Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disabled firewalls, search redirects


  • This topic is locked This topic is locked
54 replies to this topic

#1 Sarthos

Sarthos

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 20 November 2011 - 04:49 AM

Running Windows 7 64-bit version

My computer has been having numerous problems, starting with the search redirects. Also have had a couple with that have tried to pop up some sort of virus scan tool or things like that, telling me that I'm infected and that I need to run their scan. You know, the type that disables you from using task manager, deleted more or less all the entries in my start menu, etc. Those ones I got rid of with Malwarebytes.

Whatever I have seems to have become more aggressive. Now I almost constantly get iexplore.exe running in the background, often making sound, Sears commercials and some other random stuff starts playing. Oh, and my firewalls are disabled. Try to turn on Windows Firewall and "Windows Firewall can't change some of your settings. Error code 0x8007042c". Likewise, trying to turn on Windows Security Center results in "The Windows Security Center Service can't be started". In McAfee Security Center, options to turn anything on or off are all grayed out.
It seems the problem with the Windows Firewall is that the Windows Firewall Authorization Driver has a problem. I opened Device Manager to check it out. There is a yellow exclamation point by the Authorization driver, the device status says "This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)" and when I try to start it manually it tells me "The system encountered the following error while attempting to start the service. Cannot create a file when that file already exists". Upon opening Services.msc I found that the McAfee firewall is dependent on the Windows Firewall so I suppose that could be the reason why it doesn't work.

And of course with a lack of working firewalls McAfee keeps telling me that it's automatically found and removed a trojan, Artemis!C7.... something, can't remember and it hasn't done it in a little while.

I've run scans with McAfee, MalwareBytes, and Lavasoft Ad-Aware, haven't fixed the problem. So now I'm turning here for help.

So, here's a log from the DDS thing

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Harry at 3:27:58 on 2011-11-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2079 [GMT -6:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110131083641.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [winupd] C:\Users\Harry\AppData\Local\Temp\winupd.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Harry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Harry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\winupd.lnk - C:\Users\Harry\AppData\Local\Temp\winupd.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{989842F9-2467-4AC4-A406-FDF9AF8DD0A6} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{989842F9-2467-4AC4-A406-FDF9AF8DD0A6}\230333D27657563747 : DhcpNameServer = 192.168.169.1
TCP: Interfaces\{989842F9-2467-4AC4-A406-FDF9AF8DD0A6}\55F666D4027457563747 : DhcpNameServer = 128.101.101.101 134.84.84.84
TCP: Interfaces\{989842F9-2467-4AC4-A406-FDF9AF8DD0A6}\84F4D454D243233483 : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{989842F9-2467-4AC4-A406-FDF9AF8DD0A6}\9556C6C6F6773456461627D27657563747 : DhcpNameServer = 68.87.77.134 68.87.72.134
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110131083641.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\pbnuc32o.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-8-17 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-2-2 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-2-2 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-16 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-16 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-16 149032]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-16 705856]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-2-2 355440]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
S2 WinRM32;Windows Remote Management (WS-Management) ;C:\Windows\system32\odbcji3232.exe --> C:\Windows\system32\odbcji3232.exe [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-11-14 17152]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-2-2 355440]
.
=============== Created Last 30 ================
.
2011-11-18 05:30:18 -------- d-----w- C:\Program Files (x86)\Cygnus
2011-11-16 04:22:11 -------- d-----w- C:\Users\Harry\AppData\Local\adaware
2011-11-16 02:48:56 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-11-16 02:35:09 -------- d-----w- C:\Users\Harry\AppData\Local\ElevatedDiagnostics
2011-11-14 19:23:14 -------- d-----w- C:\Users\Harry\AppData\Local\Adobe
2011-11-14 09:12:44 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-11-14 09:05:47 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2011-11-14 09:05:43 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2011-11-14 09:05:35 -------- d-----w- C:\Program Files (x86)\adawaretb
2011-11-14 09:05:19 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-11-14 09:04:56 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-11-11 04:05:47 107520 ----a-w- C:\Windows\SysWow64\srrstr.dll
2011-11-09 05:14:57 -------- d-----we C:\Windows\system64
2011-11-09 05:13:16 -------- d-----w- C:\Users\Harry\AppData\Roaming\dppnnG5aa
2011-11-09 04:26:42 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 04:26:42 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 04:26:40 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 04:26:36 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-03 02:12:08 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2011-10-25 20:50:57 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-25 20:50:57 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
.
==================== Find3M ====================
.
2011-10-28 03:39:38 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 3:37:44.90 ===============


Any input would be greatly appreciated

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 AM

Posted 23 November 2011 - 02:17 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Sarthos

Sarthos
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 23 November 2011 - 12:17 PM

It took about an hour to run the thing, removed some files, still getting redirects and my firewalls are still disabled.



ComboFix 11-11-22.03 - Harry 11/23/2011 6:23.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2492 [GMT -6:00]
Running from: c:\users\Harry\Downloads\Combofix\ComboFix.exe
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Harry\AppData\Local\fok.exe
c:\users\Harry\AppData\Local\Temp\winupd.exe
c:\users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk
c:\users\Harry\Documents\~WRL0624.tmp
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 13:06 . 2011-11-23 13:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-18 05:30 . 2011-11-18 05:30 -------- d-----w- c:\program files (x86)\Cygnus
2011-11-16 04:22 . 2011-11-16 04:28 -------- d-----w- c:\users\Harry\AppData\Local\adaware
2011-11-16 02:48 . 2011-11-14 09:12 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-16 02:35 . 2011-11-16 02:35 -------- d-----w- c:\users\Harry\AppData\Local\ElevatedDiagnostics
2011-11-14 19:23 . 2011-11-14 19:23 -------- d-----w- c:\users\Harry\AppData\Local\Adobe
2011-11-14 09:12 . 2011-11-14 09:12 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-14 09:05 . 2011-11-23 01:00 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-11-14 09:05 . 2011-11-14 09:05 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2011-11-14 09:05 . 2011-11-14 09:05 -------- d-----w- c:\program files (x86)\adawaretb
2011-11-14 09:05 . 2011-11-03 18:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-14 09:04 . 2011-11-14 09:04 -------- d-----w- c:\program files (x86)\Lavasoft
2011-11-14 09:04 . 2011-11-14 09:05 -------- d-----w- c:\programdata\Lavasoft
2011-11-11 04:05 . 2011-11-11 04:05 107520 ----a-w- c:\windows\SysWow64\srrstr.dll
2011-11-09 05:13 . 2011-11-09 05:13 -------- d-----w- c:\users\Harry\AppData\Roaming\dppnnG5aa
2011-11-09 04:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 04:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 04:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 04:26 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-03 02:12 . 2011-11-03 07:55 -------- d-----w- c:\users\Harry\AppData\Roaming\Audacity
2011-11-03 02:12 . 2011-11-03 02:12 -------- d-----w- c:\program files (x86)\Audacity 1.3 Beta (Unicode)
2011-10-25 20:50 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-25 20:50 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 03:39 . 2011-09-04 16:51 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21 . 2011-10-12 04:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-12 04:55 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-27 05:40 . 2011-10-12 04:53 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:40 . 2011-10-12 04:53 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:43 . 2011-10-12 04:53 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-12 04:53 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-04-01 400760]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-28 102400]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-23 1484856]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-11-30 74752]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-02-11 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 WinRM32;Windows Remote Management (WS-Management) ;c:\windows\system32\odbcji3232.exe [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-14 149032]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-14 17152]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"combofix"="c:\combofix\CF9874.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\pbnuc32o.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-11-23 07:38:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-23 13:38
.
Pre-Run: 28,720,615,424 bytes free
Post-Run: 28,775,026,688 bytes free
.
- - End Of File - - 89001B314657AB1176784F3AAAC40304

Thanks!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 AM

Posted 23 November 2011 - 08:35 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Sarthos

Sarthos
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 23 November 2011 - 08:54 PM

19:44:21.0355 5372 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
19:44:22.0012 5372 ============================================================
19:44:22.0012 5372 Current date / time: 2011/11/23 19:44:22.0012
19:44:22.0012 5372 SystemInfo:
19:44:22.0012 5372
19:44:22.0012 5372 OS Version: 6.1.7600 ServicePack: 0.0
19:44:22.0012 5372 Product type: Workstation
19:44:22.0013 5372 ComputerName: HARRYS-PC
19:44:22.0014 5372 UserName: Harry
19:44:22.0014 5372 Windows directory: C:\Windows
19:44:22.0014 5372 System windows directory: C:\Windows
19:44:22.0014 5372 Running under WOW64
19:44:22.0014 5372 Processor architecture: Intel x64
19:44:22.0014 5372 Number of processors: 3
19:44:22.0014 5372 Page size: 0x1000
19:44:22.0014 5372 Boot type: Normal boot
19:44:22.0014 5372 ============================================================
19:44:23.0740 5372 Initialize success
19:44:28.0101 7108 ============================================================
19:44:28.0101 7108 Scan started
19:44:28.0101 7108 Mode: Manual;
19:44:28.0101 7108 ============================================================
19:44:30.0665 7108 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
19:44:30.0668 7108 1394ohci - ok
19:44:30.0760 7108 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:44:30.0765 7108 ACPI - ok
19:44:30.0854 7108 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:44:30.0856 7108 AcpiPmi - ok
19:44:30.0978 7108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:44:30.0985 7108 adp94xx - ok
19:44:31.0081 7108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:44:31.0086 7108 adpahci - ok
19:44:31.0180 7108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:44:31.0183 7108 adpu320 - ok
19:44:31.0295 7108 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
19:44:31.0302 7108 AFD - ok
19:44:31.0399 7108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:44:31.0399 7108 agp440 - ok
19:44:31.0722 7108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:44:31.0723 7108 aliide - ok
19:44:31.0832 7108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:44:31.0834 7108 amdide - ok
19:44:31.0872 7108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:44:31.0873 7108 AmdK8 - ok
19:44:32.0098 7108 amdkmdag (18ad9ad00ffad95dc820762fb7f4b80f) C:\Windows\system32\DRIVERS\atikmdag.sys
19:44:32.0236 7108 amdkmdag - ok
19:44:32.0693 7108 amdkmdap (dbf0db9a8b60a2c029eb70824afccbda) C:\Windows\system32\DRIVERS\atikmpag.sys
19:44:32.0696 7108 amdkmdap - ok
19:44:32.0734 7108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:44:32.0736 7108 AmdPPM - ok
19:44:32.0849 7108 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:44:32.0851 7108 amdsata - ok
19:44:32.0893 7108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:44:32.0897 7108 amdsbs - ok
19:44:32.0978 7108 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:44:32.0980 7108 amdxata - ok
19:44:33.0036 7108 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:44:33.0040 7108 AppID - ok
19:44:33.0213 7108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:44:33.0217 7108 arc - ok
19:44:33.0278 7108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:44:33.0282 7108 arcsas - ok
19:44:33.0386 7108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:33.0389 7108 AsyncMac - ok
19:44:33.0465 7108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:44:33.0467 7108 atapi - ok
19:44:33.0605 7108 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
19:44:33.0610 7108 AtiHdmiService - ok
19:44:33.0727 7108 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:44:33.0730 7108 AtiPcie - ok
19:44:33.0964 7108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:44:33.0975 7108 b06bdrv - ok
19:44:34.0136 7108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:44:34.0143 7108 b57nd60a - ok
19:44:34.0271 7108 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
19:44:34.0274 7108 BCM42RLY - ok
19:44:34.0471 7108 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:44:34.0576 7108 BCM43XX - ok
19:44:34.0747 7108 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
19:44:34.0750 7108 BcmVWL - ok
19:44:34.0887 7108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:44:34.0889 7108 Beep - ok
19:44:35.0057 7108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:44:35.0060 7108 blbdrive - ok
19:44:35.0244 7108 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:44:35.0248 7108 bowser - ok
19:44:35.0576 7108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:44:35.0579 7108 BrFiltLo - ok
19:44:35.0648 7108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:44:35.0651 7108 BrFiltUp - ok
19:44:35.0744 7108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:44:35.0752 7108 Brserid - ok
19:44:35.0841 7108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:44:35.0844 7108 BrSerWdm - ok
19:44:35.0945 7108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:44:35.0947 7108 BrUsbMdm - ok
19:44:35.0991 7108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:44:35.0994 7108 BrUsbSer - ok
19:44:36.0141 7108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:44:36.0145 7108 BTHMODEM - ok
19:44:36.0242 7108 catchme - ok
19:44:36.0342 7108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:44:36.0346 7108 cdfs - ok
19:44:36.0461 7108 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:44:36.0467 7108 cdrom - ok
19:44:36.0638 7108 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
19:44:36.0641 7108 cfwids - ok
19:44:36.0735 7108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:44:36.0745 7108 circlass - ok
19:44:36.0847 7108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:44:36.0864 7108 CLFS - ok
19:44:37.0092 7108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:44:37.0094 7108 CmBatt - ok
19:44:37.0301 7108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:44:37.0304 7108 cmdide - ok
19:44:37.0421 7108 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
19:44:37.0432 7108 CNG - ok
19:44:37.0567 7108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:44:37.0570 7108 Compbatt - ok
19:44:37.0823 7108 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:44:37.0826 7108 CompositeBus - ok
19:44:37.0952 7108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:44:37.0955 7108 crcdisk - ok
19:44:38.0110 7108 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:44:38.0116 7108 CtClsFlt - ok
19:44:38.0284 7108 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:44:38.0288 7108 DfsC - ok
19:44:38.0456 7108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:44:38.0460 7108 discache - ok
19:44:38.0580 7108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:44:38.0584 7108 Disk - ok
19:44:38.0752 7108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:44:38.0754 7108 drmkaud - ok
19:44:38.0938 7108 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:44:38.0974 7108 DXGKrnl - ok
19:44:39.0172 7108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:44:39.0273 7108 ebdrv - ok
19:44:39.0474 7108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:44:39.0493 7108 elxstor - ok
19:44:39.0587 7108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:44:39.0589 7108 ErrDev - ok
19:44:39.0704 7108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:44:39.0710 7108 exfat - ok
19:44:39.0790 7108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:44:39.0808 7108 fastfat - ok
19:44:39.0923 7108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:44:39.0926 7108 fdc - ok
19:44:40.0011 7108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:44:40.0044 7108 FileInfo - ok
19:44:40.0140 7108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:44:40.0146 7108 Filetrace - ok
19:44:40.0221 7108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:44:40.0225 7108 flpydisk - ok
19:44:40.0364 7108 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:44:40.0380 7108 FltMgr - ok
19:44:40.0539 7108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:44:40.0542 7108 FsDepends - ok
19:44:40.0656 7108 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:44:40.0676 7108 Fs_Rec - ok
19:44:40.0828 7108 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:44:40.0834 7108 fvevol - ok
19:44:40.0967 7108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:44:40.0970 7108 gagp30kx - ok
19:44:41.0176 7108 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:44:41.0179 7108 GEARAspiWDM - ok
19:44:41.0430 7108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:44:41.0430 7108 hcw85cir - ok
19:44:41.0682 7108 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:44:41.0698 7108 HdAudAddService - ok
19:44:41.0891 7108 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:44:41.0896 7108 HDAudBus - ok
19:44:42.0374 7108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:44:42.0374 7108 HidBatt - ok
19:44:42.0544 7108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:44:42.0554 7108 HidBth - ok
19:44:42.0686 7108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:44:42.0689 7108 HidIr - ok
19:44:42.0925 7108 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:44:42.0935 7108 HidUsb - ok
19:44:43.0409 7108 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:44:43.0469 7108 HpSAMD - ok
19:44:43.0841 7108 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:44:43.0851 7108 HTTP - ok
19:44:44.0062 7108 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:44:44.0065 7108 hwpolicy - ok
19:44:44.0239 7108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:44:44.0244 7108 i8042prt - ok
19:44:44.0527 7108 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:44:44.0537 7108 iaStorV - ok
19:44:45.0196 7108 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:44:45.0371 7108 igfx - ok
19:44:45.0537 7108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:44:45.0537 7108 iirsp - ok
19:44:45.0719 7108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:44:45.0719 7108 intelide - ok
19:44:45.0881 7108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:44:45.0881 7108 intelppm - ok
19:44:46.0053 7108 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:46.0053 7108 IpFilterDriver - ok
19:44:46.0205 7108 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:44:46.0215 7108 IPMIDRV - ok
19:44:46.0347 7108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:44:46.0347 7108 IPNAT - ok
19:44:46.0718 7108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:44:46.0721 7108 IRENUM - ok
19:44:46.0928 7108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:44:46.0931 7108 isapnp - ok
19:44:47.0141 7108 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:44:47.0148 7108 iScsiPrt - ok
19:44:47.0321 7108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:44:47.0325 7108 kbdclass - ok
19:44:47.0476 7108 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:44:47.0480 7108 kbdhid - ok
19:44:47.0750 7108 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
19:44:47.0754 7108 KSecDD - ok
19:44:47.0882 7108 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
19:44:47.0887 7108 KSecPkg - ok
19:44:48.0044 7108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:44:48.0047 7108 ksthunk - ok
19:44:48.0472 7108 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
19:44:48.0475 7108 Lavasoft Kernexplorer - ok
19:44:48.0914 7108 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
19:44:48.0918 7108 Lbd - ok
19:44:49.0034 7108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:44:49.0037 7108 lltdio - ok
19:44:49.0136 7108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:44:49.0141 7108 LSI_FC - ok
19:44:49.0216 7108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:44:49.0221 7108 LSI_SAS - ok
19:44:49.0335 7108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:44:49.0339 7108 LSI_SAS2 - ok
19:44:49.0558 7108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:44:49.0565 7108 LSI_SCSI - ok
19:44:49.0689 7108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:44:49.0704 7108 luafv - ok
19:44:49.0941 7108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:44:49.0951 7108 megasas - ok
19:44:49.0995 7108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:44:50.0013 7108 MegaSR - ok
19:44:50.0250 7108 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
19:44:50.0253 7108 mfeapfk - ok
19:44:50.0363 7108 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
19:44:50.0373 7108 mfeavfk - ok
19:44:50.0506 7108 mfeavfk01 - ok
19:44:50.0650 7108 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
19:44:50.0661 7108 mfefirek - ok
19:44:50.0795 7108 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
19:44:50.0808 7108 mfehidk - ok
19:44:50.0967 7108 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
19:44:50.0967 7108 mfenlfk - ok
19:44:51.0121 7108 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
19:44:51.0121 7108 mferkdet - ok
19:44:51.0416 7108 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
19:44:51.0424 7108 mfewfpk - ok
19:44:51.0588 7108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:44:51.0592 7108 Modem - ok
19:44:51.0624 7108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:44:51.0627 7108 monitor - ok
19:44:51.0713 7108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:44:51.0716 7108 mouclass - ok
19:44:51.0825 7108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:44:51.0829 7108 mouhid - ok
19:44:51.0940 7108 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:44:51.0945 7108 mountmgr - ok
19:44:51.0975 7108 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:44:51.0981 7108 mpio - ok
19:44:52.0202 7108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:44:52.0206 7108 mpsdrv - ok
19:44:52.0510 7108 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:44:52.0516 7108 MRxDAV - ok
19:44:52.0644 7108 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:44:52.0649 7108 mrxsmb - ok
19:44:52.0843 7108 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:44:52.0852 7108 mrxsmb10 - ok
19:44:53.0012 7108 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:44:53.0015 7108 mrxsmb20 - ok
19:44:53.0107 7108 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
19:44:53.0107 7108 msahci - ok
19:44:53.0219 7108 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:44:53.0225 7108 msdsm - ok
19:44:53.0401 7108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:44:53.0401 7108 Msfs - ok
19:44:53.0504 7108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:44:53.0507 7108 mshidkmdf - ok
19:44:53.0544 7108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:44:53.0547 7108 msisadrv - ok
19:44:53.0600 7108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:44:53.0604 7108 MSKSSRV - ok
19:44:53.0628 7108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:44:53.0631 7108 MSPCLOCK - ok
19:44:53.0675 7108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:44:53.0680 7108 MSPQM - ok
19:44:53.0736 7108 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:44:53.0746 7108 MsRPC - ok
19:44:53.0795 7108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:44:53.0851 7108 mssmbios - ok
19:44:54.0334 7108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:44:54.0337 7108 MSTEE - ok
19:44:54.0479 7108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:44:54.0505 7108 MTConfig - ok
19:44:54.0746 7108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:44:54.0749 7108 Mup - ok
19:44:54.0819 7108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:44:54.0828 7108 NativeWifiP - ok
19:44:54.0966 7108 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:44:55.0025 7108 NDIS - ok
19:44:55.0139 7108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:44:55.0142 7108 NdisCap - ok
19:44:55.0210 7108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:44:55.0214 7108 NdisTapi - ok
19:44:55.0280 7108 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:44:55.0284 7108 Ndisuio - ok
19:44:55.0343 7108 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:44:55.0349 7108 NdisWan - ok
19:44:55.0385 7108 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:44:55.0389 7108 NDProxy - ok
19:44:55.0438 7108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:44:55.0442 7108 NetBIOS - ok
19:44:55.0485 7108 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:44:55.0493 7108 NetBT - ok
19:44:55.0688 7108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:44:55.0692 7108 nfrd960 - ok
19:44:55.0835 7108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:44:55.0844 7108 Npfs - ok
19:44:55.0915 7108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:44:55.0918 7108 nsiproxy - ok
19:44:56.0103 7108 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:44:56.0155 7108 Ntfs - ok
19:44:56.0267 7108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:44:56.0267 7108 Null - ok
19:44:56.0424 7108 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:44:56.0430 7108 nvraid - ok
19:44:56.0520 7108 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:44:56.0526 7108 nvstor - ok
19:44:56.0702 7108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:44:56.0707 7108 nv_agp - ok
19:44:56.0754 7108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:44:56.0758 7108 ohci1394 - ok
19:44:56.0868 7108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:44:56.0872 7108 Parport - ok
19:44:56.0905 7108 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:44:56.0909 7108 partmgr - ok
19:44:56.0969 7108 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:44:56.0974 7108 pci - ok
19:44:57.0031 7108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:44:57.0034 7108 pciide - ok
19:44:57.0105 7108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:44:57.0117 7108 pcmcia - ok
19:44:57.0246 7108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:44:57.0250 7108 pcw - ok
19:44:57.0408 7108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:44:57.0442 7108 PEAUTH - ok
19:44:57.0770 7108 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:44:57.0779 7108 PptpMiniport - ok
19:44:57.0898 7108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:44:57.0902 7108 Processor - ok
19:44:58.0106 7108 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:44:58.0111 7108 Psched - ok
19:44:58.0214 7108 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:44:58.0218 7108 PxHlpa64 - ok
19:44:58.0465 7108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:44:58.0524 7108 ql2300 - ok
19:44:58.0682 7108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:44:58.0687 7108 ql40xx - ok
19:44:58.0881 7108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:44:58.0885 7108 QWAVEdrv - ok
19:44:58.0986 7108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:44:58.0989 7108 RasAcd - ok
19:44:59.0105 7108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:44:59.0110 7108 RasAgileVpn - ok
19:44:59.0413 7108 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:44:59.0459 7108 Rasl2tp - ok
19:44:59.0716 7108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:44:59.0721 7108 RasPppoe - ok
19:44:59.0861 7108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:44:59.0871 7108 RasSstp - ok
19:45:00.0053 7108 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:45:00.0070 7108 rdbss - ok
19:45:00.0157 7108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:45:00.0160 7108 rdpbus - ok
19:45:00.0451 7108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:45:00.0454 7108 RDPCDD - ok
19:45:00.0566 7108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:45:00.0569 7108 RDPENCDD - ok
19:45:00.0721 7108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:45:00.0739 7108 RDPREFMP - ok
19:45:00.0799 7108 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:45:00.0806 7108 RDPWD - ok
19:45:00.0957 7108 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:45:00.0964 7108 rdyboost - ok
19:45:01.0168 7108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:45:01.0172 7108 rspndr - ok
19:45:01.0346 7108 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys
19:45:01.0353 7108 RSUSBSTOR - ok
19:45:01.0459 7108 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:45:01.0469 7108 RTL8167 - ok
19:45:01.0572 7108 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:45:01.0619 7108 sbp2port - ok
19:45:01.0788 7108 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
19:45:01.0794 7108 SCDEmu - ok
19:45:01.0887 7108 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:45:01.0890 7108 scfilter - ok
19:45:02.0118 7108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:45:02.0121 7108 secdrv - ok
19:45:02.0670 7108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:45:02.0674 7108 Serenum - ok
19:45:02.0860 7108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:45:02.0864 7108 Serial - ok
19:45:02.0965 7108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:45:02.0968 7108 sermouse - ok
19:45:03.0124 7108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:45:03.0127 7108 sffdisk - ok
19:45:03.0210 7108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:45:03.0213 7108 sffp_mmc - ok
19:45:03.0435 7108 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:45:03.0438 7108 sffp_sd - ok
19:45:03.0488 7108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:45:03.0492 7108 sfloppy - ok
19:45:03.0650 7108 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:45:03.0678 7108 Sftfs - ok
19:45:03.0918 7108 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:45:03.0926 7108 Sftplay - ok
19:45:04.0086 7108 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:45:04.0089 7108 Sftredir - ok
19:45:04.0263 7108 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:45:04.0267 7108 Sftvol - ok
19:45:04.0618 7108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:45:04.0648 7108 SiSRaid2 - ok
19:45:04.0870 7108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:45:04.0874 7108 SiSRaid4 - ok
19:45:05.0005 7108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:45:05.0009 7108 Smb - ok
19:45:05.0152 7108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:45:05.0155 7108 spldr - ok
19:45:05.0426 7108 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:45:05.0438 7108 srv - ok
19:45:05.0519 7108 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:45:05.0530 7108 srv2 - ok
19:45:05.0610 7108 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:45:05.0617 7108 srvnet - ok
19:45:05.0707 7108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:45:05.0710 7108 stexstor - ok
19:45:05.0880 7108 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
19:45:05.0897 7108 STHDA - ok
19:45:06.0044 7108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:45:06.0054 7108 swenum - ok
19:45:06.0226 7108 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
19:45:06.0234 7108 SynTP - ok
19:45:06.0502 7108 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:45:06.0562 7108 Tcpip - ok
19:45:06.0749 7108 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:45:06.0782 7108 TCPIP6 - ok
19:45:06.0880 7108 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:45:06.0884 7108 tcpipreg - ok
19:45:07.0027 7108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:45:07.0030 7108 TDPIPE - ok
19:45:07.0093 7108 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:45:07.0096 7108 TDTCP - ok
19:45:07.0223 7108 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:45:07.0228 7108 tdx - ok
19:45:07.0285 7108 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:45:07.0289 7108 TermDD - ok
19:45:07.0455 7108 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:45:07.0459 7108 tssecsrv - ok
19:45:07.0567 7108 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:45:07.0572 7108 tunnel - ok
19:45:07.0670 7108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:45:07.0677 7108 uagp35 - ok
19:45:07.0797 7108 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
19:45:07.0807 7108 udfs - ok
19:45:07.0958 7108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:45:07.0962 7108 uliagpkx - ok
19:45:08.0110 7108 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:45:08.0117 7108 umbus - ok
19:45:08.0203 7108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:45:08.0206 7108 UmPass - ok
19:45:08.0405 7108 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
19:45:08.0409 7108 USBAAPL64 - ok
19:45:08.0576 7108 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
19:45:08.0576 7108 usbccgp - ok
19:45:08.0743 7108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:45:08.0747 7108 usbcir - ok
19:45:08.0903 7108 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
19:45:08.0907 7108 usbehci - ok
19:45:09.0054 7108 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
19:45:09.0057 7108 usbfilter - ok
19:45:09.0198 7108 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
19:45:09.0208 7108 usbhub - ok
19:45:09.0436 7108 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
19:45:09.0439 7108 usbohci - ok
19:45:09.0562 7108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:45:09.0565 7108 usbprint - ok
19:45:09.0703 7108 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:45:09.0707 7108 usbscan - ok
19:45:09.0887 7108 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:45:09.0892 7108 USBSTOR - ok
19:45:10.0054 7108 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
19:45:10.0058 7108 usbuhci - ok
19:45:10.0219 7108 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:45:10.0225 7108 usbvideo - ok
19:45:10.0441 7108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:45:10.0444 7108 vdrvroot - ok
19:45:10.0599 7108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:45:10.0602 7108 vga - ok
19:45:10.0728 7108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:45:10.0732 7108 VgaSave - ok
19:45:10.0896 7108 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:45:10.0903 7108 vhdmp - ok
19:45:10.0994 7108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:45:10.0997 7108 viaide - ok
19:45:11.0081 7108 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:45:11.0085 7108 volmgr - ok
19:45:11.0196 7108 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:45:11.0213 7108 volmgrx - ok
19:45:11.0402 7108 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:45:11.0411 7108 volsnap - ok
19:45:11.0561 7108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:45:11.0567 7108 vsmraid - ok
19:45:11.0702 7108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:45:11.0706 7108 vwifibus - ok
19:45:11.0845 7108 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:45:11.0849 7108 vwififlt - ok
19:45:12.0010 7108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:45:12.0010 7108 WacomPen - ok
19:45:12.0164 7108 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:45:12.0169 7108 WANARP - ok
19:45:12.0196 7108 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:45:12.0200 7108 Wanarpv6 - ok
19:45:12.0412 7108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:45:12.0412 7108 Wd - ok
19:45:12.0584 7108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:45:12.0606 7108 Wdf01000 - ok
19:45:12.0899 7108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:45:12.0902 7108 WfpLwf - ok
19:45:13.0098 7108 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
19:45:13.0106 7108 WimFltr - ok
19:45:13.0251 7108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:45:13.0255 7108 WIMMount - ok
19:45:13.0558 7108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:45:13.0558 7108 WmiAcpi - ok
19:45:13.0810 7108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:45:13.0813 7108 ws2ifsl - ok
19:45:14.0051 7108 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
19:45:14.0058 7108 WudfPf - ok
19:45:14.0538 7108 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:45:14.0548 7108 WUDFRd - ok
19:45:14.0760 7108 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
19:45:14.0770 7108 yukonw7 - ok
19:45:14.0882 7108 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0
19:45:14.0902 7108 \Device\Harddisk0\DR0 - ok
19:45:14.0902 7108 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
19:45:14.0912 7108 \Device\Harddisk0\DR0\Partition0 - ok
19:45:14.0956 7108 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1
19:45:14.0958 7108 \Device\Harddisk0\DR0\Partition1 - ok
19:45:14.0959 7108 ============================================================
19:45:14.0959 7108 Scan finished
19:45:14.0959 7108 ============================================================
19:45:14.0984 3960 Detected object count: 0
19:45:14.0984 3960 Actual detected object count: 0

And in other news, some program called "Cloud AV 2012" appeared on my desktop today. I have no idea if it's related to my other issues. It's one of those programs that stops you from running virus scans and that disables task manager and sucks to close. I closed it by rebooting, using task manager, then clicking "end process" on the thing before it got a chance to disable task manager. But the thing did pop up and say something about "we stopped internet explorer from trying to send out the following information *had a list of all my passwords and user ids*" so I'm assuming that that program is some sort of additional malware and I probably need to change all my passwords now.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 AM

Posted 23 November 2011 - 09:27 PM

Hello

I would like you to download these programs if you don't have them yet to the desktop and have them ready to use .

RKill - exeHelper - Malwarebytes' Anti-Malware
Unhide.exe


After you have them on your desktop restart your computer and as soon as you can start with RKill

:Rkill:

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

Once the tool has run, do NOT reboot the machine,
If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.

Scan with exeHelper:

Please download exeHelper to your desktop.

  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program


Next I want you to run the unhide.exe program just double click to run it.

: Malwarebytes' Anti-Malware :

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Let me have these logs and let me know how the computer is doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Sarthos

Sarthos
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 23 November 2011 - 11:34 PM

I accidentally ran MBAM first, but then I ran it again after the other stuff

MALWAREBYTES LOG
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8122

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/23/2011 8:25:08 PM
mbam-log-2011-11-23 (20-25-08).txt

Scan type: Quick scan
Objects scanned: 177279
Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
c:\Users\Harry\AppData\Roaming\dwme.exe (Trojan.FakeAlert) -> 3260 -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cJJ66dEEK8RZ9TX (Trojan.FakeAlert) -> Value: cJJ66dEEK8RZ9TX -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IssQQJ7ddE8gR9Y8234A (Trojan.FakeAlert.CLGen) -> Value: IssQQJ7ddE8gR9Y8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DFA.exe (Backdoor.CycBot.Gen) -> Value: DFA.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Harry\AppData\Roaming\iexplore.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Harry\AppData\Roaming\java.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Harry\AppData\Local\Temp\thpm1163463514380324490.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.
c:\Users\Harry\AppData\Roaming\firefox.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Harry\AppData\Roaming\dwme.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Harry\AppData\Roaming\laaa1iivd\cloud av 2012v121.exe (Trojan.FakeAlert.CLGen) -> Quarantined and deleted successfully.
c:\Users\Harry\AppData\Roaming\microsoft\ED37\DFA.exe (Backdoor.CycBot.Gen) -> Quarantined and deleted successfully.


EXEHELPER LOG
exeHelper by Raktor
Build 20100414
Run at 21:55:51 on 11/23/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

MALWAREBYTES LOG (AFTER RUNNING THE OTHER PROGRAMS)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8229

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/23/2011 10:18:13 PM
mbam-log-2011-11-23 (22-18-13).txt

Scan type: Quick scan
Objects scanned: 177432
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Harry\AppData\Local\Temp\dwme.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Harry\AppData\Local\Temp\msimg32.dll (Trojan.Inject) -> Quarantined and deleted successfully.
c:\Users\Harry\AppData\Local\Temp\0.8799609015865019gtye.exe (Exploit.Drop.4) -> Quarantined and deleted successfully.

Searches still redirect, firewalls still won't work :(
Thanks for the help thus far!

Actually, I got the Windows and McAfee Firewalls back up. The Windows Firewall Authorization Driver started working, just had to go into services.msc, go to Windows Firewall, and change the "logon" to "Local Service Account" instead of "Local System Account". Once I did that, I was able to start Windows Firewall, so now McAfee Firewall works too. Windows Security Center as a whole still won't start though.

Edited by Sarthos, 23 November 2011 - 11:42 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 AM

Posted 24 November 2011 - 12:07 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Sarthos

Sarthos
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 24 November 2011 - 01:24 AM

Is it common for this program to freeze?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 AM

Posted 24 November 2011 - 01:39 AM

try to run again and if it does not run then try in safe mode


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Sarthos

Sarthos
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 24 November 2011 - 01:55 AM

It runs but eventually hits some file and stops. And it is finding some stuff but can't get to the end of the scan.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 AM

Posted 24 November 2011 - 02:02 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Sarthos

Sarthos
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 24 November 2011 - 02:29 AM

Gonna keep retrying the other program too. Maybe it'll work one of these times. And having run the scan I just run the scan, don't hit "run fix" afterwards? Thanks.

OTL logfile created on: 11/24/2011 1:10:11 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Harry\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 24.63% Memory free
7.49 Gb Paging File | 3.95 Gb Available in Paging File | 52.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 25.41 Gb Free Space | 5.63% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: HARRYS-PC | User Name: Harry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Harry\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Harry\Downloads\aswMBR.exe (AVAST Software)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe ()
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libzvbi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtaglib_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libx264_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_rtp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_raop_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_sdl_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtwolame_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspatializer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_transcode_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvisual_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvod_rtsp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwingdi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libty_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsubtitle_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvcd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsubsdec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvobsub_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsubsusf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_record_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_mosaic_bridge_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvideo_filter_wrapper_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtransform_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_standard_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_bridge_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspudec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsvcdsub_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_es_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsmf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwall_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvoc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_smem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvmem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_duplicate_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libxtag_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtta_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstats_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_display_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwave_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvc1_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_gather_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libxa_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_autodel_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtrivial_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libt140_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_description_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspdif_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_dummy_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libremoteosd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librtp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsdl_image_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsap_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libreal_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librss_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscreen_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librotate_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librawvid_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscene_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libquicktime_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librealvideo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librawdv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librawaud_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsharpen_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libripple_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librawvideo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librv32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libprojectm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmkv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmod_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_ts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liboldhttp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_ps_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libportaudio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libogg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_h264_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpostproc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liboldrc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpanoramix_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_ogg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_mp4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_asf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libps_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmosaic_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_dirac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libosd_parser_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_vc1_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liboldtelnet_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpegvideo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_avi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmotiondetect_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpeg4video_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_flac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpuzzle_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mlp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmono_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libosdmenu_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpodcast_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpva_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libntservice_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnsv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmirror_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libparam_eq_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnetsync_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmjpeg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpsychedelic_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_copy_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnsc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpy3dn_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnormvol_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_wav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmsn_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmotionblur_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnoise_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_mpjpeg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_dummy_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblive555_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgnutls_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgme_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblua_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgoom_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libkate_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libglwin32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgradient_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflacsys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libes_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libextract_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblogo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfilesystem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmarq_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libexport_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmagnify_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libheadphone_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgestures_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liberase_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmediadirs_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblogger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgaussianblur_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libinvmem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrain_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libh264_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libinvert_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfolder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcaca_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libatmo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdread_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libbda_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvbsub_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdda_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdeinterlace_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libasf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudiobargraph_v_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdmo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcrop_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libball_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libequalizer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudioscrobbler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudio_format_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdummy_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudiobargraph_a_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcvdsub_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcroppadd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libchorus_flanger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libbluescreen_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcanvas_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libblendbench_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcolorthres_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libclone_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libchain_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdemuxdump_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libau_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdemux_cdg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_shout_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_sdl_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_http_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_mms_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_realrtsp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libadjust_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_imem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_ftp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libadpcm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_udp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_http_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_file_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_smb_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaiff_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_fake_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libalphamask_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_udp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_file_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_tcp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_attachment_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_dummy_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\DivX\DivX Plus Web Player\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) -- C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF A4 9B 11 CA C9 D8 43 91 1E 8A 78 C3 49 68 FD [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF A4 9B 11 CA C9 D8 43 91 1E 8A 78 C3 49 68 FD [binary data]

IE - HKU\S-1-5-21-3584315620-3987319667-37350171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3584315620-3987319667-37350171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF A4 9B 11 CA C9 D8 43 91 1E 8A 78 C3 49 68 FD [binary data]
IE - HKU\S-1-5-21-3584315620-3987319667-37350171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3584315620-3987319667-37350171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/29 19:44:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/29 19:44:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/23 19:41:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/08 11:14:20 | 000,000,000 | ---D | M]

[2011/01/29 19:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harry\AppData\Roaming\Mozilla\Extensions
[2011/11/14 03:05:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\pbnuc32o.default\extensions
[2011/07/13 15:25:46 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\pbnuc32o.default\extensions\{48292d25-4ffe-4fba-85e8-fb933d00c4f3}
[2011/11/14 03:05:41 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\pbnuc32o.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/07/27 00:21:26 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\pbnuc32o.default\extensions\{b37a6702-aee2-4bf9-aefd-274063534d9a}
[2011/11/11 01:32:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\pbnuc32o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/11 12:28:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\pbnuc32o.default\extensions\{fada4963-fb46-4e15-96d1-cef89d4a4f9e}
[2011/11/23 21:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/23 19:41:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/04/26 22:02:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/30 08:11:52 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/11/02 04:34:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/23 19:41:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/23 07:13:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20110131083641.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110131083641.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-3584315620-3987319667-37350171-1000..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3584315620-3987319667-37350171-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3584315620-3987319667-37350171-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3584315620-3987319667-37350171-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3584315620-3987319667-37350171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989842F9-2467-4AC4-A406-FDF9AF8DD0A6}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/24 01:13:25 | 000,823,296 | ---- | C] (Cyberlink Corp.) -- C:\Users\Harry\AppData\Roaming\privacy.exe
[2011/11/23 22:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/23 19:44:00 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Harry\Desktop\tdsskiller(1).exe
[2011/11/23 19:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2011/11/23 19:40:56 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\tQH6dWK7fLgXj
[2011/11/23 19:40:56 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\cONtxA0uc2b3
[2011/11/23 12:14:39 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\E86D4
[2011/11/23 12:14:07 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\nddEEK8fRZ9hXwU
[2011/11/23 12:14:07 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud AV 2012
[2011/11/23 12:14:07 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\aDDD22obF4pm5sJ
[2011/11/23 12:14:06 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\7C4E8
[2011/11/23 12:14:01 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\uuuvvD22obFpm5s
[2011/11/23 12:14:01 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\lAAA1iivD
[2011/11/23 12:14:00 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\msWWJJ7dEL8gRqY
[2011/11/23 07:39:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/23 07:14:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/23 06:12:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/23 06:12:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/23 06:12:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/23 06:11:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/23 06:11:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/23 05:57:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/17 23:30:19 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cygnus Hex Editor
[2011/11/17 23:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygnus Hex Editor
[2011/11/17 23:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cygnus
[2011/11/15 22:22:11 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\adaware
[2011/11/15 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\ElevatedDiagnostics
[2011/11/15 20:25:14 | 000,000,000 | ---D | C] -- C:\Users\Harry\Documents\Dynamical Systems
[2011/11/14 13:23:14 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\Adobe
[2011/11/14 03:12:44 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/11/14 03:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2011/11/14 03:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/11/14 03:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2011/11/14 03:05:19 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/11/14 03:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/11/14 03:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/11/14 03:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/11/10 22:05:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
[2011/11/08 23:13:17 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
[2011/11/08 23:13:16 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\dppnnG5aa
[2011/11/02 20:12:30 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Audacity
[2011/11/02 20:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2011/11/02 03:33:34 | 000,000,000 | ---D | C] -- C:\Users\Harry\Documents\My Received Files
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Harry\AppData\Roaming\*.tmp files -> C:\Users\Harry\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/24 01:13:46 | 000,823,296 | ---- | M] (Cyberlink Corp.) -- C:\Users\Harry\AppData\Roaming\privacy.exe
[2011/11/24 01:13:46 | 000,000,774 | ---- | M] () -- C:\Users\Harry\Desktop\Privacy Protection.lnk
[2011/11/23 22:28:13 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 22:28:13 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 22:20:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/23 22:20:24 | 3016,695,808 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/23 19:43:28 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Harry\Desktop\tdsskiller(1).exe
[2011/11/23 19:42:20 | 000,002,054 | ---- | M] () -- C:\Users\Harry\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/23 19:42:09 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/11/23 15:06:43 | 002,921,984 | ---- | M] () -- C:\Users\Harry\Documents\usiz.exe
[2011/11/23 12:31:08 | 000,003,010 | ---- | M] () -- C:\Users\Harry\AppData\Roaming\ahst.lni
[2011/11/23 07:13:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/23 05:59:27 | 000,001,151 | ---- | M] () -- C:\Users\Harry\Desktop\ComboFix - Shortcut.lnk
[2011/11/22 14:49:18 | 000,624,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/22 14:49:18 | 000,106,746 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/22 14:49:17 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/20 03:22:23 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/20 03:22:23 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/18 01:07:10 | 000,001,594 | ---- | M] () -- C:\Users\Harry\Desktop\3dsmax - Shortcut.lnk
[2011/11/14 13:51:14 | 000,007,388 | ---- | M] () -- C:\Users\Harry\Documents\Technical Electives.pdf
[2011/11/14 03:12:44 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/11/14 03:12:40 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/14 03:05:28 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/12 00:01:32 | 000,001,594 | ---- | M] () -- C:\Users\Harry\Desktop\mbam - Shortcut.lnk
[2011/11/10 22:05:41 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
[2011/11/09 15:28:25 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/11/02 20:12:16 | 000,001,146 | ---- | M] () -- C:\Users\Harry\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/10/27 21:39:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Harry\AppData\Roaming\*.tmp files -> C:\Users\Harry\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/24 01:13:27 | 000,000,774 | ---- | C] () -- C:\Users\Harry\Desktop\Privacy Protection.lnk
[2011/11/23 19:41:39 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/11/23 15:05:50 | 002,921,984 | ---- | C] () -- C:\Users\Harry\Documents\usiz.exe
[2011/11/23 12:14:07 | 000,003,010 | ---- | C] () -- C:\Users\Harry\AppData\Roaming\ahst.lni
[2011/11/23 06:12:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/23 06:12:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/23 06:12:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/23 06:12:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/23 06:12:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/23 05:59:27 | 000,001,151 | ---- | C] () -- C:\Users\Harry\Desktop\ComboFix - Shortcut.lnk
[2011/11/18 01:07:10 | 000,001,594 | ---- | C] () -- C:\Users\Harry\Desktop\3dsmax - Shortcut.lnk
[2011/11/17 03:09:15 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/17 03:09:15 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/15 20:48:56 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/14 13:51:12 | 000,007,388 | ---- | C] () -- C:\Users\Harry\Documents\Technical Electives.pdf
[2011/11/14 03:05:28 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/12 00:01:32 | 000,001,594 | ---- | C] () -- C:\Users\Harry\Desktop\mbam - Shortcut.lnk
[2011/11/02 20:12:16 | 000,001,146 | ---- | C] () -- C:\Users\Harry\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/06/11 21:34:29 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/11 21:34:29 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/05 21:19:54 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2011/05/09 00:24:12 | 000,002,869 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2011/05/09 00:24:02 | 000,002,900 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2011/05/09 00:23:50 | 000,003,002 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/05/09 00:23:41 | 000,002,862 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2011/05/09 00:23:29 | 000,002,903 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/05/09 00:22:31 | 000,001,850 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
[2011/05/09 00:22:29 | 000,001,230 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Wave64 Codec.dat
[2011/05/09 00:22:27 | 000,002,234 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
[2011/05/09 00:22:25 | 000,011,479 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
[2011/05/09 00:22:13 | 000,001,212 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2011/05/09 00:22:11 | 000,003,014 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2011/05/09 00:21:56 | 000,003,159 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2011/05/09 00:21:02 | 000,018,038 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/05/09 00:20:33 | 000,002,999 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2011/05/09 00:19:56 | 000,002,871 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/05/09 00:19:36 | 000,002,879 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2011/05/09 00:18:57 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2011/05/09 00:18:00 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2011/05/09 00:17:49 | 000,002,993 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/05/09 00:17:42 | 000,243,064 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/05/09 00:17:42 | 000,002,849 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2011/03/03 21:53:16 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/17 00:11:11 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/08/17 00:09:42 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/08/17 00:09:42 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2010/08/17 00:09:42 | 000,000,035 | ---- | C] () -- C:\Windows\DELL_LANGCODE.ini
[2010/08/17 00:09:42 | 000,000,033 | ---- | C] () -- C:\Windows\DELL_OSTYPE.ini
[2010/08/17 00:09:42 | 000,000,032 | ---- | C] () -- C:\Windows\WisHWDest.ini
[2010/08/17 00:09:42 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/08/17 00:09:42 | 000,000,023 | ---- | C] () -- C:\Windows\WisSysInfo.ini
[2010/08/16 22:07:48 | 000,000,080 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/08/16 21:57:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 15:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 15:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 15:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

And that aswMBR scan finally finished. Came up with 4 things, didn't give me the option to fix any.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-24 01:19:48
-----------------------------
01:19:48.882 OS Version: Windows x64 6.1.7600
01:19:48.882 Number of processors: 3 586 0x503
01:19:48.883 ComputerName: HARRYS-PC UserName: Harry
01:19:52.307 Initialize success
01:20:00.430 AVAST engine defs: 11112302
01:20:16.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:20:16.642 Disk 0 Vendor: WDC_WD5000BEVT-75A0RT0 01.01A01 Size: 476940MB BusType: 11
01:20:18.692 Disk 0 MBR read successfully
01:20:18.694 Disk 0 MBR scan
01:20:18.699 Disk 0 Windows 7 default MBR code
01:20:18.702 Disk 0 MBR hidden
01:20:18.707 Service scanning
01:20:20.945 Modules scanning
01:20:20.948 Disk 0 trace - called modules:
01:20:20.971 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004cc3334]<<
01:20:20.974 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c9f060]
01:20:20.978 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bff060]
01:20:20.982 \Driver\atapi[0xfffffa8003ca9af0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004cc3334
01:20:22.996 AVAST engine scan C:\Windows
01:21:15.111 AVAST engine scan C:\Windows\system32
01:26:48.115 AVAST engine scan C:\Windows\system32\drivers
01:27:04.914 AVAST engine scan C:\Users\Harry
01:31:37.263 File: C:\Users\Harry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\31cb8c1-1a09bf47 **INFECTED** Win32:Gbot-M [Trj]
01:32:04.914 File: C:\Users\Harry\AppData\Roaming\Microsoft\ED37\234F.tmp **INFECTED** Win32:BackDoor-YH [Trj]
02:15:20.645 AVAST engine scan C:\ProgramData
02:22:25.066 Scan finished successfully
02:23:04.318 Disk 0 MBR has been saved successfully to "C:\Users\Harry\Downloads\MBR.dat"
02:23:04.348 The log file has been saved successfully to "C:\Users\Harry\Downloads\aswMBR.txt"

Ran MBAM again, specifically making sure it would find the two files that aswMBR found. After it found and removed them, I'm seemingly no longer getting search redirects. Windows Firewall runs, Windows Security Center still does not.

Edited by Sarthos, 24 November 2011 - 03:44 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 AM

Posted 24 November 2011 - 05:15 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Sarthos

Sarthos
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 24 November 2011 - 06:43 AM

fixTDSS says "***Infected MBR detected, Repair succeeded"

Re-running aswMBR right now.

And I got a "Privacy Protection shortcut" to appear on my desktop. Hit it with MBAM to get rid of it but not sure how/why it appeared. I thought I was pretty much cured.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users