Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Affecting Internet Connectivity


  • This topic is locked This topic is locked
30 replies to this topic

#1 dellvirushelp

dellvirushelp

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 25 February 2012 - 02:43 PM

My computer recently became infected with some viruses causing problems with internet connectivity, google redirect (when able to connect to internet), svchost trying to connect to malicious websites, etc. I noticed that several other posts in this forum had similar issues, so I attempted to remove the viruses on my own. I was not successful though, as I was still having issues connecting to the internet. Plase also note that I did run Combofix on my own, so I hope it didn't mess me up for good. I posted a topic here shortly afterwards, and it was moved to "Am I Infected? What do I do?" Someone helped me through a few things, and then asked me to post a new topic on this forum with the information below. They also mentioned to skip the GMER log. Really hoping someone can help me out.

Here is the DDS log and the Attach.txt file is also uploaded...

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Zog at 14:29:59 on 2012-02-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2783 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100816185114.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Zog\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{78CBE764-538B-4D75-8996-48D5DB6A6F54} : DhcpNameServer = 192.168.10.9 192.168.1.6
TCP: Interfaces\{B53AAFC3-EBDA-45D2-820D-019CDC0B1F57} : DhcpNameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{B53AAFC3-EBDA-45D2-820D-019CDC0B1F57}\67962757370226C6F636B6 : DhcpNameServer = 10.0.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100816185114.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe [2010-2-1 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-2-18 60928]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-17 652360]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-8-16 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-8-16 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-8-16 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-16 199032]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-16 244840]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-16 148520]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-18 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-18 79360]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-2-18 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-17 15:41:02 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-17 15:21:00 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-17 15:21:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-17 00:16:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-17 00:12:13 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-17 00:12:11 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-17 00:12:02 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-17 00:12:02 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-13 23:17:00 -------- d-----w- C:\Users\Zog\AppData\Local\Microsoft Help
2012-02-13 21:37:51 -------- d-----w- C:\Users\Zog\AppData\Roaming\Malwarebytes
2012-02-13 21:37:15 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-13 20:26:07 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-02-13 20:26:07 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-02-13 20:26:07 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-02-13 20:26:07 2565632 ----a-w- C:\Windows\System32\esent.dll
2012-02-13 20:26:07 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-02-13 20:26:07 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-02-13 20:26:07 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-02-13 20:26:07 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-02-13 20:26:07 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-02-13 20:26:06 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-02-13 20:26:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-02-13 20:24:09 2871808 ----a-w- C:\Windows\explorer.exe
2012-02-13 20:24:09 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2012-02-13 20:24:03 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-02-13 20:24:03 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-02-09 01:22:30 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\45B7.tmp
2012-02-09 01:22:30 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\45B6.tmp
.
==================== Find3M ====================
.
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:31:26.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:15 AM

Posted 29 February 2012 - 03:55 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 dellvirushelp

dellvirushelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 29 February 2012 - 11:26 AM

Hello myrti. Thank you for your reply. You mention to provide a list of the steps taken so far to correct my problem, and a good summary is provided in the following topic from another forum... http://www.bleepingcomputer.com/forums/topic443005.html/page__pid__2612503#entry2612503. Note that I have not done anything to my computer since completing that topic and starting this topic.

Here are the results from the two reports from OTL. This first report is from OTL.txt.

OTL logfile created on: 2/29/2012 10:58:51 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Zog\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 71.07% Memory free
7.73 Gb Paging File | 6.24 Gb Available in Paging File | 80.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 219.91 Gb Free Space | 77.60% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.45 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: HARTZOG | User Name: Zog | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/29 10:51:40 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Zog\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 08:39:58 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/06/30 12:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2009/07/05 16:12:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 19:54:17 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 19:54:13 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/13 18:28:47 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/31 19:32:58 | 000,244,840 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/05/31 19:32:58 | 000,199,032 | -H-- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/05/31 19:32:58 | 000,148,520 | -H-- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/04/15 08:45:10 | 000,509,416 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/12/14 00:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/09/08 10:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/16 20:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe -- (AESTFilters)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/06 08:39:58 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/06/30 12:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2010/02/18 15:01:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/02/18 15:00:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/02/18 14:59:52 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010/02/18 14:41:26 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/09/23 20:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/05 16:12:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/23 17:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/31 19:32:58 | 000,528,616 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/05/31 19:32:58 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/05/31 19:32:58 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/05/31 19:32:58 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/05/31 19:32:58 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/05/31 19:32:58 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/05/31 19:32:58 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/05/31 19:32:58 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/12/14 00:28:54 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/10/12 06:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/08 11:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/23 22:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/22 21:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/24 01:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/07/23 13:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/16 20:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 20:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/04 06:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/01 19:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 05:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/25 04:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 03:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 03:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4009086910-3260713129-4103888221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4009086910-3260713129-4103888221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-4009086910-3260713129-4103888221-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4009086910-3260713129-4103888221-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4009086910-3260713129-4103888221-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4009086910-3260713129-4103888221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4009086910-3260713129-4103888221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/06 15:54:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/06 15:54:57 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/02/17 10:40:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100816185114.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100816185114.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Zog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4009086910-3260713129-4103888221-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4009086910-3260713129-4103888221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.9 192.168.1.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78CBE764-538B-4D75-8996-48D5DB6A6F54}: DhcpNameServer = 192.168.10.9 192.168.1.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B53AAFC3-EBDA-45D2-820D-019CDC0B1F57}: DhcpNameServer = 192.168.1.1 68.238.112.12
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe - (Intuit Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE - (Intuit Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MsConfig:64bit - StartUpReg: FreeFallProtection - hkey= - key= - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: Intuit SyncManager - hkey= - key= - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: mcui_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RunDLLEntry - hkey= - key= - C:\Windows\SysNative\RunDLL32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: sysnetlib - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: SysTrayApp - hkey= - key= - C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: VolPanel - hkey= - key= - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BEA903B7-AA27-5964-D9A1-6A0C20F94C9B} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2012/02/29 10:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/02/29 10:51:35 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Zog\Desktop\OTL.exe
[2012/02/25 14:25:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Zog\Desktop\dds.scr
[2012/02/25 08:57:11 | 000,000,000 | ---D | C] -- C:\Users\Zog\Desktop\tdsskiller
[2012/02/25 08:54:22 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Zog\Desktop\aswMBR.exe
[2012/02/17 10:41:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/17 10:21:00 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/17 10:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/17 10:21:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/17 09:21:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/17 09:02:07 | 004,406,994 | R--- | C] (Swearware) -- C:\Users\Zog\Desktop\ComboFix.exe
[2012/02/16 19:41:30 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/16 19:41:30 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/16 19:41:28 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/16 19:41:28 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/16 19:41:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/16 19:41:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/16 19:41:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/16 19:41:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/16 19:41:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/16 19:41:27 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/16 19:41:27 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/16 19:16:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/16 19:12:02 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/13 18:23:08 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/13 18:23:08 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/13 18:23:08 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/13 18:23:08 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/13 18:23:08 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/13 18:23:08 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/13 18:23:08 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/13 18:23:08 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/13 18:23:08 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/13 18:23:08 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/13 18:23:08 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/13 18:23:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/13 18:23:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/13 18:23:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/13 18:23:08 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/13 18:23:08 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/13 18:23:08 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/13 18:23:08 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/13 18:23:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/13 18:23:08 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/13 18:23:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/13 18:23:08 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/13 18:23:08 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/13 18:23:08 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/13 18:23:08 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/13 18:23:08 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/13 18:23:08 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/13 18:23:08 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/13 18:23:08 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/13 18:23:08 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/13 18:23:08 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/13 18:23:08 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/13 18:23:08 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/13 18:23:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/13 18:23:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/13 18:23:08 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/13 18:23:08 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/13 18:23:08 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/13 18:23:08 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/13 18:23:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/13 18:23:08 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/13 18:23:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/13 18:23:08 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/13 18:23:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/13 18:23:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/13 18:23:08 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/13 18:23:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/13 18:23:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/13 18:23:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/13 18:23:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/13 18:23:07 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/13 18:23:07 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/13 18:23:07 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/13 18:23:07 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/13 18:23:07 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/13 18:23:07 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/13 18:23:07 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/13 18:23:07 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/13 18:23:07 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/13 18:23:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/13 18:23:07 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/13 18:17:00 | 000,000,000 | ---D | C] -- C:\Users\Zog\AppData\Local\Microsoft Help
[2012/02/13 16:37:51 | 000,000,000 | ---D | C] -- C:\Users\Zog\AppData\Roaming\Malwarebytes
[2012/02/13 16:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/13 15:55:59 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/13 15:26:07 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/02/13 15:26:07 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/02/13 15:26:07 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/02/13 15:26:07 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/02/13 15:26:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/02/13 15:26:07 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/02/13 15:26:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/02/13 15:25:35 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/02/13 15:25:34 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/02/13 15:25:34 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/02/13 15:25:34 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/02/13 15:25:34 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/02/13 15:25:34 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/02/13 15:25:34 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/02/13 15:25:34 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/02/13 15:25:34 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/02/13 15:25:33 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/02/13 15:25:33 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/02/13 15:25:33 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/02/13 15:25:33 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/02/13 15:24:09 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/02/13 15:24:09 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/02/13 15:24:03 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/02/13 15:24:03 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/02/13 15:23:59 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/02/13 15:23:59 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/02/13 15:23:57 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/02/13 15:23:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/02/13 15:23:46 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/02/13 15:23:44 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/02/13 15:23:41 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/02/13 15:23:41 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/02/13 15:23:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/02/13 15:23:37 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/02/13 15:23:37 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/01/31 09:50:06 | 000,000,000 | ---D | C] -- C:\Users\Zog\Documents\Zog Server Backup 01-31-12
[2012/01/31 07:27:12 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/31 07:27:12 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/31 07:27:12 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/31 07:27:12 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/31 07:27:12 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/31 07:27:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

========== Files - Modified Within 30 Days ==========

[2012/02/29 10:58:41 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 10:58:41 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 10:56:15 | 000,727,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/29 10:56:15 | 000,624,128 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/29 10:56:15 | 000,107,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/29 10:51:40 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Zog\Desktop\OTL.exe
[2012/02/29 10:51:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/29 10:50:55 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/25 14:28:38 | 000,000,000 | ---- | M] () -- C:\Users\Zog\defogger_reenable
[2012/02/25 14:25:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Zog\Desktop\dds.scr
[2012/02/25 14:25:04 | 000,050,477 | ---- | M] () -- C:\Users\Zog\Desktop\Defogger.exe
[2012/02/25 09:01:18 | 000,000,512 | ---- | M] () -- C:\Users\Zog\Desktop\MBR.dat
[2012/02/25 08:54:24 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Zog\Desktop\aswMBR.exe
[2012/02/24 08:32:06 | 000,337,133 | ---- | M] () -- C:\Users\Zog\Desktop\FSS.exe
[2012/02/24 08:29:54 | 000,000,136 | ---- | M] () -- C:\Users\Zog\Desktop\winsockfix.bat
[2012/02/23 19:56:48 | 000,396,041 | ---- | M] () -- C:\Users\Zog\Desktop\MiniToolBox.exe
[2012/02/17 10:40:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/17 09:02:10 | 004,406,994 | R--- | M] (Swearware) -- C:\Users\Zog\Desktop\ComboFix.exe
[2012/02/16 19:49:36 | 000,320,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/13 18:29:35 | 000,001,403 | ---- | M] () -- C:\Users\Zog\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/13 18:23:08 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/13 18:23:08 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/13 18:23:08 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/13 18:23:08 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/13 18:23:08 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/13 18:23:08 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/13 18:23:08 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/13 18:23:08 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/13 18:23:08 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/13 18:23:08 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/13 18:23:08 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/13 18:23:08 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/13 18:23:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/13 18:23:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/13 18:23:08 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/13 18:23:08 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/13 18:23:08 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/13 18:23:08 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/13 18:23:08 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/13 18:23:08 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/13 18:23:08 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/13 18:23:08 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/13 18:23:08 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/13 18:23:08 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/13 18:23:08 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/13 18:23:08 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/13 18:23:08 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/13 18:23:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/13 18:23:08 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/13 18:23:08 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/13 18:23:08 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/13 18:23:08 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/13 18:23:08 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/13 18:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/13 18:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/13 18:23:08 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/13 18:23:08 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/13 18:23:08 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/13 18:23:08 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/13 18:23:08 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/13 18:23:08 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/13 18:23:08 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/13 18:23:08 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/13 18:23:08 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/13 18:23:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/13 18:23:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/13 18:23:08 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/13 18:23:08 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/13 18:23:08 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/13 18:23:08 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/13 18:23:08 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/13 18:23:07 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/13 18:23:07 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/13 18:23:07 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/13 18:23:07 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/13 18:23:07 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/13 18:23:07 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/13 18:23:07 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/13 18:23:07 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/13 18:23:07 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/13 18:23:07 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/13 18:23:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/13 18:23:07 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/13 15:55:53 | 451,005,882 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/02/25 14:28:38 | 000,000,000 | ---- | C] () -- C:\Users\Zog\defogger_reenable
[2012/02/25 14:25:02 | 000,050,477 | ---- | C] () -- C:\Users\Zog\Desktop\Defogger.exe
[2012/02/25 09:01:18 | 000,000,512 | ---- | C] () -- C:\Users\Zog\Desktop\MBR.dat
[2012/02/24 08:32:03 | 000,337,133 | ---- | C] () -- C:\Users\Zog\Desktop\FSS.exe
[2012/02/24 08:29:56 | 000,000,136 | ---- | C] () -- C:\Users\Zog\Desktop\winsockfix.bat
[2012/02/23 19:56:43 | 000,396,041 | ---- | C] () -- C:\Users\Zog\Desktop\MiniToolBox.exe
[2012/02/13 18:23:08 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/13 18:23:07 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/13 15:55:53 | 451,005,882 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/02 15:28:26 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/07/09 11:14:17 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~38461176r
[2011/07/09 11:14:16 | 000,000,248 | -H-- | C] () -- C:\ProgramData\~38461176
[2011/07/09 11:13:53 | 000,000,392 | -H-- | C] () -- C:\ProgramData\38461176
[2010/06/06 15:47:04 | 000,232,912 | ---- | C] () -- C:\Windows\hpwins22.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2010/02/18 16:09:07 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/02/18 16:09:07 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/02/18 16:09:11 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/18 16:09:11 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/18 16:09:11 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/02/18 16:09:07 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/18 16:09:11 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/02/18 16:09:07 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >



Here is the Extra.txt report:

OTL Extras logfile created on: 2/29/2012 10:58:51 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Zog\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 71.07% Memory free
7.73 Gb Paging File | 6.24 Gb Available in Paging File | 80.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 219.91 Gb Free Space | 77.60% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.45 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: HARTZOG | User Name: Zog | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4009086910-3260713129-4103888221-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82D5414E-1890-9EB6-4D70-71D99F2303BA}" = ccc-utility64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D850BEF5-67AF-4071-9538-FA9AC725D62C}" = Officejet Pro 8500 A909 Series
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0E180A03-2496-E90A-23A6-351B6301E912}" = CCC Help German
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{1BCB3F87-B53D-9DFD-199E-004EDBFEE40B}" = Catalyst Control Center Graphics Previews Vista
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1E9A0A9C-DC61-A431-5E84-F63E16963D1D}" = CCC Help Dutch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F52BCA8-7C47-7895-035D-8E1951F94CE5}" = CCC Help English
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BC1E54D-4FA8-B37B-1FB1-38D8F3B32A66}" = CCC Help Korean
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BB88993-8444-18CE-679A-5D2108EAECFA}" = CCC Help Swedish
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40E4CF35-FF4C-4876-F16B-9E4773003D84}" = CCC Help Italian
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47397909-5132-A6F0-D580-6A6F4D213D60}" = CCC Help French
"{4A52DBCA-CDFE-4265-B0AF-7E243C2DA997}" = Catalyst Control Center InstallProxy
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4FAAF7D0-CB15-292D-886B-96FE2A069A7E}" = Catalyst Control Center Graphics Previews Common
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5067214A-A9D2-8925-9270-BF149913DB99}" = CCC Help Japanese
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{56E09BFC-D4A4-7FE4-02A9-A919D02B488D}" = Skins
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5D9A0559-63B8-33AA-ADAC-30E0D45F738E}" = Catalyst Control Center Graphics Light
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6EC756AA-7AEB-7CCB-7129-CCD7E54E8D0F}" = ccc-core-static
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CF7645-BFAD-4431-A59E-FBF273AE8B7C}" = Catalyst Control Center Core Implementation
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{97154923-423C-C470-6E18-ABED08732DFD}" = CCC Help Russian
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9CDEEA5A-1B5E-A242-24FF-DC594DC3733D}" = CCC Help Chinese Traditional
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9352913-9B23-D26A-3D98-9181239731C7}" = CCC Help Norwegian
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{B5EDDAAD-6F46-A2F8-2B51-860F0D8D609E}" = CCC Help Portuguese
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE53BB2F-FD8F-48b9-AC90-207D0D8EE028}" = 8500A909a
"{BFF24FDB-41F2-8123-0F52-DE29F34F46FA}" = CCC Help Finnish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA4F7074-8A0D-6D4F-D5C1-90A1B57F8CEC}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CED8F7BC-8477-2948-F52A-08C5F75FBA9A}" = Catalyst Control Center Graphics Full New
"{D15ED9D4-341E-3A0C-98AB-A695015B5648}" = Catalyst Control Center Localization All
"{D570918C-A2FB-4C61-34F9-74BA6A472263}" = CCC Help Spanish
"{D637ED44-FE11-9C9C-815D-11ADE2D7E8A0}" = CCC Help Danish
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F67D89A1-3081-9DBB-D1EB-758A06F79539}" = CCC Help Chinese Standard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Monopoly Here & Now Edition" = Monopoly Here & Now Edition
"MSC" = McAfee SecurityCenter
"Picasa 3" = Picasa 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4009086910-3260713129-4103888221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2012 7:20:10 PM | Computer Name = Hartzog | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2011": DB error
-100 ErrorMessage:'Database server not foun

Error - 1/19/2012 7:20:10 PM | Computer Name = Hartzog | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2011": QB_ReadOnly_engine_21
failed to stop with DMError message: Unable to shutdown server, DMError code:-6012,
DB Error code:-1

Error - 1/19/2012 7:20:10 PM | Computer Name = Hartzog | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2011": DMError Information:-6000
DB Specific Code:-80Additional Info:Bad Connection Handle Used Unable to start database
serv

Error - 1/19/2012 7:20:12 PM | Computer Name = Hartzog | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2011": InitSystem
returned non success HRESULT 0x800405

Error - 1/20/2012 7:32:55 PM | Computer Name = Hartzog | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/22/2012 6:21:36 PM | Computer Name = Hartzog | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 1/22/2012 6:21:36 PM | Computer Name = Hartzog | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 1/22/2012 6:21:36 PM | Computer Name = Hartzog | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/13/2012 4:17:10 PM | Computer Name = Hartzog | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/13/2012 4:17:10 PM | Computer Name = Hartzog | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Broadcom Wireless LAN Events ]
Error - 2/10/2012 7:50:06 PM | Computer Name = Hartzog | Source = WLAN-Tray | ID = 0
Description = 18:50:06, Fri, Feb 10, 12 Error - Unable to gain access to user store


[ Dell Events ]
Error - 9/24/2010 7:54:10 PM | Computer Name = Hartzog | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 6/10/2011 8:51:33 PM | Computer Name = Hartzog | Source = MCUpdate | ID = 0
Description = 8:51:33 PM - Error connecting to the internet. 8:51:33 PM - Unable
to contact server..

Error - 6/10/2011 8:51:40 PM | Computer Name = Hartzog | Source = MCUpdate | ID = 0
Description = 8:51:38 PM - Error connecting to the internet. 8:51:38 PM - Unable
to contact server..

Error - 6/21/2011 8:49:49 PM | Computer Name = Hartzog | Source = MCUpdate | ID = 0
Description = 8:49:49 PM - Failed to retrieve Directory (Error: Invalid security
token.)

Error - 7/11/2011 7:10:27 PM | Computer Name = Hartzog | Source = MCUpdate | ID = 0
Description = 7:10:23 PM - Error connecting to the internet. 7:10:24 PM - Unable
to contact server..

Error - 8/23/2011 9:32:27 PM | Computer Name = Hartzog | Source = MCUpdate | ID = 0
Description = 9:32:26 PM - Error connecting to the internet. 9:32:26 PM - Unable
to contact server..

Error - 8/24/2011 8:00:15 PM | Computer Name = Hartzog | Source = MCUpdate | ID = 0
Description = 8:00:14 PM - Error connecting to the internet. 8:00:14 PM - Unable
to contact server..

Error - 8/24/2011 8:00:27 PM | Computer Name = Hartzog | Source = MCUpdate | ID = 0
Description = 8:00:20 PM - Error connecting to the internet. 8:00:20 PM - Unable
to contact server..

[ System Events ]
Error - 2/17/2012 10:30:33 AM | Computer Name = Hartzog | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/17/2012 10:31:57 AM | Computer Name = Hartzog | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 2/17/2012 11:30:26 AM | Computer Name = Hartzog | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
time(s).

Error - 2/17/2012 11:30:26 AM | Computer Name = Hartzog | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/17/2012 11:34:33 AM | Computer Name = Hartzog | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/17/2012 11:39:08 AM | Computer Name = Hartzog | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/17/2012 11:40:33 AM | Computer Name = Hartzog | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 2/17/2012 11:43:05 AM | Computer Name = Hartzog | Source = BROWSER | ID = 8032
Description =

Error - 2/17/2012 11:56:42 AM | Computer Name = Hartzog | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
time(s).

Error - 2/17/2012 11:56:42 AM | Computer Name = Hartzog | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:15 AM

Posted 29 February 2012 - 05:34 PM

Hi,

can you please post the log form combofix you get and a log from FSS:
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 dellvirushelp

dellvirushelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 01 March 2012 - 08:15 AM

Hey myrti. It may help to give you a little background on my running Combofix, which was before realizing I was making a huge mistake running it on my own. I ran it once, then attempted to follow some instructions about how to uninstall it. For some reason, it actually ran a second time. I then attempted to uninstall it again, and it worked the second time. I believe the log below is from the second run, and I believe the log from the first run has been deleted. After that experience, I then reached out to this forum for help.

Combofix log...

ComboFix 12-02-17.02 - Zog 02/17/2012 10:31:20.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2825 [GMT -5:00]
Running from: c:\users\Zog\Desktop\ComboFix.exe
Command switches used :: / uninstall
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-17 15:38 . 2012-02-17 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-17 15:21 . 2012-02-17 15:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-17 15:21 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 00:16 . 2012-02-17 00:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-17 00:12 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 00:12 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-17 00:12 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 00:12 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-13 23:17 . 2012-02-13 23:17 -------- d-----w- c:\users\Zog\AppData\Local\Microsoft Help
2012-02-13 21:37 . 2012-02-13 21:37 -------- d-----w- c:\users\Zog\AppData\Roaming\Malwarebytes
2012-02-13 21:37 . 2012-02-13 21:37 -------- d-----w- c:\programdata\Malwarebytes
2012-02-13 20:26 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-02-13 20:26 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-02-13 20:26 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-02-13 20:26 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-02-13 20:26 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-02-13 20:26 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-02-13 20:26 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-02-13 20:26 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-02-13 20:26 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-02-13 20:26 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-02-13 20:26 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-02-13 20:24 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2012-02-13 20:24 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-02-13 20:24 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-13 20:24 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-02-09 01:22 . 2012-02-09 01:22 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\45B7.tmp
2012-02-09 01:22 . 2012-02-09 01:22 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\45B6.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-17_14.32.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-18 20:01 . 2012-02-17 15:14 61310 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-17 15:14 34370 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-25 19:20 . 2012-02-17 15:14 20942 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4009086910-3260713129-4103888221-1000_UserData.bin
- 2010-02-25 13:18 . 2012-02-17 14:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-25 13:18 . 2012-02-17 15:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-25 13:18 . 2012-02-17 14:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-25 13:18 . 2012-02-17 15:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-17 14:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-17 15:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-17 15:06 . 2012-02-17 15:06 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\c22781f6201c8db16b404644884e48b8\WindowsLiveWriter.ni.exe
+ 2012-02-17 15:07 . 2012-02-17 15:07 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b018eb1e5276252053c62766b66978e9\WindowsLive.Writer.Api.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\df6e2f050af3e7a7676650240ef9d7e5\System.Windows.Presentation.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e66fcffbc602b284e20b6c49f4ac64b6\System.Web.DynamicData.Design.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2463cb2600fc129e38f67974f3553368\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\bef92fc6725738f2a261600dab88cd66\PresentationFontCache.ni.exe
+ 2012-02-17 15:08 . 2012-02-17 15:08 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\7834abeef71f9188bb9d9253d8f807ab\Microsoft.WSMan.Runtime.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ef668f1802501935d634458ef637f5e7\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\a66c7d26f61bb8e12960441a77159102\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\61a8d567fe6450b5b77584b0044a6979\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\52785c0dca46f1e08b5cf9299fba9ae0\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\183073b14873e3b18951879ae4a8b425\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\824d2cc6a8193a2458ce90e579c8b8f5\Microsoft.Vsa.ni.dll
+ 2010-04-04 14:50 . 2012-02-17 14:54 1904 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-02-17 14:31 . 2012-02-17 14:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-17 15:40 . 2012-02-17 15:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-17 15:40 . 2012-02-17 15:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-17 14:31 . 2012-02-17 14:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-02-17 15:15 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-17 14:03 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-17 15:15 737280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-17 14:03 737280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:36 . 2012-02-17 15:17 624128 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-17 14:05 624128 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-17 15:17 107728 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-17 14:05 107728 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-02-17 15:39 287080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-17 14:30 287080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-13 23:57 . 2012-02-17 15:39 409368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4009086910-3260713129-4103888221-1000-8192.dat
+ 2012-02-17 15:10 . 2012-02-17 15:10 472576 c:\windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\afc5368f90ec60a06936dc00bf6c18e9\VistaBridgeLibrary.ni.dll
+ 2012-02-17 15:10 . 2012-02-17 15:10 736768 c:\windows\assembly\NativeImages_v2.0.50727_64\VDialog\48eb0fa4373a42c2da93f56c580f869e\VDialog.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 407552 c:\windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\1544eaee85f685abaa4a4dab79e71891\MyDock.Util.ni.dll
+ 2012-02-17 15:10 . 2012-02-17 15:10 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\cb1c199305d00b2424e707311eb9dcfd\Microsoft.Vsa.ni.dll
+ 2012-02-17 15:10 . 2012-02-17 15:10 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\f2808fb3389d3e28e2b0223dcd654e02\ComSvcConfig.ni.exe
+ 2012-02-17 15:09 . 2012-02-17 15:09 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\45af2aab82a69a1a6fe0f7cef4024673\BDATunePIA.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\105e77fbca8c5bb29988f3847b0d599f\WsatConfig.ni.exe
+ 2012-02-17 15:07 . 2012-02-17 15:07 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\89b33061218d345ed0b937b7fe785df9\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dd50adf5a3ac7dadf33131f4eb595a57\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b8347c45498583e893bf6d2f32b3557c\WindowsLive.Writer.Passport.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8b0678e775e389f71cfa327fa7d9517d\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\83710dc46973b5d931177e243fe32f83\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7fce28738c3284334511cc990338c2c8\WindowsLive.Writer.Interop.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7a491a59942aabc7006dfa22ecf97d83\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\799eebb88b45f4bb1d319354fb9c4ab1\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7638e949e82bcb69be73a5d980b15849\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6bc2037a1ce1c95b8ef186df80cc245e\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5de26322b6768d6ca30c7916372b8d79\WindowsLive.Writer.Controls.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4603800223476adaa15d9ddcddad4517\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 258560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3763ca29387f486abc63a7d4cbfb2417\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\34be42e5977a1297ddb2037a48c02c30\WindowsLive.Writer.Localization.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\d037382638d933e81479a0099d33663d\WindowsLive.Client.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d0972fea9e965a565c3cff76982709db\UIAutomationClient.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\ff345d3a2aaafb8a960c3d400e3c11a9\TaskScheduler.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\fa1161af51ab42a61bfac9d02d469a06\System.Xml.Linq.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\43e0731fbb58632563909f1fa5dfe063\System.Web.Routing.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\95f94674ddc4b1224df94bd7ae19c9ef\System.Web.Extensions.Design.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4c569a365154300e49ab3450f74c2618\System.Web.Entity.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fb21c5770bc64fc4105787238842f70d\System.Web.Entity.Design.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\785e2ad4125cef423bc367b37fabb71c\System.Web.DynamicData.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\685fb72f0189330eda1d62176fb38996\System.Web.Abstractions.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2273d6ab12c9ae0d52842a84d586b8df\System.Net.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\a717cdb44ec0d3238c621efa420a9956\System.Messaging.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b5930434d0d624701114e014513c9041\System.Management.Instrumentation.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7651951311f9d134e6bc08be7dc9ddc7\System.IO.Log.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\8b0dc9405f292a93ddd52eb76bb88169\System.IdentityModel.Selectors.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\344d3289061b28a0f7fb19229f45bb9c\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\6a6642467bcccf0345c5e9139e7fd9ae\System.Data.Services.Design.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\c1cf8e31da405f07780fa7b0f28cc650\System.Data.Entity.Design.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\71400a36c8621388031e00075f2fc8e9\System.Data.DataSetExtensions.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\05c4011ad0068d0af722b4b52677d915\System.AddIn.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\17b78ffee2144cf38f024e73b131158d\SMSvcHost.ni.exe
+ 2012-02-17 15:07 . 2012-02-17 15:07 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\281b67b96a2dd473dad4d222da0ca514\SMDiagnostics.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\62531ec9534c96e83de2bbd4edfd07e8\napsnap.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\bb49eea48fd5f546afc6d5be634d3cb9\napinit.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\4ac4095081957a001a6174c0b9f7f195\MSBuild.ni.exe
+ 2012-02-17 15:07 . 2012-02-17 15:07 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\bd5a72adac7a95585984d5bcce994b71\MMCFxCommon.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\928fb6b2401fffd8cc993578c3a04acd\Microsoft.WSMan.Management.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 467456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e310c89edd37695bcf8372dff46370b8\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\481b6ebea3e357f29a4ec0e8193d36d3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eda566c4dc6595779c3c9dfc359575ed\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\df4f6b6f33d84b7f438c3f3b66f0336d\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\951235283ff1d4a91ffaa92ea8693249\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5f7928a2ffe462f16e25f03be01966e9\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2015eca4346e34310e958089b22a9c62\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\6386ef67ed70f53fe6424246d256190d\Microsoft.ManagementConsole.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\c8e128b5e6ceee852cb1f8c165c2177e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9795da40a8ee0bc54e91792de7422152\Microsoft.Build.Utilities.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\be7ad749a064283deab76fad38bf2930\Microsoft.Build.Engine.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\f42105699650a206e2ae439ac54ad40a\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\886a8c3d4f00567df779318fea56f28a\mcstoredb.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\58ea1059f397ccd13d6a8d94d7be7830\EventViewer.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\9d5219961228fb5236c843ea75c69d39\ehRecObj.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\6a07aa6df4d45d1485b6a2749647a3aa\ehExtHost32.ni.exe
+ 2012-02-17 15:07 . 2012-02-17 15:07 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\39ab6b73bdbaac85b90cc561761916f7\ComSvcConfig.ni.exe
+ 2012-02-17 15:06 . 2012-02-17 15:06 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\d89086a63a9d85aa9d719d7088e5ae69\BDATunePIA.ni.dll
- 2009-07-14 04:54 . 2012-02-17 14:03 2572288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-17 15:15 2572288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-17 15:09 . 2012-02-17 15:09 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\6860203a3f244d4c6b89ff38a9c9cadb\System.Management.ni.dll
+ 2012-02-17 15:10 . 2012-02-17 15:10 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\e05059a258a8b75d8981f29ecd9baf72\Microsoft.VisualBasic.ni.dll
+ 2012-02-17 15:10 . 2012-02-17 15:10 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\551b383e39b9fedb84e25c9fc7d763ee\Microsoft.JScript.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 3419648 c:\windows\assembly\NativeImages_v2.0.50727_64\DellDock\fa52211b1a57fcff58564110e8fec1fa\DellDock.ni.exe
+ 2012-02-17 15:07 . 2012-02-17 15:07 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\79b01bf3184976b55bab95f00d0e8874\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\657650ba065cc3fc506bb4b445b6c14b\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 1105408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\323b597d6a83a762756db2c1f7234e43\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\c463ccf17b00f16ed8e60a6ba1cb46e5\UIAutomationClientsideProviders.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\99f03be29e7f6de2f4bc278b83f0761b\System.WorkflowServices.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0eada94e6fc22ecdf69ec412fe7df0b9\System.Web.Mobile.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8ae9ee071050afc6dce19f5248817d66\System.Web.Extensions.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\8e4b0ae89bdfbe3eac1b79dacef4ef79\System.Speech.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\0113a0162fe157bb4f0130a60bbcad1a\System.ServiceModel.Web.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bc96c5c6e644452270ff7c3d066ff713\System.Runtime.Serialization.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\f4d8c56c790b998bd1bb971905bfae78\System.Management.Automation.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d939fca96c3645bb8806ea8ae43cc0ca\System.IdentityModel.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\47c2a93f42a371ac1b3756d098ac18a5\System.Data.Services.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3763b8ac5fa0a96ad5100a53b10b4449\System.Data.Services.Client.ni.dll
+ 2012-02-17 15:09 . 2012-02-17 15:09 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\1fe993f1045190570a2c69cb32f9d62d\System.Data.Linq.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\932542a144496e3a9cb9155270fd4492\System.Data.Entity.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\d2c547794ac1c167fe24904e6848d5cc\PresentationBuildTasks.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\308236e39e3ad82c6b5bfa2d955735e3\Narrator.ni.exe
+ 2012-02-17 15:08 . 2012-02-17 15:08 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\b792eec16fb24a0f73ca20e1551bfcbf\MMCEx.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\44f2bd588202e6bdacf0b867c7011057\MIGUIControls.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1a6921bcfb8ade6652efb9f095b275f1\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\86fa49490bc929adf75488903f0dac4b\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\413c3be0ba8ed04984a0bb3044e0c2e0\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2f66392066352b804d8022664e7bf8de\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\558d4558f0857891cf0d41d818e7b490\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\03d64144ed3ea21cbeea0c872ece14b6\Microsoft.MediaCenter.ni.dll
+ 2012-02-17 15:08 . 2012-02-17 15:08 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\09cea564f5888335ef97bd104d7e4ea6\Microsoft.JScript.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\ca0dacd1a4dc23e5d7bb3e6548282b6b\Microsoft.Ink.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e566cc5fe7ad95b0a9fca152b335b551\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2b23923536c41d0fb8ab658f6c9a95c1\Microsoft.Build.Tasks.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6b8459651fae37b63ab314350a8eff8a\Microsoft.Build.Engine.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\103b0155f85ff08fc9940bd0c3aa0128\mcstore.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\c28c1427f0691e070b77b4ad97000e4c\mcepg.ni.dll
+ 2012-02-17 15:10 . 2012-02-17 15:10 22171136 c:\windows\assembly\NativeImages_v2.0.50727_64\MenuSkinning\c7460b1e26850f20a784d3195cdd8b54\MenuSkinning.ni.dll
+ 2012-02-17 15:07 . 2012-02-17 15:07 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b74950292d5681795d9d2c1a72a79952\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Zog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-18 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-18 79360]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-02-18 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 244840]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 148520]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.9 192.168.1.6
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe - c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-02-17 10:50:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-17 15:50
ComboFix2.txt 2012-02-17 14:42
.
Pre-Run: 225,646,936,064 bytes free
Post-Run: 225,206,939,648 bytes free
.
- - End Of File - - 5AA6C620DBD034CDEE53572D81C5F82D



Here is the FSS.txt log...

Farbar Service Scanner Version: 22-02-2012
Ran by Zog (administrator) on 01-03-2012 at 08:04:42
Running from "C:\Users\Zog\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:15 AM

Posted 01 March 2012 - 06:22 PM

Hi,

could you please check if there is a folder called qoobox in C:\?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 dellvirushelp

dellvirushelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 01 March 2012 - 06:31 PM

Hey myrti. The C:\ does not have a folder named qoobox.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:15 AM

Posted 02 March 2012 - 06:15 AM

Hi,

that is unfortunate as that means any leftovers and logs from ComboFix were removed, so we don't know what was done and what wasn't done.

Could yuo boot into safe mode with network connection and let me know if you can get online there.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 dellvirushelp

dellvirushelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 02 March 2012 - 02:33 PM

It is unfortunate, and I am learning a hard lesson. I did reboot in safe mode (minimal services with network), and I could not get online. It appears to be seeing the connection, but it can't make the connection. Thanks again for your help.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:15 AM

Posted 03 March 2012 - 08:22 AM

Hi,

could you try resetting your McAfee Firewall to see if that helps? Do you use a router to connect to the internet? Is it allowing you onto the internet?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 dellvirushelp

dellvirushelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 03 March 2012 - 08:41 AM

Hey myrti. I can connect to the Internet!!! Resetting the firewall seems to have done the trick. Now that it is working, are there any special steps I should follow to remove the programs used during this topic?

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:15 AM

Posted 03 March 2012 - 09:37 AM

HI,

great! :)

There's a number of things i'd like to check to make sure nothing is lurking, but then we can wrap things up and send you on your way :)

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 dellvirushelp

dellvirushelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 03 March 2012 - 03:57 PM

Hey myrti. I ran the programs you requested, and here are the results...


Log from awsMBR...

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 13:54:59
-----------------------------
13:54:59.166 OS Version: Windows x64 6.1.7601 Service Pack 1
13:54:59.166 Number of processors: 4 586 0x2502
13:54:59.182 ComputerName: HARTZOG UserName: Zog
13:55:04.096 Initialize success
13:55:19.613 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:55:19.613 Disk 0 Vendor: ST9320423AS 0004SDM1 Size: 305245MB BusType: 11
13:55:19.645 Disk 0 MBR read successfully
13:55:19.645 Disk 0 MBR scan
13:55:19.660 Disk 0 Windows VISTA default MBR code
13:55:19.660 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
13:55:19.691 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
13:55:19.707 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325
13:55:19.738 Disk 0 scanning C:\Windows\system32\drivers
13:55:35.713 Service scanning
13:55:53.933 Modules scanning
13:55:53.949 Disk 0 trace - called modules:
13:55:53.949
13:55:53.965 Scan finished successfully
13:56:01.328 Disk 0 MBR has been saved successfully to "C:\Users\Zog\Desktop\MBR.dat"
13:56:01.343 The log file has been saved successfully to "C:\Users\Zog\Desktop\aswMBR.txt"


Here is the data from ESET Online Scanner. Note that a txt file was not created in the folder mentioned, and ESET did not uninstall itself on close...

C:\ProgramData\Microsoft\Windows\DRM\45B6.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\45B7.tmp Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\16.02.2012_19.15.21\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\16.02.2012_19.15.21\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\16.02.2012_19.15.21\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AYG trojan
C:\TDSSKiller_Quarantine\16.02.2012_19.15.21\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.JG trojan
C:\TDSSKiller_Quarantine\16.02.2012_19.15.21\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\16.02.2012_19.15.21\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\16.02.2012_19.15.21\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.X trojan
C:\Users\All Users\Microsoft\Windows\DRM\45B6.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\45B7.tmp Win64/Olmarik.AD trojan
C:\Users\Zog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LTGU3YXR\10104[1].pdf JS/Exploit.Pdfka.PHI trojan
C:\Users\Zog\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\43296140-2e82b677 a variant of Java/TrojanDownloader.Agent.ME trojan
C:\Users\Zog\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\88743cf-2afe27e3 a variant of Java/TrojanDownloader.Agent.ME trojan
C:\Users\Zog\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\9656d3-57ac1b2e multiple threats
C:\Users\Zog\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\b259575-23cfbc8f Java/Exploit.CVE-2011-3544.AC trojan
C:\Users\Zog\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31eb127a-1d7a41c7 multiple threats


Looks like it found a few things, so looking forward to hearing your thoughts on how to remove them.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:15 AM

Posted 04 March 2012 - 08:51 AM

Hi,

could you please rerun the aswMBR once more after disabling your security software. There are some parts that weren't executed correctly and I want to see if they were blocked by McAfee.

regars myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 dellvirushelp

dellvirushelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 04 March 2012 - 04:26 PM

Here are the results from a second run with security disabled. Please let me know if it executed properly this time.


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 16:21:27
-----------------------------
16:21:27.997 OS Version: Windows x64 6.1.7601 Service Pack 1
16:21:27.997 Number of processors: 4 586 0x2502
16:21:27.997 ComputerName: HARTZOG UserName: Zog
16:21:29.042 Initialize success
16:21:38.096 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:21:38.096 Disk 0 Vendor: ST9320423AS 0004SDM1 Size: 305245MB BusType: 11
16:21:38.127 Disk 0 MBR read successfully
16:21:38.127 Disk 0 MBR scan
16:21:38.127 Disk 0 Windows VISTA default MBR code
16:21:38.127 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
16:21:38.143 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
16:21:38.158 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325
16:21:38.189 Disk 0 scanning C:\Windows\system32\drivers
16:21:46.224 Service scanning
16:22:04.491 Modules scanning
16:22:04.491 Disk 0 trace - called modules:
16:22:04.522 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:22:04.538 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c19060]
16:22:04.538 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004aaeb70]
16:22:04.554 5 stdflt.sys[fffff88001993a4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004916060]
16:22:04.554 Scan finished successfully
16:22:18.141 Disk 0 MBR has been saved successfully to "C:\Users\Zog\Desktop\MBR.dat"
16:22:18.157 The log file has been saved successfully to "C:\Users\Zog\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users