Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with win32/sirefef.er need help removing


  • This topic is locked This topic is locked
11 replies to this topic

#1 MToast

MToast

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 07 March 2012 - 12:31 AM

Hi!

I need help in removing Win32/sirefef.er from my computer. basically I keep getting alerts from AVG that my computer is infected with this virus and continue to get the same notice even after it says 'threat removed.' After doing some research I found that it is a Trojan that is in AVG, I saw a similar post on the forum here with the same issue so I am hoping you can help me as well. :thumbup2:

Thanks, and much appreciated.

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:56 AM

Posted 07 March 2012 - 02:33 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 MToast

MToast
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 07 March 2012 - 07:40 PM

Hi! thank you for the quick response and the information. my username is a fine way to refer me as.

Here is the TDSSKILLER log:

16:53:30.0921 3616 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
16:53:31.0582 3616 ============================================================
16:53:31.0582 3616 Current date / time: 2012/03/07 16:53:31.0582
16:53:31.0582 3616 SystemInfo:
16:53:31.0582 3616
16:53:31.0582 3616 OS Version: 6.0.6002 ServicePack: 2.0
16:53:31.0582 3616 Product type: Workstation
16:53:31.0582 3616 ComputerName: MARK-PC
16:53:31.0583 3616 UserName: Mark
16:53:31.0583 3616 Windows directory: C:\Windows
16:53:31.0583 3616 System windows directory: C:\Windows
16:53:31.0583 3616 Processor architecture: Intel x86
16:53:31.0583 3616 Number of processors: 2
16:53:31.0583 3616 Page size: 0x1000
16:53:31.0583 3616 Boot type: Normal boot
16:53:31.0583 3616 ============================================================
16:53:32.0582 3616 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:53:32.0586 3616 \Device\Harddisk0\DR0:
16:53:32.0586 3616 MBR used
16:53:32.0586 3616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4F039
16:53:32.0586 3616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D629FE, BlocksNum 0x236CBE02
16:53:32.0695 3616 Initialize success
16:53:32.0695 3616 ============================================================
16:54:12.0961 1900 ============================================================
16:54:12.0961 1900 Scan started
16:54:12.0961 1900 Mode: Manual; SigCheck; TDLFS;
16:54:12.0961 1900 ============================================================
16:54:14.0114 1900 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:54:14.0357 1900 ACPI - ok
16:54:14.0585 1900 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:54:14.0659 1900 adp94xx - ok
16:54:14.0812 1900 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:54:14.0852 1900 adpahci - ok
16:54:14.0912 1900 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:54:14.0943 1900 adpu160m - ok
16:54:15.0007 1900 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:54:15.0035 1900 adpu320 - ok
16:54:15.0260 1900 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:54:15.0363 1900 AFD - ok
16:54:15.0593 1900 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:54:15.0617 1900 agp440 - ok
16:54:15.0777 1900 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:54:15.0807 1900 aic78xx - ok
16:54:16.0011 1900 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:54:16.0037 1900 aliide - ok
16:54:16.0301 1900 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:54:16.0332 1900 amdagp - ok
16:54:16.0524 1900 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:54:16.0546 1900 amdide - ok
16:54:16.0743 1900 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:54:16.0937 1900 AmdK7 - ok
16:54:17.0243 1900 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:54:17.0328 1900 AmdK8 - ok
16:54:17.0535 1900 ApfiltrService (5bffa4db168d2d0f99c182732535e82f) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:54:17.0603 1900 ApfiltrService - ok
16:54:17.0812 1900 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:54:17.0840 1900 arc - ok
16:54:17.0981 1900 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:54:18.0007 1900 arcsas - ok
16:54:18.0079 1900 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:54:18.0171 1900 AsyncMac - ok
16:54:18.0276 1900 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
16:54:18.0301 1900 atapi - ok
16:54:18.0476 1900 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:54:18.0500 1900 AVGIDSDriver - ok
16:54:18.0521 1900 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:54:18.0544 1900 AVGIDSEH - ok
16:54:18.0579 1900 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:54:18.0594 1900 AVGIDSFilter - ok
16:54:18.0625 1900 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
16:54:18.0640 1900 AVGIDSShim - ok
16:54:18.0803 1900 Avgldx86 (ad09a0c03374d09ec6b5f42570911226) C:\Windows\system32\DRIVERS\avgldx86.sys
16:54:18.0823 1900 Suspicious file (Forged): C:\Windows\system32\DRIVERS\avgldx86.sys. Real md5: ad09a0c03374d09ec6b5f42570911226, Fake md5: bf8118cd5e2255387b715b534d64acd1
16:54:18.0826 1900 Avgldx86 ( Virus.Win32.ZAccess.aml ) - infected
16:54:18.0827 1900 Avgldx86 - detected Virus.Win32.ZAccess.aml (0)
16:54:18.0953 1900 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
16:54:18.0973 1900 Avgmfx86 - ok
16:54:19.0055 1900 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
16:54:19.0073 1900 Avgrkx86 - ok
16:54:19.0120 1900 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
16:54:19.0147 1900 Avgtdix - ok
16:54:19.0272 1900 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
16:54:19.0289 1900 BCM42RLY - ok
16:54:19.0371 1900 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:54:19.0474 1900 BCM43XX - ok
16:54:19.0653 1900 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:54:19.0774 1900 Beep - ok
16:54:19.0943 1900 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:54:20.0007 1900 blbdrive - ok
16:54:20.0212 1900 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:54:20.0281 1900 bowser - ok
16:54:20.0435 1900 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:54:20.0574 1900 BrFiltLo - ok
16:54:20.0884 1900 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:54:20.0945 1900 BrFiltUp - ok
16:54:21.0079 1900 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:54:21.0312 1900 Brserid - ok
16:54:21.0462 1900 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:54:21.0580 1900 BrSerWdm - ok
16:54:21.0701 1900 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:54:21.0806 1900 BrUsbMdm - ok
16:54:21.0938 1900 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:54:22.0044 1900 BrUsbSer - ok
16:54:22.0100 1900 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:54:22.0205 1900 BTHMODEM - ok
16:54:22.0315 1900 catchme - ok
16:54:22.0426 1900 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:54:22.0511 1900 cdfs - ok
16:54:22.0587 1900 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:54:22.0649 1900 cdrom - ok
16:54:22.0733 1900 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:54:22.0807 1900 circlass - ok
16:54:22.0928 1900 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:54:22.0973 1900 CLFS - ok
16:54:23.0208 1900 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:54:23.0288 1900 CmBatt - ok
16:54:23.0355 1900 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:54:23.0382 1900 cmdide - ok
16:54:23.0431 1900 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:54:23.0455 1900 Compbatt - ok
16:54:23.0504 1900 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:54:23.0524 1900 crcdisk - ok
16:54:23.0556 1900 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:54:23.0620 1900 Crusoe - ok
16:54:23.0776 1900 CtClsFlt (281b2b60b5cb449bcf0474eecf73ebec) C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:54:23.0836 1900 CtClsFlt - ok
16:54:23.0968 1900 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:54:24.0076 1900 DfsC - ok
16:54:24.0260 1900 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:54:24.0288 1900 disk - ok
16:54:24.0352 1900 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:54:24.0426 1900 drmkaud - ok
16:54:24.0553 1900 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:54:24.0616 1900 DXGKrnl - ok
16:54:24.0813 1900 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:54:24.0891 1900 e1express - ok
16:54:25.0064 1900 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:54:25.0114 1900 E1G60 - ok
16:54:25.0296 1900 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:54:25.0327 1900 Ecache - ok
16:54:25.0444 1900 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:54:25.0478 1900 elxstor - ok
16:54:25.0528 1900 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
16:54:25.0591 1900 ErrDev - ok
16:54:25.0765 1900 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:54:25.0833 1900 exfat - ok
16:54:25.0959 1900 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:54:26.0024 1900 fastfat - ok
16:54:26.0156 1900 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:54:26.0226 1900 fdc - ok
16:54:26.0388 1900 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:54:26.0414 1900 FileInfo - ok
16:54:26.0461 1900 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:54:26.0530 1900 Filetrace - ok
16:54:26.0555 1900 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:54:26.0626 1900 flpydisk - ok
16:54:26.0682 1900 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:54:26.0712 1900 FltMgr - ok
16:54:26.0867 1900 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:54:26.0922 1900 Fs_Rec - ok
16:54:27.0089 1900 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:54:27.0111 1900 gagp30kx - ok
16:54:27.0168 1900 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:54:27.0184 1900 GEARAspiWDM - ok
16:54:27.0336 1900 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:54:27.0456 1900 HDAudBus - ok
16:54:27.0593 1900 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:54:27.0718 1900 HidBth - ok
16:54:27.0874 1900 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:54:27.0979 1900 HidIr - ok
16:54:28.0185 1900 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:54:28.0245 1900 HidUsb - ok
16:54:28.0334 1900 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:54:28.0359 1900 HpCISSs - ok
16:54:28.0420 1900 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:54:28.0495 1900 HTTP - ok
16:54:28.0549 1900 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:54:28.0570 1900 i2omp - ok
16:54:28.0639 1900 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:54:28.0698 1900 i8042prt - ok
16:54:28.0859 1900 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\drivers\iastor.sys
16:54:28.0888 1900 iaStor - ok
16:54:28.0951 1900 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:54:29.0004 1900 iaStorV - ok
16:54:29.0415 1900 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:54:30.0086 1900 igfx - ok
16:54:30.0223 1900 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:54:30.0252 1900 iirsp - ok
16:54:30.0314 1900 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:54:30.0334 1900 intelide - ok
16:54:30.0381 1900 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:54:30.0447 1900 intelppm - ok
16:54:30.0595 1900 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:54:30.0676 1900 IpFilterDriver - ok
16:54:30.0792 1900 IpInIp - ok
16:54:30.0883 1900 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:54:30.0964 1900 IPMIDRV - ok
16:54:31.0030 1900 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:54:31.0096 1900 IPNAT - ok
16:54:31.0146 1900 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:54:31.0213 1900 IRENUM - ok
16:54:31.0252 1900 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:54:31.0272 1900 isapnp - ok
16:54:31.0328 1900 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:54:31.0361 1900 iScsiPrt - ok
16:54:31.0399 1900 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:54:31.0426 1900 iteatapi - ok
16:54:31.0486 1900 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:54:31.0522 1900 iteraid - ok
16:54:31.0547 1900 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:54:31.0568 1900 kbdclass - ok
16:54:31.0595 1900 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
16:54:31.0666 1900 kbdhid - ok
16:54:31.0842 1900 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:54:31.0886 1900 KSecDD - ok
16:54:32.0132 1900 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:54:32.0207 1900 lltdio - ok
16:54:32.0359 1900 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:54:32.0386 1900 LSI_FC - ok
16:54:32.0424 1900 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:54:32.0452 1900 LSI_SAS - ok
16:54:32.0523 1900 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:54:32.0554 1900 LSI_SCSI - ok
16:54:32.0607 1900 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:54:32.0671 1900 luafv - ok
16:54:32.0813 1900 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:54:32.0833 1900 megasas - ok
16:54:32.0869 1900 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:54:32.0903 1900 MegaSR - ok
16:54:32.0932 1900 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:54:32.0984 1900 Modem - ok
16:54:33.0042 1900 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:54:33.0109 1900 monitor - ok
16:54:33.0243 1900 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:54:33.0270 1900 mouclass - ok
16:54:33.0305 1900 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:54:33.0382 1900 mouhid - ok
16:54:33.0422 1900 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:54:33.0451 1900 MountMgr - ok
16:54:33.0517 1900 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:54:33.0546 1900 mpio - ok
16:54:33.0575 1900 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:54:33.0657 1900 mpsdrv - ok
16:54:33.0767 1900 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:54:33.0792 1900 Mraid35x - ok
16:54:33.0860 1900 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:54:33.0930 1900 MRxDAV - ok
16:54:34.0059 1900 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:54:34.0136 1900 mrxsmb - ok
16:54:34.0194 1900 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:54:34.0241 1900 mrxsmb10 - ok
16:54:34.0343 1900 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:54:34.0431 1900 mrxsmb20 - ok
16:54:34.0478 1900 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
16:54:34.0503 1900 msahci - ok
16:54:34.0533 1900 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:54:34.0565 1900 msdsm - ok
16:54:34.0600 1900 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:54:34.0675 1900 Msfs - ok
16:54:34.0801 1900 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:54:34.0827 1900 msisadrv - ok
16:54:34.0875 1900 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:54:34.0941 1900 MSKSSRV - ok
16:54:34.0967 1900 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:54:35.0041 1900 MSPCLOCK - ok
16:54:35.0071 1900 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:54:35.0143 1900 MSPQM - ok
16:54:35.0183 1900 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:54:35.0220 1900 MsRPC - ok
16:54:35.0278 1900 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:54:35.0296 1900 mssmbios - ok
16:54:35.0322 1900 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:54:35.0391 1900 MSTEE - ok
16:54:35.0435 1900 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:54:35.0459 1900 Mup - ok
16:54:35.0597 1900 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:54:35.0646 1900 NativeWifiP - ok
16:54:35.0724 1900 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:54:35.0771 1900 NDIS - ok
16:54:35.0938 1900 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:54:36.0005 1900 NdisTapi - ok
16:54:36.0048 1900 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:54:36.0158 1900 Ndisuio - ok
16:54:36.0209 1900 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:54:36.0275 1900 NdisWan - ok
16:54:36.0318 1900 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:54:36.0377 1900 NDProxy - ok
16:54:36.0450 1900 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:54:36.0529 1900 NetBIOS - ok
16:54:36.0595 1900 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:54:36.0644 1900 netbt - ok
16:54:36.0765 1900 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:54:36.0794 1900 nfrd960 - ok
16:54:36.0850 1900 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:54:36.0895 1900 Npfs - ok
16:54:36.0953 1900 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:54:37.0029 1900 nsiproxy - ok
16:54:37.0132 1900 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:54:37.0238 1900 Ntfs - ok
16:54:37.0329 1900 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:54:37.0426 1900 ntrigdigi - ok
16:54:37.0458 1900 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:54:37.0526 1900 Null - ok
16:54:37.0548 1900 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:54:37.0580 1900 nvraid - ok
16:54:37.0607 1900 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:54:37.0636 1900 nvstor - ok
16:54:37.0659 1900 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:54:37.0694 1900 nv_agp - ok
16:54:37.0705 1900 NwlnkFlt - ok
16:54:37.0720 1900 NwlnkFwd - ok
16:54:37.0781 1900 OA013Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA013Ufd.sys
16:54:37.0860 1900 OA013Ufd - ok
16:54:37.0995 1900 OA013Vid (0e1b4f70a1e7d49235a04860e77e9bfa) C:\Windows\system32\DRIVERS\OA013Vid.sys
16:54:38.0083 1900 OA013Vid - ok
16:54:38.0275 1900 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:54:38.0376 1900 ohci1394 - ok
16:54:38.0488 1900 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:54:38.0595 1900 Parport - ok
16:54:39.0016 1900 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:54:39.0048 1900 partmgr - ok
16:54:39.0171 1900 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:54:39.0250 1900 Parvdm - ok
16:54:39.0304 1900 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:54:39.0340 1900 pci - ok
16:54:39.0368 1900 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:54:39.0396 1900 pciide - ok
16:54:39.0419 1900 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:54:39.0450 1900 pcmcia - ok
16:54:39.0508 1900 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:54:39.0679 1900 PEAUTH - ok
16:54:39.0851 1900 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:54:39.0926 1900 PptpMiniport - ok
16:54:39.0956 1900 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:54:40.0024 1900 Processor - ok
16:54:40.0155 1900 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:54:40.0202 1900 PSched - ok
16:54:40.0361 1900 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
16:54:40.0391 1900 PxHelp20 - ok
16:54:40.0473 1900 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:54:40.0584 1900 ql2300 - ok
16:54:40.0666 1900 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:54:40.0699 1900 ql40xx - ok
16:54:40.0755 1900 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:54:40.0839 1900 QWAVEdrv - ok
16:54:41.0017 1900 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
16:54:41.0264 1900 R300 - ok
16:54:41.0392 1900 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:54:41.0469 1900 RasAcd - ok
16:54:41.0544 1900 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:54:41.0603 1900 Rasl2tp - ok
16:54:41.0640 1900 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:54:41.0708 1900 RasPppoe - ok
16:54:41.0798 1900 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:54:41.0837 1900 RasSstp - ok
16:54:41.0876 1900 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:54:41.0943 1900 rdbss - ok
16:54:41.0992 1900 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:54:42.0048 1900 RDPCDD - ok
16:54:42.0134 1900 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:54:42.0195 1900 rdpdr - ok
16:54:42.0235 1900 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:54:42.0313 1900 RDPENCDD - ok
16:54:42.0398 1900 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:54:42.0468 1900 RDPWD - ok
16:54:42.0612 1900 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
16:54:42.0675 1900 RimUsb - ok
16:54:42.0737 1900 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:54:42.0818 1900 rspndr - ok
16:54:42.0946 1900 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:54:42.0996 1900 RTL8169 - ok
16:54:43.0053 1900 RTSTOR (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS
16:54:43.0101 1900 RTSTOR - ok
16:54:43.0156 1900 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:54:43.0188 1900 sbp2port - ok
16:54:43.0232 1900 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:54:43.0344 1900 secdrv - ok
16:54:43.0396 1900 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:54:43.0501 1900 Serenum - ok
16:54:43.0529 1900 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:54:43.0625 1900 Serial - ok
16:54:43.0750 1900 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:54:43.0807 1900 sermouse - ok
16:54:43.0842 1900 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:54:43.0902 1900 sffdisk - ok
16:54:43.0932 1900 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:54:43.0999 1900 sffp_mmc - ok
16:54:44.0109 1900 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:54:44.0181 1900 sffp_sd - ok
16:54:44.0228 1900 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:54:44.0334 1900 sfloppy - ok
16:54:44.0368 1900 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:54:44.0400 1900 sisagp - ok
16:54:44.0423 1900 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:54:44.0444 1900 SiSRaid2 - ok
16:54:44.0467 1900 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:54:44.0497 1900 SiSRaid4 - ok
16:54:44.0553 1900 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:54:44.0620 1900 Smb - ok
16:54:44.0659 1900 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:54:44.0689 1900 spldr - ok
16:54:44.0756 1900 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:54:44.0826 1900 srv - ok
16:54:44.0955 1900 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:54:44.0996 1900 srv2 - ok
16:54:45.0036 1900 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:54:45.0095 1900 srvnet - ok
16:54:45.0272 1900 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys
16:54:45.0382 1900 STHDA - ok
16:54:45.0528 1900 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:54:45.0548 1900 swenum - ok
16:54:45.0582 1900 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:54:45.0602 1900 Symc8xx - ok
16:54:45.0640 1900 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:54:45.0672 1900 Sym_hi - ok
16:54:45.0695 1900 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:54:45.0722 1900 Sym_u3 - ok
16:54:45.0799 1900 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:54:45.0960 1900 Tcpip - ok
16:54:46.0118 1900 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:54:46.0214 1900 Tcpip6 - ok
16:54:46.0356 1900 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:54:46.0436 1900 tcpipreg - ok
16:54:46.0557 1900 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:54:46.0655 1900 TDPIPE - ok
16:54:46.0683 1900 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:54:46.0739 1900 TDTCP - ok
16:54:46.0782 1900 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:54:46.0850 1900 tdx - ok
16:54:46.0890 1900 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:54:46.0924 1900 TermDD - ok
16:54:47.0016 1900 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:54:47.0085 1900 tssecsrv - ok
16:54:47.0119 1900 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:54:47.0167 1900 tunmp - ok
16:54:47.0286 1900 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
16:54:47.0334 1900 tunnel - ok
16:54:47.0361 1900 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:54:47.0395 1900 uagp35 - ok
16:54:47.0446 1900 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:54:47.0514 1900 udfs - ok
16:54:47.0622 1900 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:54:47.0656 1900 uliagpkx - ok
16:54:47.0682 1900 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:54:47.0725 1900 uliahci - ok
16:54:47.0749 1900 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:54:47.0783 1900 UlSata - ok
16:54:47.0812 1900 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:54:47.0846 1900 ulsata2 - ok
16:54:47.0871 1900 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:54:47.0928 1900 umbus - ok
16:54:47.0989 1900 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:54:48.0064 1900 USBAAPL - ok
16:54:48.0115 1900 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:54:48.0167 1900 usbccgp - ok
16:54:48.0301 1900 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:54:48.0403 1900 usbcir - ok
16:54:48.0555 1900 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:54:48.0627 1900 usbehci - ok
16:54:48.0674 1900 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:54:48.0727 1900 usbhub - ok
16:54:48.0811 1900 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:54:48.0905 1900 usbohci - ok
16:54:48.0946 1900 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
16:54:49.0046 1900 usbprint - ok
16:54:49.0104 1900 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:54:49.0173 1900 USBSTOR - ok
16:54:49.0207 1900 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:54:49.0269 1900 usbuhci - ok
16:54:49.0380 1900 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:54:49.0443 1900 vga - ok
16:54:49.0478 1900 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:54:49.0549 1900 VgaSave - ok
16:54:49.0644 1900 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:54:49.0675 1900 viaagp - ok
16:54:49.0698 1900 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:54:49.0756 1900 ViaC7 - ok
16:54:49.0781 1900 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:54:49.0805 1900 viaide - ok
16:54:49.0918 1900 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:54:49.0951 1900 volmgr - ok
16:54:50.0002 1900 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:54:50.0051 1900 volmgrx - ok
16:54:50.0085 1900 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:54:50.0120 1900 volsnap - ok
16:54:50.0207 1900 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:54:50.0242 1900 vsmraid - ok
16:54:50.0273 1900 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:54:50.0359 1900 WacomPen - ok
16:54:50.0389 1900 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:54:50.0439 1900 Wanarp - ok
16:54:50.0449 1900 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:54:50.0485 1900 Wanarpv6 - ok
16:54:50.0546 1900 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:54:50.0579 1900 Wd - ok
16:54:50.0635 1900 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:54:50.0686 1900 Wdf01000 - ok
16:54:50.0810 1900 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:54:50.0858 1900 WmiAcpi - ok
16:54:50.0999 1900 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:54:51.0066 1900 WpdUsb - ok
16:54:51.0202 1900 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:54:51.0279 1900 ws2ifsl - ok
16:54:51.0429 1900 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:54:51.0479 1900 WSDPrintDevice - ok
16:54:51.0561 1900 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:54:51.0644 1900 WUDFRd - ok
16:54:51.0692 1900 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:54:51.0856 1900 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:54:51.0856 1900 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:54:51.0896 1900 Boot (0x1200) (ae6baf7e75ccc209be629f996dbbcb8b) \Device\Harddisk0\DR0\Partition0
16:54:51.0899 1900 \Device\Harddisk0\DR0\Partition0 - ok
16:54:51.0904 1900 Boot (0x1200) (c6a0fdfc91cadc24ef94e9b38cc39c34) \Device\Harddisk0\DR0\Partition1
16:54:51.0906 1900 \Device\Harddisk0\DR0\Partition1 - ok
16:54:51.0910 1900 ============================================================
16:54:51.0910 1900 Scan finished
16:54:51.0910 1900 ============================================================
16:54:51.0958 1772 Detected object count: 2
16:54:51.0958 1772 Actual detected object count: 2
16:55:17.0302 1772 Avgldx86 ( Virus.Win32.ZAccess.aml ) - skipped by user
16:55:17.0302 1772 Avgldx86 ( Virus.Win32.ZAccess.aml ) - User select action: Skip
16:55:17.0305 1772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:55:17.0306 1772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:55:29.0906 6080 ============================================================
16:55:29.0906 6080 Scan started
16:55:29.0906 6080 Mode: Manual; SigCheck; TDLFS;
16:55:29.0906 6080 ============================================================
16:55:30.0379 6080 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:55:30.0424 6080 ACPI - ok
16:55:30.0501 6080 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:55:30.0558 6080 adp94xx - ok
16:55:30.0673 6080 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:55:30.0698 6080 adpahci - ok
16:55:30.0763 6080 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:55:30.0783 6080 adpu160m - ok
16:55:30.0912 6080 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:55:30.0936 6080 adpu320 - ok
16:55:31.0011 6080 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:55:31.0051 6080 AFD - ok
16:55:31.0114 6080 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:55:31.0135 6080 agp440 - ok
16:55:31.0187 6080 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:55:31.0212 6080 aic78xx - ok
16:55:31.0279 6080 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:55:31.0296 6080 aliide - ok
16:55:31.0338 6080 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:55:31.0356 6080 amdagp - ok
16:55:31.0448 6080 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:55:31.0466 6080 amdide - ok
16:55:31.0526 6080 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:55:31.0570 6080 AmdK7 - ok
16:55:31.0619 6080 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:55:31.0675 6080 AmdK8 - ok
16:55:31.0736 6080 ApfiltrService (5bffa4db168d2d0f99c182732535e82f) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:55:31.0757 6080 ApfiltrService - ok
16:55:31.0843 6080 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:55:31.0861 6080 arc - ok
16:55:31.0895 6080 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:55:31.0913 6080 arcsas - ok
16:55:31.0960 6080 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:55:32.0009 6080 AsyncMac - ok
16:55:32.0037 6080 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
16:55:32.0056 6080 atapi - ok
16:55:32.0192 6080 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:55:32.0214 6080 AVGIDSDriver - ok
16:55:32.0238 6080 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:55:32.0254 6080 AVGIDSEH - ok
16:55:32.0278 6080 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:55:32.0291 6080 AVGIDSFilter - ok
16:55:32.0315 6080 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
16:55:32.0333 6080 AVGIDSShim - ok
16:55:32.0365 6080 Avgldx86 (ad09a0c03374d09ec6b5f42570911226) C:\Windows\system32\DRIVERS\avgldx86.sys
16:55:32.0367 6080 Suspicious file (Forged): C:\Windows\system32\DRIVERS\avgldx86.sys. Real md5: ad09a0c03374d09ec6b5f42570911226, Fake md5: bf8118cd5e2255387b715b534d64acd1
16:55:32.0371 6080 Avgldx86 ( Virus.Win32.ZAccess.aml ) - infected
16:55:32.0371 6080 Avgldx86 - detected Virus.Win32.ZAccess.aml (0)
16:55:32.0405 6080 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
16:55:32.0422 6080 Avgmfx86 - ok
16:55:32.0449 6080 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
16:55:32.0467 6080 Avgrkx86 - ok
16:55:32.0506 6080 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
16:55:32.0527 6080 Avgtdix - ok
16:55:32.0570 6080 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
16:55:32.0584 6080 BCM42RLY - ok
16:55:32.0659 6080 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:55:32.0716 6080 BCM43XX - ok
16:55:32.0852 6080 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:55:32.0910 6080 Beep - ok
16:55:32.0944 6080 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:55:32.0992 6080 blbdrive - ok
16:55:33.0092 6080 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:55:33.0118 6080 bowser - ok
16:55:33.0150 6080 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:55:33.0196 6080 BrFiltLo - ok
16:55:33.0214 6080 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:55:33.0248 6080 BrFiltUp - ok
16:55:33.0276 6080 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:55:33.0365 6080 Brserid - ok
16:55:33.0388 6080 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:55:33.0463 6080 BrSerWdm - ok
16:55:33.0558 6080 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:55:33.0642 6080 BrUsbMdm - ok
16:55:33.0662 6080 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:55:33.0744 6080 BrUsbSer - ok
16:55:33.0846 6080 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:55:33.0921 6080 BTHMODEM - ok
16:55:33.0971 6080 catchme - ok
16:55:34.0062 6080 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:55:34.0122 6080 cdfs - ok
16:55:34.0163 6080 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:55:34.0215 6080 cdrom - ok
16:55:34.0259 6080 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:55:34.0303 6080 circlass - ok
16:55:34.0344 6080 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:55:34.0371 6080 CLFS - ok
16:55:34.0426 6080 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:55:34.0482 6080 CmBatt - ok
16:55:34.0504 6080 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:55:34.0523 6080 cmdide - ok
16:55:34.0561 6080 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:55:34.0578 6080 Compbatt - ok
16:55:34.0614 6080 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:55:34.0631 6080 crcdisk - ok
16:55:34.0660 6080 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:55:34.0717 6080 Crusoe - ok
16:55:34.0751 6080 CtClsFlt (281b2b60b5cb449bcf0474eecf73ebec) C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:55:34.0787 6080 CtClsFlt - ok
16:55:34.0834 6080 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:55:34.0869 6080 DfsC - ok
16:55:34.0904 6080 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:55:34.0924 6080 disk - ok
16:55:34.0975 6080 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:55:35.0021 6080 drmkaud - ok
16:55:35.0078 6080 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:55:35.0119 6080 DXGKrnl - ok
16:55:35.0228 6080 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:55:35.0288 6080 e1express - ok
16:55:35.0348 6080 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:55:35.0391 6080 E1G60 - ok
16:55:35.0437 6080 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:55:35.0460 6080 Ecache - ok
16:55:35.0552 6080 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:55:35.0580 6080 elxstor - ok
16:55:35.0635 6080 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
16:55:35.0675 6080 ErrDev - ok
16:55:35.0730 6080 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:55:35.0768 6080 exfat - ok
16:55:35.0792 6080 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:55:35.0831 6080 fastfat - ok
16:55:35.0856 6080 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:55:35.0915 6080 fdc - ok
16:55:35.0939 6080 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:55:35.0957 6080 FileInfo - ok
16:55:35.0985 6080 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:55:36.0034 6080 Filetrace - ok
16:55:36.0057 6080 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:55:36.0099 6080 flpydisk - ok
16:55:36.0228 6080 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:55:36.0252 6080 FltMgr - ok
16:55:36.0303 6080 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:55:36.0426 6080 Fs_Rec - ok
16:55:36.0514 6080 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:55:36.0537 6080 gagp30kx - ok
16:55:36.0571 6080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:55:36.0585 6080 GEARAspiWDM - ok
16:55:36.0707 6080 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:55:36.0764 6080 HDAudBus - ok
16:55:36.0843 6080 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:55:36.0932 6080 HidBth - ok
16:55:36.0958 6080 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:55:37.0048 6080 HidIr - ok
16:55:37.0092 6080 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:55:37.0139 6080 HidUsb - ok
16:55:37.0242 6080 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:55:37.0259 6080 HpCISSs - ok
16:55:37.0303 6080 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:55:37.0344 6080 HTTP - ok
16:55:37.0434 6080 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:55:37.0452 6080 i2omp - ok
16:55:37.0481 6080 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:55:37.0531 6080 i8042prt - ok
16:55:37.0591 6080 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\drivers\iastor.sys
16:55:37.0617 6080 iaStor - ok
16:55:37.0669 6080 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:55:37.0692 6080 iaStorV - ok
16:55:37.0969 6080 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:55:38.0372 6080 igfx - ok
16:55:38.0504 6080 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:55:38.0521 6080 iirsp - ok
16:55:38.0561 6080 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:55:38.0578 6080 intelide - ok
16:55:38.0606 6080 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:55:38.0664 6080 intelppm - ok
16:55:38.0766 6080 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:55:38.0823 6080 IpFilterDriver - ok
16:55:38.0834 6080 IpInIp - ok
16:55:38.0856 6080 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:55:38.0900 6080 IPMIDRV - ok
16:55:39.0025 6080 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:55:39.0081 6080 IPNAT - ok
16:55:39.0107 6080 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:55:39.0164 6080 IRENUM - ok
16:55:39.0257 6080 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:55:39.0275 6080 isapnp - ok
16:55:39.0323 6080 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:55:39.0346 6080 iScsiPrt - ok
16:55:39.0427 6080 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:55:39.0444 6080 iteatapi - ok
16:55:39.0467 6080 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:55:39.0484 6080 iteraid - ok
16:55:39.0509 6080 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:55:39.0526 6080 kbdclass - ok
16:55:39.0557 6080 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
16:55:39.0616 6080 kbdhid - ok
16:55:39.0672 6080 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:55:39.0705 6080 KSecDD - ok
16:55:39.0774 6080 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:55:39.0827 6080 lltdio - ok
16:55:39.0869 6080 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:55:39.0888 6080 LSI_FC - ok
16:55:39.0912 6080 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:55:39.0931 6080 LSI_SAS - ok
16:55:40.0066 6080 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:55:40.0086 6080 LSI_SCSI - ok
16:55:40.0117 6080 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:55:40.0177 6080 luafv - ok
16:55:40.0213 6080 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:55:40.0231 6080 megasas - ok
16:55:40.0292 6080 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:55:40.0321 6080 MegaSR - ok
16:55:40.0387 6080 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:55:40.0446 6080 Modem - ok
16:55:40.0475 6080 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:55:40.0535 6080 monitor - ok
16:55:40.0555 6080 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:55:40.0573 6080 mouclass - ok
16:55:40.0595 6080 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:55:40.0638 6080 mouhid - ok
16:55:40.0657 6080 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:55:40.0675 6080 MountMgr - ok
16:55:40.0708 6080 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:55:40.0727 6080 mpio - ok
16:55:40.0756 6080 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:55:40.0790 6080 mpsdrv - ok
16:55:40.0815 6080 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:55:40.0832 6080 Mraid35x - ok
16:55:40.0875 6080 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:55:40.0916 6080 MRxDAV - ok
16:55:41.0000 6080 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:55:41.0040 6080 mrxsmb - ok
16:55:41.0077 6080 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:55:41.0110 6080 mrxsmb10 - ok
16:55:41.0149 6080 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:55:41.0175 6080 mrxsmb20 - ok
16:55:41.0207 6080 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
16:55:41.0224 6080 msahci - ok
16:55:41.0251 6080 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:55:41.0270 6080 msdsm - ok
16:55:41.0316 6080 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:55:41.0378 6080 Msfs - ok
16:55:41.0407 6080 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:55:41.0425 6080 msisadrv - ok
16:55:41.0480 6080 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:55:41.0541 6080 MSKSSRV - ok
16:55:41.0562 6080 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:55:41.0610 6080 MSPCLOCK - ok
16:55:41.0633 6080 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:55:41.0695 6080 MSPQM - ok
16:55:41.0789 6080 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:55:41.0814 6080 MsRPC - ok
16:55:41.0862 6080 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:55:41.0879 6080 mssmbios - ok
16:55:41.0950 6080 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:55:42.0009 6080 MSTEE - ok
16:55:42.0052 6080 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:55:42.0073 6080 Mup - ok
16:55:42.0181 6080 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:55:42.0216 6080 NativeWifiP - ok
16:55:42.0275 6080 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:55:42.0309 6080 NDIS - ok
16:55:42.0347 6080 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:55:42.0397 6080 NdisTapi - ok
16:55:42.0412 6080 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:55:42.0464 6080 Ndisuio - ok
16:55:42.0573 6080 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:55:42.0608 6080 NdisWan - ok
16:55:42.0649 6080 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:55:42.0701 6080 NDProxy - ok
16:55:42.0770 6080 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:55:42.0830 6080 NetBIOS - ok
16:55:42.0893 6080 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:55:42.0945 6080 netbt - ok
16:55:42.0997 6080 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:55:43.0014 6080 nfrd960 - ok
16:55:43.0115 6080 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:55:43.0168 6080 Npfs - ok
16:55:43.0199 6080 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:55:43.0246 6080 nsiproxy - ok
16:55:43.0307 6080 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:55:43.0359 6080 Ntfs - ok
16:55:43.0395 6080 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:55:43.0486 6080 ntrigdigi - ok
16:55:43.0513 6080 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:55:43.0573 6080 Null - ok
16:55:43.0681 6080 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:55:43.0700 6080 nvraid - ok
16:55:43.0717 6080 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:55:43.0736 6080 nvstor - ok
16:55:43.0813 6080 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:55:43.0833 6080 nv_agp - ok
16:55:43.0869 6080 NwlnkFlt - ok
16:55:43.0901 6080 NwlnkFwd - ok
16:55:43.0969 6080 OA013Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA013Ufd.sys
16:55:44.0007 6080 OA013Ufd - ok
16:55:44.0061 6080 OA013Vid (0e1b4f70a1e7d49235a04860e77e9bfa) C:\Windows\system32\DRIVERS\OA013Vid.sys
16:55:44.0099 6080 OA013Vid - ok
16:55:44.0143 6080 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:55:44.0237 6080 ohci1394 - ok
16:55:44.0334 6080 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:55:44.0426 6080 Parport - ok
16:55:44.0477 6080 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:55:44.0497 6080 partmgr - ok
16:55:44.0599 6080 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:55:44.0701 6080 Parvdm - ok
16:55:44.0755 6080 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:55:44.0778 6080 pci - ok
16:55:44.0863 6080 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:55:44.0881 6080 pciide - ok
16:55:44.0914 6080 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:55:44.0934 6080 pcmcia - ok
16:55:44.0980 6080 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:55:45.0081 6080 PEAUTH - ok
16:55:45.0259 6080 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:55:45.0302 6080 PptpMiniport - ok
16:55:45.0363 6080 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:55:45.0427 6080 Processor - ok
16:55:45.0473 6080 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:55:45.0525 6080 PSched - ok
16:55:45.0571 6080 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
16:55:45.0608 6080 PxHelp20 - ok
16:55:45.0759 6080 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:55:45.0813 6080 ql2300 - ok
16:55:45.0952 6080 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:55:45.0972 6080 ql40xx - ok
16:55:46.0008 6080 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:55:46.0048 6080 QWAVEdrv - ok
16:55:46.0205 6080 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
16:55:46.0334 6080 R300 - ok
16:55:46.0480 6080 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:55:46.0523 6080 RasAcd - ok
16:55:46.0555 6080 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:55:46.0621 6080 Rasl2tp - ok
16:55:46.0828 6080 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:55:46.0879 6080 RasPppoe - ok
16:55:46.0919 6080 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:55:46.0962 6080 RasSstp - ok
16:55:47.0063 6080 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:55:47.0117 6080 rdbss - ok
16:55:47.0158 6080 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:55:47.0213 6080 RDPCDD - ok
16:55:47.0243 6080 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:55:47.0307 6080 rdpdr - ok
16:55:47.0319 6080 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:55:47.0366 6080 RDPENCDD - ok
16:55:47.0409 6080 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:55:47.0456 6080 RDPWD - ok
16:55:47.0535 6080 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
16:55:47.0573 6080 RimUsb - ok
16:55:47.0638 6080 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:55:47.0702 6080 rspndr - ok
16:55:47.0835 6080 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:55:47.0870 6080 RTL8169 - ok
16:55:47.0910 6080 RTSTOR (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS
16:55:47.0948 6080 RTSTOR - ok
16:55:48.0057 6080 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:55:48.0075 6080 sbp2port - ok
16:55:48.0122 6080 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:55:48.0219 6080 secdrv - ok
16:55:48.0264 6080 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:55:48.0340 6080 Serenum - ok
16:55:48.0440 6080 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:55:48.0517 6080 Serial - ok
16:55:48.0563 6080 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:55:48.0634 6080 sermouse - ok
16:55:48.0776 6080 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:55:48.0832 6080 sffdisk - ok
16:55:48.0855 6080 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:55:48.0903 6080 sffp_mmc - ok
16:55:48.0922 6080 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:55:48.0988 6080 sffp_sd - ok
16:55:49.0129 6080 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:55:49.0222 6080 sfloppy - ok
16:55:49.0291 6080 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:55:49.0310 6080 sisagp - ok
16:55:49.0335 6080 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:55:49.0353 6080 SiSRaid2 - ok
16:55:49.0489 6080 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:55:49.0520 6080 SiSRaid4 - ok
16:55:49.0564 6080 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:55:49.0600 6080 Smb - ok
16:55:49.0659 6080 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:55:49.0677 6080 spldr - ok
16:55:49.0811 6080 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:55:49.0839 6080 srv - ok
16:55:49.0870 6080 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:55:49.0895 6080 srv2 - ok
16:55:49.0949 6080 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:55:49.0976 6080 srvnet - ok
16:55:50.0052 6080 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys
16:55:50.0081 6080 STHDA - ok
16:55:50.0187 6080 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:55:50.0205 6080 swenum - ok
16:55:50.0241 6080 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:55:50.0259 6080 Symc8xx - ok
16:55:50.0332 6080 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:55:50.0350 6080 Sym_hi - ok
16:55:50.0431 6080 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:55:50.0449 6080 Sym_u3 - ok
16:55:50.0535 6080 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:55:50.0585 6080 Tcpip - ok
16:55:50.0733 6080 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:55:50.0785 6080 Tcpip6 - ok
16:55:50.0960 6080 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:55:50.0984 6080 tcpipreg - ok
16:55:51.0029 6080 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:55:51.0072 6080 TDPIPE - ok
16:55:51.0177 6080 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:55:51.0221 6080 TDTCP - ok
16:55:51.0265 6080 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:55:51.0300 6080 tdx - ok
16:55:51.0429 6080 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:55:51.0450 6080 TermDD - ok
16:55:51.0532 6080 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:55:51.0575 6080 tssecsrv - ok
16:55:51.0602 6080 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:55:51.0636 6080 tunmp - ok
16:55:51.0758 6080 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
16:55:51.0792 6080 tunnel - ok
16:55:51.0834 6080 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:55:51.0852 6080 uagp35 - ok
16:55:51.0885 6080 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:55:51.0923 6080 udfs - ok
16:55:51.0973 6080 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:55:51.0992 6080 uliagpkx - ok
16:55:52.0021 6080 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:55:52.0045 6080 uliahci - ok
16:55:52.0067 6080 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:55:52.0091 6080 UlSata - ok
16:55:52.0119 6080 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:55:52.0138 6080 ulsata2 - ok
16:55:52.0266 6080 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:55:52.0310 6080 umbus - ok
16:55:52.0373 6080 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:55:52.0393 6080 USBAAPL - ok
16:55:52.0455 6080 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:55:52.0490 6080 usbccgp - ok
16:55:52.0553 6080 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:55:52.0627 6080 usbcir - ok
16:55:52.0708 6080 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:55:52.0742 6080 usbehci - ok
16:55:52.0838 6080 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:55:52.0874 6080 usbhub - ok
16:55:52.0909 6080 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:55:52.0981 6080 usbohci - ok
16:55:53.0000 6080 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
16:55:53.0073 6080 usbprint - ok
16:55:53.0113 6080 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:55:53.0148 6080 USBSTOR - ok
16:55:53.0194 6080 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:55:53.0228 6080 usbuhci - ok
16:55:53.0279 6080 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:55:53.0323 6080 vga - ok
16:55:53.0337 6080 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:55:53.0384 6080 VgaSave - ok
16:55:53.0412 6080 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:55:53.0430 6080 viaagp - ok
16:55:53.0454 6080 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:55:53.0501 6080 ViaC7 - ok
16:55:53.0527 6080 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:55:53.0544 6080 viaide - ok
16:55:53.0674 6080 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:55:53.0695 6080 volmgr - ok
16:55:53.0748 6080 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:55:53.0774 6080 volmgrx - ok
16:55:53.0808 6080 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:55:53.0833 6080 volsnap - ok
16:55:53.0864 6080 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:55:53.0885 6080 vsmraid - ok
16:55:53.0930 6080 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:55:54.0003 6080 WacomPen - ok
16:55:54.0035 6080 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:55:54.0069 6080 Wanarp - ok
16:55:54.0090 6080 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:55:54.0126 6080 Wanarpv6 - ok
16:55:54.0225 6080 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:55:54.0244 6080 Wd - ok
16:55:54.0281 6080 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:55:54.0315 6080 Wdf01000 - ok
16:55:54.0456 6080 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:55:54.0477 6080 WmiAcpi - ok
16:55:54.0546 6080 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:55:54.0572 6080 WpdUsb - ok
16:55:54.0618 6080 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:55:54.0663 6080 ws2ifsl - ok
16:55:54.0812 6080 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:55:54.0846 6080 WSDPrintDevice - ok
16:55:54.0933 6080 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:55:54.0977 6080 WUDFRd - ok
16:55:55.0031 6080 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:55:55.0193 6080 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:55:55.0193 6080 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:55:55.0234 6080 Boot (0x1200) (ae6baf7e75ccc209be629f996dbbcb8b) \Device\Harddisk0\DR0\Partition0
16:55:55.0243 6080 \Device\Harddisk0\DR0\Partition0 - ok
16:55:55.0248 6080 Boot (0x1200) (c6a0fdfc91cadc24ef94e9b38cc39c34) \Device\Harddisk0\DR0\Partition1
16:55:55.0250 6080 \Device\Harddisk0\DR0\Partition1 - ok
16:55:55.0253 6080 ============================================================
16:55:55.0253 6080 Scan finished
16:55:55.0253 6080 ============================================================
16:55:55.0271 6048 Detected object count: 2
16:55:55.0271 6048 Actual detected object count: 2
16:56:06.0984 6048 C:\Windows\system32\DRIVERS\avgldx86.sys - copied to quarantine
16:56:07.0025 6048 Backup copy found, using it..
16:56:07.0084 6048 C:\Windows\system32\DRIVERS\avgldx86.sys - will be cured on reboot
16:56:10.0263 6048 Avgldx86 ( Virus.Win32.ZAccess.aml ) - User select action: Cure
16:56:10.0264 6048 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:56:10.0264 6048 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:56:19.0837 5364 Deinitialize success

Here is the FSS log:

Farbar Service Scanner Version: 01-03-2012
Ran by Mark (administrator) on 07-03-2012 at 17:06:33
Running from "C:\Users\Mark\Downloads"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


Here is the OTL log:

OTL logfile created on: 07/03/2012 5:11:11 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Mark\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.95% Memory free
6.14 Gb Paging File | 4.83 Gb Available in Paging File | 78.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 44.73 Gb Free Space | 15.78% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 4.06 Gb Free Space | 27.73% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/07 17:10:01 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
PRC - [2012/02/20 01:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/09/02 14:17:40 | 001,853,248 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/21 08:35:16 | 000,161,088 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/07/20 19:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2009/06/03 12:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/04/10 23:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2009/04/06 11:18:50 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/04/06 11:18:36 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/04/06 11:18:36 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/04/06 11:18:36 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/04/06 11:03:12 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/04/06 11:02:58 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/04/06 11:02:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/02/04 19:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/09 11:49:08 | 000,405,639 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 01:32:42 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/17 17:50:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 17:50:35 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6b9f2808777c1f9b3f0af81c5e1d4d52\System.Web.ni.dll
MOD - [2012/02/17 17:50:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/16 22:05:44 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/16 22:05:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/16 22:04:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/16 22:04:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012/02/16 22:04:05 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll
MOD - [2012/02/16 22:03:10 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll
MOD - [2012/02/16 22:02:43 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012/02/16 22:02:35 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/01/04 16:45:00 | 008,527,008 | ---- | M] () -- C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/12 11:40:58 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/23 14:36:10 | 000,025,920 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2010/07/21 08:35:16 | 000,161,088 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
MOD - [2010/07/20 19:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2010/07/20 19:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/07/20 19:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/07/20 19:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/07/20 19:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/07/20 19:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/07/20 19:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/07/20 19:33:36 | 000,025,920 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2010/07/20 19:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\libxml2.dll
MOD - [2008/12/21 11:32:38 | 000,054,784 | ---- | M] () -- C:\WINDOWS\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (XilinxPC4Driver)
SRV - File not found [Auto | Stopped] -- -- (videoacceleratorengine)
SRV - File not found [Auto | Stopped] -- -- (tng-doba)
SRV - File not found [Auto | Stopped] -- -- (schscnt)
SRV - File not found [Auto | Stopped] -- -- (s217mgmt)
SRV - File not found [Auto | Stopped] -- -- (roxupnpserver)
SRV - File not found [Auto | Stopped] -- -- (RMCAST)
SRV - File not found [Auto | Stopped] -- -- (LMS)
SRV - File not found [Auto | Stopped] -- -- (JRAID)
SRV - File not found [Auto | Stopped] -- -- (ikhlayer)
SRV - File not found [Auto | Stopped] -- -- (hap16v2k)
SRV - File not found [Auto | Stopped] -- -- (gearsecurity)
SRV - File not found [Auto | Stopped] -- -- (ADIDTSFiltService)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/08/14 19:08:33 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/04/06 11:02:58 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/04/06 11:02:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/03/07 16:57:09 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/04/06 12:27:30 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\OA013Ufd.sys -- (OA013Ufd)
DRV - [2009/04/06 12:27:28 | 000,271,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\OA013Vid.sys -- (OA013Vid)
DRV - [2009/04/06 11:18:34 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/04/06 11:03:16 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/30 19:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/12/21 11:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/01/20 19:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 19:32:47 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {203D4269-7BB9-41CD-9F1B-073655D00127}
IE - HKLM\..\SearchScopes\{203D4269-7BB9-41CD-9F1B-073655D00127}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/23
IE - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\..\SearchScopes,DefaultScope = {203D4269-7BB9-41CD-9F1B-073655D00127}
IE - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\..\SearchScopes\{203D4269-7BB9-41CD-9F1B-073655D00127}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://thechive.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/02 16:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 01:32:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/17 18:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2011/09/29 11:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\nhqm3uqi.default\extensions
[2011/06/17 18:35:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/20 01:32:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/22 11:57:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/22 11:57:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.184.13 64.59.184.15 64.59.190.242
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE56A9C7-B8DD-47D0-8FB2-D5BBFE47663F}: DhcpNameServer = 64.59.184.13 64.59.184.15 64.59.190.242
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: OA013Cfg.exe - hkey= - key= - C:\Windows\OA013Cfg.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: 67773387.sys - Driver
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: ADIDTSFiltService - File not found
NetSvcs: roxupnpserver - File not found
NetSvcs: s217mgmt - File not found
NetSvcs: XilinxPC4Driver - File not found
NetSvcs: gearsecurity - File not found
NetSvcs: schscnt - File not found
NetSvcs: RMCAST - File not found
NetSvcs: ikhlayer - File not found
NetSvcs: JRAID - File not found
NetSvcs: videoacceleratorengine - File not found
NetSvcs: hap16v2k - File not found
NetSvcs: tng-doba - File not found
NetSvcs: LMS - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/07 16:56:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/16 16:22:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 16:22:13 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/16 16:22:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 16:22:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 16:22:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 16:22:06 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 20:20:00 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012/03/07 17:02:43 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/07 17:02:43 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/07 16:57:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 16:57:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 16:57:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/07 16:57:26 | 3181,801,472 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/07 16:57:09 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/03/07 16:52:44 | 091,084,966 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/07 16:41:33 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/05 22:08:00 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/05 22:02:10 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/04 21:01:17 | 000,077,312 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 17:41:36 | 000,297,181 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/16 22:01:04 | 000,270,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/15 22:52:38 | 053,632,528 | ---- | M] () -- C:\Users\Mark\Desktop\Podcast Unlocked Episode 046.mp3

========== Files Created - No Company Name ==========

[2012/03/05 22:08:00 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/05 22:02:22 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/15 22:51:46 | 053,632,528 | ---- | C] () -- C:\Users\Mark\Desktop\Podcast Unlocked Episode 046.mp3
[2011/10/02 01:26:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/02 01:26:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/02 01:26:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/02 01:26:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/02 01:26:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/01 11:49:02 | 000,001,356 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2011/06/20 00:38:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/20 00:38:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/17 19:41:25 | 000,077,312 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 17:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 20:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 20:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 20:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/03/07 16:57:09 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgldx86.sys
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AFD.SYS >
[2011/04/21 06:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\WINDOWS\System32\drivers\afd.sys
[2011/04/21 06:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\WINDOWS\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 06:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 06:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\WINDOWS\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/20 19:33:55 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/10 21:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 06:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 12:01:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2009/04/11 12:01:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/04/11 12:01:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009/04/11 12:01:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/11 12:01:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: EXPLORER.EXE >
[2009/04/11 12:16:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/11 12:16:16 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2009/04/11 12:16:16 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/11 12:16:16 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 12:16:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: TDX.SYS >
[2009/04/10 21:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\WINDOWS\System32\drivers\tdx.sys
[2009/04/10 21:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\WINDOWS\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2008/01/20 19:34:42 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\WINDOWS\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 02:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\WINDOWS\System32\drivers\volsnap.sys
[2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\WINDOWS\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 19:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 19:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\WINDOWS\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 19:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\ERDNT\cache\wininit.exe
[2008/01/20 19:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\System32\wininit.exe
[2008/01/20 19:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 19:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/01/20 19:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/20 01:32:38 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/20 01:32:38 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/20 01:32:38 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/20 01:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/20 01:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/20 01:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/10/10 19:54:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/10/10 19:54:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/10/10 19:54:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/10/10 19:54:04 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/10/10 19:54:04 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/20 01:32:38 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/20 01:32:38 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/20 01:32:38 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/20 01:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/20 01:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/20 01:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/10/10 19:54:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/10/10 19:54:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/10/10 19:54:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/10/10 19:54:04 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/10/10 19:54:04 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB587$\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB587$\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\$NtUninstallKB587$\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB587$\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\$NtUninstallKB587$\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB587$] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

The Extras Log:

OTL logfile created on: 07/03/2012 5:11:11 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Mark\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.95% Memory free
6.14 Gb Paging File | 4.83 Gb Available in Paging File | 78.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 44.73 Gb Free Space | 15.78% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 4.06 Gb Free Space | 27.73% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/07 17:10:01 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
PRC - [2012/02/20 01:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/09/02 14:17:40 | 001,853,248 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/21 08:35:16 | 000,161,088 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/07/20 19:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2009/06/03 12:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/04/10 23:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2009/04/06 11:18:50 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/04/06 11:18:36 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/04/06 11:18:36 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/04/06 11:18:36 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/04/06 11:03:12 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/04/06 11:02:58 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/04/06 11:02:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/02/04 19:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/09 11:49:08 | 000,405,639 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 01:32:42 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/17 17:50:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 17:50:35 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6b9f2808777c1f9b3f0af81c5e1d4d52\System.Web.ni.dll
MOD - [2012/02/17 17:50:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/16 22:05:44 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/16 22:05:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/16 22:04:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/16 22:04:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012/02/16 22:04:05 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll
MOD - [2012/02/16 22:03:10 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll
MOD - [2012/02/16 22:02:43 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012/02/16 22:02:35 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/01/04 16:45:00 | 008,527,008 | ---- | M] () -- C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/12 11:40:58 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/23 14:36:10 | 000,025,920 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2010/07/21 08:35:16 | 000,161,088 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
MOD - [2010/07/20 19:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2010/07/20 19:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/07/20 19:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/07/20 19:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/07/20 19:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/07/20 19:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/07/20 19:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/07/20 19:33:36 | 000,025,920 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2010/07/20 19:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\libxml2.dll
MOD - [2008/12/21 11:32:38 | 000,054,784 | ---- | M] () -- C:\WINDOWS\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (XilinxPC4Driver)
SRV - File not found [Auto | Stopped] -- -- (videoacceleratorengine)
SRV - File not found [Auto | Stopped] -- -- (tng-doba)
SRV - File not found [Auto | Stopped] -- -- (schscnt)
SRV - File not found [Auto | Stopped] -- -- (s217mgmt)
SRV - File not found [Auto | Stopped] -- -- (roxupnpserver)
SRV - File not found [Auto | Stopped] -- -- (RMCAST)
SRV - File not found [Auto | Stopped] -- -- (LMS)
SRV - File not found [Auto | Stopped] -- -- (JRAID)
SRV - File not found [Auto | Stopped] -- -- (ikhlayer)
SRV - File not found [Auto | Stopped] -- -- (hap16v2k)
SRV - File not found [Auto | Stopped] -- -- (gearsecurity)
SRV - File not found [Auto | Stopped] -- -- (ADIDTSFiltService)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/08/14 19:08:33 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/04/06 11:02:58 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/04/06 11:02:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/03/07 16:57:09 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/04/06 12:27:30 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\OA013Ufd.sys -- (OA013Ufd)
DRV - [2009/04/06 12:27:28 | 000,271,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\OA013Vid.sys -- (OA013Vid)
DRV - [2009/04/06 11:18:34 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/04/06 11:03:16 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/30 19:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/12/21 11:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/01/20 19:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 19:32:47 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {203D4269-7BB9-41CD-9F1B-073655D00127}
IE - HKLM\..\SearchScopes\{203D4269-7BB9-41CD-9F1B-073655D00127}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/23
IE - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\..\SearchScopes,DefaultScope = {203D4269-7BB9-41CD-9F1B-073655D00127}
IE - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\..\SearchScopes\{203D4269-7BB9-41CD-9F1B-073655D00127}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://thechive.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/02 16:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 01:32:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/17 18:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2011/09/29 11:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\nhqm3uqi.default\extensions
[2011/06/17 18:35:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/20 01:32:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/22 11:57:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/22 11:57:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3737148851-2986822751-3567934321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.184.13 64.59.184.15 64.59.190.242
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE56A9C7-B8DD-47D0-8FB2-D5BBFE47663F}: DhcpNameServer = 64.59.184.13 64.59.184.15 64.59.190.242
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: OA013Cfg.exe - hkey= - key= - C:\Windows\OA013Cfg.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: 67773387.sys - Driver
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: ADIDTSFiltService - File not found
NetSvcs: roxupnpserver - File not found
NetSvcs: s217mgmt - File not found
NetSvcs: XilinxPC4Driver - File not found
NetSvcs: gearsecurity - File not found
NetSvcs: schscnt - File not found
NetSvcs: RMCAST - File not found
NetSvcs: ikhlayer - File not found
NetSvcs: JRAID - File not found
NetSvcs: videoacceleratorengine - File not found
NetSvcs: hap16v2k - File not found
NetSvcs: tng-doba - File not found
NetSvcs: LMS - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/07 16:56:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/16 16:22:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 16:22:13 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/16 16:22:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 16:22:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 16:22:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 16:22:06 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 20:20:00 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012/03/07 17:02:43 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/07 17:02:43 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/07 16:57:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 16:57:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 16:57:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/07 16:57:26 | 3181,801,472 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/07 16:57:09 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/03/07 16:52:44 | 091,084,966 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/07 16:41:33 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/05 22:08:00 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/05 22:02:10 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/04 21:01:17 | 000,077,312 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 17:41:36 | 000,297,181 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/16 22:01:04 | 000,270,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/15 22:52:38 | 053,632,528 | ---- | M] () -- C:\Users\Mark\Desktop\Podcast Unlocked Episode 046.mp3

========== Files Created - No Company Name ==========

[2012/03/05 22:08:00 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/05 22:02:22 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/15 22:51:46 | 053,632,528 | ---- | C] () -- C:\Users\Mark\Desktop\Podcast Unlocked Episode 046.mp3
[2011/10/02 01:26:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/02 01:26:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/02 01:26:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/02 01:26:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/02 01:26:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/01 11:49:02 | 000,001,356 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2011/06/20 00:38:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/20 00:38:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/17 19:41:25 | 000,077,312 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 17:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 20:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 20:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 20:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/03/07 16:57:09 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgldx86.sys
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AFD.SYS >
[2011/04/21 06:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\WINDOWS\System32\drivers\afd.sys
[2011/04/21 06:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\WINDOWS\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 06:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 06:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\WINDOWS\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/20 19:33:55 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/10 21:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 06:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 12:01:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2009/04/11 12:01:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/04/11 12:01:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009/04/11 12:01:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/11 12:01:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: EXPLORER.EXE >
[2009/04/11 12:16:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/11 12:16:16 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2009/04/11 12:16:16 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/11 12:16:16 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 12:16:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: TDX.SYS >
[2009/04/10 21:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\WINDOWS\System32\drivers\tdx.sys
[2009/04/10 21:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\WINDOWS\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2008/01/20 19:34:42 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\WINDOWS\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 02:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\WINDOWS\System32\drivers\volsnap.sys
[2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\WINDOWS\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 19:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 19:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\WINDOWS\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 19:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\ERDNT\cache\wininit.exe
[2008/01/20 19:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\System32\wininit.exe
[2008/01/20 19:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 19:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/01/20 19:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/20 01:32:38 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/20 01:32:38 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/20 01:32:38 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/20 01:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/20 01:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/20 01:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/10/10 19:54:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/10/10 19:54:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/10/10 19:54:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/10/10 19:54:04 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/10/10 19:54:04 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/20 01:32:38 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/20 01:32:38 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/20 01:32:38 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/20 01:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/20 01:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/20 01:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/10/10 19:54:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/10/10 19:54:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/10/10 19:54:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/10/10 19:54:04 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/10/10 19:54:04 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB587$\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB587$\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\$NtUninstallKB587$\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB587$\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\$NtUninstallKB587$\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB587$] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


My computer seems ok now, ever since I ran the TDSSkiller and rebooted my computer the pop-ups have stopped. I changed all my major passwords on another computer, the only thing I noticed that was not normal out of them was a spam email in my regular inbox.

thanks, and hope to hear from you soon.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:56 AM

Posted 08 March 2012 - 01:21 AM

Good Evening MToast!

I hope you're having a good evening!

My computer seems ok now, ever since I ran the TDSSkiller and rebooted my computer the pop-ups have stopped. I changed all my major passwords on another computer, the only thing I noticed that was not normal out of them was a spam email in my regular inbox.

Great! Glad to hear that, it's because TDSSKiller found and removed a threat (a file patched by ZeroAccess).

It looks like this infection has messed with the settings for some of your registry keys.

We'll need to address that a little later.

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    [2012/03/07 16:41:33 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
    [2012/03/05 22:02:22 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 MToast

MToast
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 09 March 2012 - 08:14 PM

HI!

Here is the OTL log :

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\System32\dds_trash_log.cmd moved successfully.
File C:\Windows\System32\dds_trash_log.cmd not found.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?
C:\Users\Mark\Desktop\cmd.bat deleted successfully.
C:\Users\Mark\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mark\Desktop\cmd.bat deleted successfully.
C:\Users\Mark\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mark
->Temp folder emptied: 376464457 bytes
->Temporary Internet Files folder emptied: 384440800 bytes
->FireFox cache emptied: 868960517 bytes
->Flash cache emptied: 47387 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47231722 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 961327005 bytes

Total Files Cleaned = 2,516.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mark
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mark

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.35.1 log created on 03082012_214558

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Here is the ComboFix log

ComboFix 12-03-08.04 - Mark 09/03/2012 17:30:15.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.3036.1744 [GMT -7:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Best Spyware Scanner
c:\program files\Best Spyware Scanner\BestSpywareScanner.url
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 00:39 . 2012-03-10 01:01 -------- d-----w- c:\users\Mark\AppData\Local\temp
2012-03-10 00:39 . 2012-03-10 00:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-10 00:39 . 2012-03-10 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-09 04:45 . 2012-03-09 04:45 -------- d-----w- C:\_OTL
2012-03-07 23:56 . 2012-03-07 23:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-16 03:20 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 03:20 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 03:19 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 05:02 . 2011-06-18 02:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-20 08:32 . 2011-06-18 01:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-06 217088]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-06 483428]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-07-21 165184]
"DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-15 02:08 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OA013Cfg.exe]
2009-04-06 19:27 53339 ----a-w- c:\windows\OA013Cfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 00:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-04-06 81920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ADIDTSFiltService
roxupnpserver
s217mgmt
XilinxPC4Driver
gearsecurity
schscnt
RMCAST
ikhlayer
JRAID
videoacceleratorengine
hap16v2k
tng-doba
LMS
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.59.184.13 64.59.184.15 64.59.190.242
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\nhqm3uqi.default\
FF - prefs.js: browser.startup.homepage - hxxp://thechive.com/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-67773387.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-09 18:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell DataSafe Local Backup\sftservice.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\conime.exe
c:\program files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\windows\System32\vds.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\System32\wscript.exe
.
**************************************************************************
.
Completion time: 2012-03-09 18:05:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-10 01:05
ComboFix2.txt 2011-10-02 09:25
.
Pre-Run: 50,221,547,520 bytes free
Post-Run: 49,280,356,352 bytes free
.
- - End Of File - - F6EFEC525C29BF291AC67404DBC8C66B

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:56 AM

Posted 10 March 2012 - 01:14 AM

Good Evening MToast!

I'm reviewing your logs now, and should have new instructions for you shortly.

How are things currently running with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:56 AM

Posted 10 March 2012 - 01:23 AM

Hi again!

Please download the following files to your desktop:

We need to create a registry back-up.

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


NEXT:


Please double click on MpsSvc.reg and when it prompts you to merge the registry key with your registry, allow it to do so.

Repeat for BFE.reg & wscsvc.reg



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Files
    net start wscsvc /c
    net start bfe /c
    net start mpsdrv /c
    net start MpsSvc /c
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Please re-run a new scan with Farbar Service Scanner and provide me with that log.


NEXT:


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log.
3. New Farbar Service Scanner log.
4. MalwareBytes' Anti-Malware log.
5. ESET Online Scanner log.
6. SecurityCheck log.
7. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 MToast

MToast
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 10 March 2012 - 09:39 PM

Hey, so my computer seems to be running normally as far as i could tell. I am however having some issues. downloaded the 3 files MpsSvc.reg BFE.reg wscsvc.reg but after I did, i am pretty sure I did it right with the Erunt steps but when I clicked on the MpsSvc.reg file I follow the prompts about merging it but after I do I get an error thatreads "Cannot import MpsSvc.reg. Not all data was successfully written to the registry. Some keys are open by the system or other processes."

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:56 AM

Posted 12 March 2012 - 07:56 AM

Good Morning!

"Cannot import MpsSvc.reg. Not all data was successfully written to the registry. Some keys are open by the system or other processes."

Can you try rebooting into Safe Mode and run that particular registry fix there, and see if you have better luck running it then?

Entering Safe Mode

  • Restart your computer.
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll to Safe Mode
  • Then press the Enter Key on your Keyboard
  • Go into your usual account

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 MToast

MToast
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 14 March 2012 - 05:26 PM

So I tried booting up the computer in safe mode, and then double clicked on the reg file MpsSvc and I still got the same message. did I perhaps install something wrong on an earlier step?

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:56 AM

Posted 15 March 2012 - 12:55 AM

Hi!

Sorry to hear you still encountered issues trying to merge that file with your registry.

did I perhaps install something wrong on an earlier step?

I don't think that's the case, you've been doing an excellent job running all of the scans and fixes.

Out of curiosity is AVG disabled when you're trying to merge the file with the registry?

Please perform these instructions below:

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Files
    net start wscsvc /c
    net start bfe /c
    net start mpsdrv /c
    net start MpsSvc /c
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Please re-run a new scan with Farbar Service Scanner and provide me with that log.


NEXT:


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log.
3. New Farbar Service Scanner log.
4. MalwareBytes' Anti-Malware log.
5. ESET Online Scanner log.
6. SecurityCheck log.
7. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:56 AM

Posted 22 March 2012 - 01:37 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users