4736 swenum - ok
17:28:33.0317 4736 swmsflt (d294db3e6b227ba511a454df4b9a5856) C:\windows\System32\drivers\swmsflt.sys
17:28:33.0317 4736 swmsflt - ok
17:28:33.0437 4736 SWMX00 (46394d236ec92f79f5cc6c4319143b25) C:\windows\system32\DRIVERS\swmx00.sys
17:28:33.0437 4736 SWMX00 - ok
17:28:33.0547 4736 SWNC5E00 (b6aa5a7c8bfee6a5ba9a6c485bb4ce72) C:\windows\system32\DRIVERS\SWNC5E00.sys
17:28:33.0557 4736 SWNC5E00 - ok
17:28:33.0627 4736 SWUMX20 - ok
17:28:33.0887 4736 SynTP (e5d73228176c9f69072d1f91ced83484) C:\windows\system32\DRIVERS\SynTP.sys
17:28:33.0887 4736 SynTP - ok
17:28:34.0047 4736 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys
17:28:34.0087 4736 Tcpip - ok
17:28:34.0257 4736 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys
17:28:34.0267 4736 TCPIP6 - ok
17:28:34.0347 4736 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
17:28:34.0347 4736 tcpipreg - ok
17:28:34.0437 4736 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
17:28:34.0437 4736 TDPIPE - ok
17:28:34.0477 4736 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
17:28:34.0477 4736 TDTCP - ok
17:28:34.0557 4736 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
17:28:34.0557 4736 tdx - ok
17:28:34.0667 4736 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
17:28:34.0667 4736 TermDD - ok
17:28:34.0777 4736 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
17:28:34.0777 4736 tssecsrv - ok
17:28:34.0887 4736 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
17:28:34.0887 4736 tunnel - ok
17:28:34.0977 4736 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
17:28:34.0977 4736 uagp35 - ok
17:28:35.0077 4736 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
17:28:35.0077 4736 udfs - ok
17:28:35.0207 4736 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
17:28:35.0207 4736 uliagpkx - ok
17:28:35.0327 4736 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
17:28:35.0327 4736 umbus - ok
17:28:35.0407 4736 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
17:28:35.0407 4736 UmPass - ok
17:28:35.0517 4736 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
17:28:35.0527 4736 USBAAPL64 - ok
17:28:35.0607 4736 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
17:28:35.0607 4736 usbaudio - ok
17:28:35.0708 4736 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
17:28:35.0718 4736 usbccgp - ok
17:28:35.0818 4736 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
17:28:35.0818 4736 usbcir - ok
17:28:35.0908 4736 usbehci (92969ba5ac44e229c55a332864f79677) C:\windows\system32\drivers\usbehci.sys
17:28:35.0908 4736 usbehci - ok
17:28:35.0968 4736 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
17:28:35.0978 4736 usbhub - ok
17:28:36.0058 4736 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\drivers\usbohci.sys
17:28:36.0058 4736 usbohci - ok
17:28:36.0178 4736 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
17:28:36.0178 4736 usbprint - ok
17:28:36.0278 4736 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
17:28:36.0278 4736 usbscan - ok
17:28:36.0378 4736 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
17:28:36.0378 4736 USBSTOR - ok
17:28:36.0458 4736 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\drivers\usbuhci.sys
17:28:36.0468 4736 usbuhci - ok
17:28:36.0568 4736 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
17:28:36.0578 4736 vdrvroot - ok
17:28:36.0688 4736 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
17:28:36.0698 4736 vga - ok
17:28:36.0788 4736 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
17:28:36.0788 4736 VgaSave - ok
17:28:36.0868 4736 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
17:28:36.0878 4736 vhdmp - ok
17:28:36.0988 4736 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
17:28:36.0988 4736 viaide - ok
17:28:37.0078 4736 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
17:28:37.0078 4736 volmgr - ok
17:28:37.0178 4736 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
17:28:37.0188 4736 volmgrx - ok
17:28:37.0298 4736 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
17:28:37.0298 4736 volsnap - ok
17:28:37.0398 4736 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
17:28:37.0408 4736 vsmraid - ok
17:28:37.0508 4736 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
17:28:37.0508 4736 vwifibus - ok
17:28:37.0608 4736 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
17:28:37.0608 4736 vwififlt - ok
17:28:37.0718 4736 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
17:28:37.0728 4736 vwifimp - ok
17:28:37.0828 4736 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
17:28:37.0828 4736 WacomPen - ok
17:28:37.0948 4736 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
17:28:37.0948 4736 WANARP - ok
17:28:37.0968 4736 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
17:28:37.0968 4736 Wanarpv6 - ok
17:28:38.0078 4736 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
17:28:38.0078 4736 Wd - ok
17:28:38.0198 4736 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
17:28:38.0208 4736 Wdf01000 - ok
17:28:38.0338 4736 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
17:28:38.0338 4736 WfpLwf - ok
17:28:38.0438 4736 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
17:28:38.0438 4736 WIMMount - ok
17:28:38.0568 4736 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
17:28:38.0568 4736 WinUsb - ok
17:28:38.0688 4736 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
17:28:38.0688 4736 WmiAcpi - ok
17:28:38.0808 4736 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
17:28:38.0808 4736 ws2ifsl - ok
17:28:38.0938 4736 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
17:28:38.0938 4736 WudfPf - ok
17:28:39.0048 4736 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
17:28:39.0058 4736 WUDFRd - ok
17:28:39.0108 4736 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:28:39.0128 4736 \Device\Harddisk0\DR0 - ok
17:28:39.0138 4736 Boot (0x1200) (8bb6a6acf90faf171ffae45723e465e7) \Device\Harddisk0\DR0\Partition0
17:28:39.0138 4736 \Device\Harddisk0\DR0\Partition0 - ok
17:28:39.0168 4736 Boot (0x1200) (86b7021bf5230464eca4413200b12761) \Device\Harddisk0\DR0\Partition1
17:28:39.0168 4736 \Device\Harddisk0\DR0\Partition1 - ok
17:28:39.0168 4736 ============================================================
17:28:39.0168 4736 Scan finished
17:28:39.0168 4736 ============================================================
17:28:39.0178 1636 Detected object count: 0
17:28:39.0178 1636 Actual detected object count: 0

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
  
• Wait 30 seconds, and then turn the computer on.
  
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  
• Ensure that the Safe Mode option is selected.
  
• Press Enter. The computer then begins to start in Safe mode.
  
• Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

Same as last time we tried in safe mode - still closes as soon as it is finished its scan with no option for report or anything else.

how is the computer running now?


gringo

Still same issues - IE opening randomly, phantom music/ads, google redirect. Nothing shows up on any scans (malwarebytes, tdss etc.) and combofix till wont report - just closes.

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
  
• Under Output, ensure that Minimal Output is selected.
  
• Under Extra Registry section, select Use SafeList.
  
• Click the Scan All Users checkbox.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened and the that I need posted back here
    
  • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  
  
• Please post the contents of OTListIt.txt in your next reply.

Gringo

OTL logfile created on: 11/1/2011 1:43:33 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\southpaw\Desktop\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.79 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 58.96% Memory free
7.59 Gb Paging File | 5.94 Gb Available in Paging File | 78.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.39 Gb Total Space | 156.94 Gb Free Space | 57.40% Space Free | Partition Type: NTFS
Drive D: | 180.27 Gb Total Space | 180.18 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: SOUTHPAW-MSI | User Name: southpaw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\southpaw\Desktop\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\southpaw\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SMSIRcAppSvc) -- C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe (SmithMicro Inc.)
SRV - (ProfileImpSvc) -- C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe (SmithMicro Inc.)
SRV - (CASMSI) -- C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe (SmithMicro Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NvtlService) -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.sys (Smith Micro Inc.)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (EUCR) -- C:\Windows\SysNative\drivers\EUCR6SK.sys (ENE Technology Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NWRmNet) -- C:\Windows\SysNative\drivers\NWRmNet.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV:64bit: - (NWUSBPort2) -- C:\Windows\SysNative\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBPort) -- C:\Windows\SysNative\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBModem) -- C:\Windows\SysNative\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (SWMX00) Sierra Wireless USB MUX Driver (#00) -- C:\Windows\SysNative\drivers\swmx00.sys (Sierra Wireless Inc.)
DRV:64bit: - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\Windows\SysNative\drivers\SWNC5E00.sys (Sierra Wireless Inc.)
DRV - (NPF) -- C:\Windows\SysWOW64\drivers\npf.sys (CACE Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (swmsflt) -- C:\windows\System32\drivers\swmsflt.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3231788152-3730241648-3555179068-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.com
IE - HKU\S-1-5-21-3231788152-3730241648-3555179068-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bw.startnow.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=339&product_id=679&affiliate_id=&channel=&toolbar_id=-1&toolbar_version=&install_country=CA&install_date=20111006&user_guid=FD01433579AA43CF9343A648A3E2924D&machine_id=21a2570a6daadae3cddd32dad71e08e4&browser=IE&os=win&os_version=6.1-x64-SP0
IE - HKU\S-1-5-21-3231788152-3730241648-3555179068-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.ca/
IE - HKU\S-1-5-21-3231788152-3730241648-3555179068-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3231788152-3730241648-3555179068-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {34EFA911-B536-4C08-BECE-CD5E55C875B0}:1.0
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.621.0
FF - prefs.js..keyword.URL: "http://bw.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=339&product_id=679&affiliate_id=&channel=&toolbar_id=-1&toolbar_version=&install_country=CA&install_date=20111006&user_guid=FD01433579AA43CF9343A648A3E2924D&machine_id=21a2570a6daadae3cddd32dad71e08e4&browser=FF&os=win&os_version=6.1-x64-SP0&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/29 09:19:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/29 20:30:53 | 000,000,000 | ---D | M]

[2011/02/09 10:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\southpaw\AppData\Roaming\Mozilla\Extensions
[2011/02/09 10:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\southpaw\AppData\Roaming\Mozilla\Firefox\Profiles\xe444w9s.default\extensions
[2011/10/05 21:25:13 | 000,001,382 | ---- | M] () -- C:\Users\southpaw\AppData\Roaming\Mozilla\Firefox\Profiles\xe444w9s.default\searchplugins\yahoo-zugo.xml
[2011/10/26 10:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/12 20:30:56 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/25 20:20:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/26 10:57:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/27 10:05:32 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3231788152-3730241648-3555179068-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3231788152-3730241648-3555179068-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-3231788152-3730241648-3555179068-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Bell Canada Connection Manager] C:\Program Files (x86)\Bell\Mobile Connect\BellCanadaCM.exe (BellCanada)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\southpaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\southpaw\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5561560C-9D6B-48DE-B86F-83D1A23A9BAE}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{27df08ba-6d22-11df-b009-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{27df08ba-6d22-11df-b009-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{27df08ba-6d22-11df-b009-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{27df08ba-6d22-11df-b009-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{da35a4bd-aaf6-11e0-895a-406186b2f94c}\Shell - "" = AutoRun
O33 - MountPoints2\{da35a4bd-aaf6-11e0-895a-406186b2f94c}\Shell\AutoRun\command - "" = F:\AutoLaunch.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/31 16:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2011/10/31 16:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2011/10/30 20:45:19 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/30 17:27:47 | 000,000,000 | ---D | C] -- C:\Users\southpaw\AppData\Roaming\WinRAR
[2011/10/29 20:31:04 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/10/29 20:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/10/29 20:27:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/29 09:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/29 09:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/10/26 10:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/26 10:57:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2011/10/26 10:57:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2011/10/26 10:57:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2011/10/24 14:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\windows\SysWow64\QuickTimeVR.qtx
[2011/10/24 14:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\windows\SysWow64\QuickTime.qts
[2011/10/22 14:19:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/10/22 10:59:17 | 000,000,000 | ---D | C] -- C:\Users\southpaw\Downloads
[2011/10/22 01:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/10/22 00:58:45 | 000,000,000 | ---D | C] -- C:\Users\southpaw\AppData\Local\Secunia PSI
[2011/10/22 00:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2011/10/22 00:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/21 17:00:45 | 000,000,000 | ---D | C] -- C:\Users\southpaw\AppData\Roaming\Malwarebytes
[2011/10/21 17:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/21 17:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/21 16:45:10 | 000,000,000 | ---D | C] -- C:\Users\southpaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/10/21 15:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/21 15:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/21 15:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/21 15:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/21 15:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/13 18:04:48 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2011/10/13 18:04:48 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2011/10/13 18:04:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2011/10/13 18:04:48 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2011/10/13 18:04:48 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011/10/13 18:04:48 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2011/10/13 18:04:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011/10/13 18:04:48 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2011/10/13 18:04:48 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2011/10/13 18:04:48 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/10/13 18:04:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/10/13 18:04:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2011/10/13 18:04:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2011/10/13 18:04:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2011/10/13 18:04:48 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2011/10/13 18:03:51 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll
[2011/10/13 18:03:51 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll
[2011/10/13 18:03:51 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSNP.ax
[2011/10/13 18:03:51 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSNP.ax
[2011/10/13 18:03:51 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax
[2011/10/13 18:03:51 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Mpeg2Data.ax
[2011/10/13 18:03:51 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax
[2011/10/13 18:03:51 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSDvbNP.ax
[2011/10/13 18:03:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Mpeg2Data.ax
[2011/10/13 18:03:51 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSDvbNP.ax
[2011/10/13 18:03:50 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2011/10/13 18:03:50 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleacc.dll
[2011/10/08 08:51:46 | 000,000,000 | ---D | C] -- C:\Users\southpaw\AppData\Local\Microsoft Games
[2011/10/05 21:25:11 | 000,000,000 | ---D | C] -- C:\Users\southpaw\AppData\Local\Batchwork
[2011/10/05 19:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2011/10/03 14:15:31 | 000,000,000 | ---D | C] -- C:\Users\southpaw\Documents\OneNote Notebooks
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/01 11:24:00 | 000,001,306 | ---- | M] () -- C:\Users\southpaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/11/01 10:58:20 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/01 10:58:20 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/01 10:53:47 | 000,730,320 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/11/01 10:53:47 | 000,627,142 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/11/01 10:53:47 | 000,107,426 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/11/01 10:50:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/11/01 10:50:00 | 3056,099,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/31 13:14:17 | 000,331,809 | ---- | M] () -- C:\Users\southpaw\Desktop\caap_inv17_2011.pdf
[2011/10/31 13:14:15 | 000,000,000 | ---- | M] () -- C:\Users\southpaw\Documents\BoltPDF
[2011/10/31 09:55:00 | 000,194,057 | ---- | M] () -- C:\Users\southpaw\Desktop\Healthy Living Expo.jpg
[2011/10/29 20:30:53 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/10/29 09:50:04 | 000,000,000 | ---- | M] () -- C:\Users\southpaw\defogger_reenable
[2011/10/29 09:19:54 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/28 08:55:05 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/24 14:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\windows\SysWow64\QuickTimeVR.qtx
[2011/10/24 14:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\windows\SysWow64\QuickTime.qts
[2011/10/22 00:58:13 | 000,001,120 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/10/22 00:28:00 | 000,000,691 | ---- | M] () -- C:\Users\southpaw\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/21 16:49:09 | 000,000,440 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/21 16:45:12 | 000,000,232 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/21 16:45:12 | 000,000,120 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/21 16:03:04 | 000,002,515 | ---- | M] () -- C:\Users\southpaw\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/21 16:03:04 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/21 16:00:16 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/14 06:24:47 | 000,426,896 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/10/05 21:58:14 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/03 05:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2011/10/03 05:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2011/10/03 05:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2011/10/03 05:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/31 13:14:15 | 000,000,000 | ---- | C] () -- C:\Users\southpaw\Documents\BoltPDF
[2011/10/31 13:14:14 | 000,331,809 | ---- | C] () -- C:\Users\southpaw\Desktop\caap_inv17_2011.pdf
[2011/10/31 09:55:00 | 000,194,057 | ---- | C] () -- C:\Users\southpaw\Desktop\Healthy Living Expo.jpg
[2011/10/29 20:30:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/10/29 20:30:21 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/10/29 09:50:04 | 000,000,000 | ---- | C] () -- C:\Users\southpaw\defogger_reenable
[2011/10/29 09:19:54 | 000,001,855 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/22 00:58:13 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/10/22 00:58:13 | 000,001,083 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/10/22 00:53:43 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/10/22 00:53:43 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/22 00:53:43 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/22 00:53:43 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/22 00:53:43 | 000,000,957 | ---- | C] () -- C:\Users\southpaw\µTorrent.lnk
[2011/10/22 00:53:37 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/22 00:53:37 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/10/22 00:53:37 | 000,002,496 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/10/22 00:53:37 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/10/22 00:53:37 | 000,001,468 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/10/22 00:53:37 | 000,001,384 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/10/22 00:53:37 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/10/22 00:53:37 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/10/22 00:53:37 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/10/22 00:53:37 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/10/22 00:53:37 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/10/22 00:53:37 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/10/22 00:53:37 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/10/22 00:53:37 | 000,001,164 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/22 00:53:37 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bolt PDF Printer.lnk
[2011/10/22 00:53:37 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/10/22 00:53:37 | 000,000,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/10/22 00:28:00 | 000,000,691 | ---- | C] () -- C:\Users\southpaw\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/21 16:45:12 | 000,000,232 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/21 16:45:12 | 000,000,120 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/21 16:45:06 | 000,000,440 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/03 14:15:33 | 000,001,306 | ---- | C] () -- C:\Users\southpaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/09/25 20:23:27 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2011/08/10 15:03:14 | 000,003,584 | ---- | C] () -- C:\Users\southpaw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/23 10:35:52 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/23 08:51:14 | 000,000,000 | ---- | C] () -- C:\Users\southpaw\AppData\Roaming\wklnhst.dat
[2010/11/15 14:41:59 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\pool.bin
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/05/19 18:51:42 | 000,361,808 | ---- | C] () -- C:\windows\EMCRI_E.dll
[2010/05/19 18:19:52 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/05/19 18:19:51 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/05/19 18:19:51 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2008/09/16 14:18:40 | 000,031,880 | ---- | C] () -- C:\windows\SysWow64\drivers\swmsflt.sys

< End of report >