Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with System Check, google redirect and now something


  • This topic is locked This topic is locked
31 replies to this topic

#1 leoluch

leoluch

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 20 March 2012 - 07:31 AM

A couple of days ago, as i was about to shut down my computer, i suddenly got hit with the system check virus. I tried to run malwarebytes but it wasn't starting up and when it did, i could not update it. I immediately restarted, went into safe mode with networking and used the eset online scanner to try and remove this deviant. It cleaned a file but i still was not sure so i used malwarebyte sand it also cleaned a file but i still had a feeling about it still being there. I used some other antivirus and antispyware, some came back with infected files and other didn't. I decided to see what i could find about it online and found a series of information. The files Rkill terminated where

"C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Windows\SysWOW64\rundll32.exe"

I then used Kaspersky tdsskiller, it found something and i think that i might have hit delete, this part i am not sure about. And finally i decided to ask you guys for help.

Any help you guys can give will be really appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Yusuf Ahmed-Yusuf at 8:08:43 on 2012-03-20
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.4095.2448 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
uRun: [Google Update] "C:\Users\Yusuf Ahmed-Yusuf\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [hVcFymSUOVmBXKV.exe] C:\ProgramData\hVcFymSUOVmBXKV.exe
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} - hxxps://fse001.fiservsco.com/WebCaptureWeb/CheckDepositEnabler.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1FBA0FC5-BAE7-4EC3-8531-85196FD1EC85} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2156C9D1-F1B6-4EFA-A77C-29CF686D1894}\14E64627F696461405 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{2156C9D1-F1B6-4EFA-A77C-29CF686D1894}\46C696E6B6 : DhcpNameServer = 192.168.0.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [hVcFymSUOVmBXKV.exe] C:\ProgramData\hVcFymSUOVmBXKV.exe
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yusuf Ahmed-Yusuf\AppData\Roaming\Mozilla\Firefox\Profiles\efr7hmry.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Yusuf Ahmed-Yusuf\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Yusuf Ahmed-Yusuf\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Yusuf Ahmed-Yusuf\AppData\Roaming\Mozilla\Firefox\Profiles\efr7hmry.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 18734784;18734784;C:\Windows\system32\DRIVERS\18734784.sys --> C:\Windows\system32\DRIVERS\18734784.sys [?]
R0 96661089;96661089;C:\Windows\system32\DRIVERS\96661089.sys --> C:\Windows\system32\DRIVERS\96661089.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 7917334drv;7917334drv;C:\Windows\system32\DRIVERS\7917334drv.sys --> C:\Windows\system32\DRIVERS\7917334drv.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-1-23 76288]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-19 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-7 1692480]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\system32\DRIVERS\AE2500w764.sys --> C:\Windows\system32\DRIVERS\AE2500w764.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-2-1 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-03-20 05:02:53 388096 ----a-r- C:\Users\Yusuf Ahmed-Yusuf\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-20 05:02:53 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-03-20 04:55:39 1402880 ----a-w- C:\Users\Yusuf Ahmed-Yusuf\HiJackThis.msi
2012-03-20 04:41:25 691 ----a-w- C:\Users\Yusuf Ahmed-Yusuf\AppData\Roaming\GetValue.vbs
2012-03-20 04:41:25 35 ----a-w- C:\Users\Yusuf Ahmed-Yusuf\AppData\Roaming\SetValue.bat
2012-03-20 04:41:25 1026 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-03-20 04:30:03 1884866 ----a-w- C:\Users\Yusuf Ahmed-Yusuf\SmitfraudFix.exe
2012-03-20 03:26:13 42672 ----a-w- C:\Windows\SysWow64\drivers\fsbts.sys
2012-03-20 03:20:53 147439824 ----a-w- C:\Users\Yusuf Ahmed-Yusuf\fseasyclean.exe
2012-03-20 03:14:55 116016 ----a-w- C:\Windows\System32\drivers\83721882.sys
2012-03-20 03:11:32 116016 ----a-w- C:\Windows\System32\drivers\70144991.sys
2012-03-20 02:58:58 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{644AEA7E-7CB1-4EDF-9831-08A96537B268}\gapaengine.dll
2012-03-20 02:58:54 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A406614F-7C21-438A-97AE-78AE3D4FA81D}\mpengine.dll
2012-03-20 02:57:22 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-20 02:57:18 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-03-20 02:56:22 10165440 ----a-w- C:\Users\Yusuf Ahmed-Yusuf\mseinstall.exe
2012-03-20 02:25:07 -------- d--h--w- C:\Windows\AxInstSV
2012-03-19 21:06:11 1895960 ----a-w- C:\Users\Yusuf Ahmed-Yusuf\SREngLdr.EXE
2012-03-19 17:00:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-19 17:00:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-19 08:39:02 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-03-19 08:36:18 2063920 ----a-w- C:\Users\Yusuf Ahmed-Yusuf\tdsskiller.exe
2012-03-19 08:32:24 509440 ----a-w- C:\Users\Yusuf Ahmed-Yusuf\STOPzilla_Setup.exe
2012-03-19 08:07:24 22011960 ----a-w- C:\Users\Yusuf Ahmed-Yusuf\trojankiller2112-setup.exe
2012-03-19 07:47:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-19 07:18:26 -------- d-----w- C:\avast! sandbox
2012-03-19 07:01:26 -------- d-----w- C:\ProgramData\IObit
2012-03-19 07:00:44 -------- d-----w- C:\Users\Yusuf Ahmed-Yusuf\AppData\Roaming\IObit
2012-03-19 07:00:40 -------- d-----w- C:\Program Files (x86)\IObit
2012-03-19 06:37:47 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer
2012-03-19 02:58:41 -------- d-----w- C:\ProgramData\AVAST Software
2012-03-19 02:58:41 -------- d-----w- C:\Program Files\AVAST Software
2012-03-18 22:51:10 -------- d-----w- C:\sh4ldr
2012-03-18 22:51:10 -------- d-----w- C:\Program Files\Enigma Software Group
2012-03-18 22:49:50 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-18 22:49:47 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-03-18 22:40:51 767952 ----a-w- C:\Windows\BDTSupport.dll0329.old
2012-03-18 22:40:50 2250704 ----a-w- C:\Windows\PCTBDCore.dll0329.old
2012-03-18 22:40:50 149456 ----a-w- C:\Windows\SGDetectionTool.dll0329.old
2012-03-18 22:40:30 339608 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-03-18 22:40:30 145432 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-03-18 22:40:26 14776 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2012-03-18 22:40:13 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-03-18 22:38:07 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-03-18 22:38:07 1096688 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-03-18 22:38:04 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-03-18 22:38:04 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-03-18 22:37:46 -------- d-----w- C:\ProgramData\PC Tools
2012-03-18 22:37:44 -------- d-----w- C:\Users\Yusuf Ahmed-Yusuf\AppData\Roaming\TestApp
2012-03-18 17:41:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-17 17:45:40 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 17:45:40 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 08:08:06 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8CF1D0A9-977A-47F4-9561-1BBC4A7A7410}\mpengine.dll
2012-03-14 07:03:06 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:03:05 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:03:05 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 22:24:26 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 22:24:00 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 22:23:59 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 17:58:53 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 17:58:53 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 17:58:53 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 17:58:49 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 17:58:49 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 17:58:49 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 17:58:49 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-06 03:45:05 -------- d-----w- C:\Users\Yusuf Ahmed-Yusuf\AppData\Local\My_MP4Box_GUI
2012-03-06 03:07:26 -------- d-----w- C:\Program Files\My MP4Box GUI
2012-03-06 02:54:11 -------- d-----w- C:\Users\Yusuf Ahmed-Yusuf\AppData\Roaming\avidemux
2012-03-06 02:54:03 -------- d-----w- C:\Program Files (x86)\Avidemux 2.5
2012-03-06 01:14:18 -------- d-----w- C:\Program Files (x86)\Free Video Joiner
2012-03-01 05:46:21 -------- d-----w- C:\Users\Yusuf Ahmed-Yusuf\AppData\Roaming\NCH Software
2012-03-01 05:46:21 -------- d-----w- C:\Program Files (x86)\NCH Software
2012-02-27 17:28:55 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-02-27 17:28:55 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-02-26 21:28:11 556632 ----a-w- C:\Windows\System32\drivers\7917334drv.sys
2012-02-26 21:28:11 460888 ----a-w- C:\Windows\System32\drivers\96661089.sys
2012-02-24 02:57:30 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-02-22 07:52:00 -------- d-----w- C:\Program Files (x86)\ESET
.
==================== Find3M ====================
.
2012-03-20 02:25:25 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-16 11:57:13 460888 ----a-w- C:\Windows\System32\drivers\18734784.sys
2012-02-05 00:10:41 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-01-19 14:22:08 45936 ----a-r- C:\Windows\System32\SBBD.EXE
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 8:08:57.59 ===============

Edited by leoluch, 20 March 2012 - 07:32 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 AM

Posted 21 March 2012 - 12:23 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 leoluch

leoluch
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 21 March 2012 - 10:18 AM

Thanks for the reply and your help. When you you said "Do not Attach logs or put in code boxes," do you mean that i should just post it, if so i will. My computer is still running slow and the free space is still decreases. A while back before i posted on this forum, i ran a program called iexplorer and the process terminated by rkill were
"C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Windows\SysWOW64\rundll32.exe"

Here is the log
ComboFix 12-03-21.01 - Yusuf Ahmed-Yusuf 1/2012 Wed 10:42:38.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.4095.2359 [GMT -4:00]
Running from: c:\users\Yusuf Ahmed-Yusuf\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Yusuf Ahmed-Yusuf\mseinstall.exe
c:\users\Yusuf Ahmed-Yusuf\STOPzilla_Setup.exe
c:\users\Yusuf Ahmed-Yusuf\tdsskiller.exe
c:\users\Yusuf Ahmed-Yusuf\trojankiller2112-setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
.
.
2012-03-21 14:48 . 2012-03-21 14:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-21 14:48 . 2012-03-21 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-21 07:38 . 2012-03-21 07:38 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA83C6B9-23DB-4AF0-B4E6-9D35C2493787}\gapaengine.dll
2012-03-21 07:38 . 2012-03-14 00:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA3A5151-5DDB-43D3-A110-BAB61C052350}\mpengine.dll
2012-03-21 06:39 . 2012-03-21 06:39 -------- d-----w- c:\users\Yusuf Ahmed-Yusuf\AppData\Local\Safe mirror
2012-03-21 06:38 . 2012-03-21 14:22 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2012-03-20 05:02 . 2012-03-20 05:02 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-20 04:41 . 2012-03-20 04:44 1026 ----a-w- c:\windows\SysWow64\tmp.reg
2012-03-20 04:40 . 2012-03-21 08:25 -------- d-----w- c:\users\Yusuf Ahmed-Yusuf\SmitfraudFix
2012-03-20 02:57 . 2012-03-20 02:57 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-20 02:57 . 2012-03-20 02:57 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-20 02:25 . 2012-03-20 02:25 -------- d--h--w- c:\windows\AxInstSV
2012-03-19 21:06 . 2011-01-06 05:10 1895960 ----a-w- c:\users\Yusuf Ahmed-Yusuf\SREngLdr.EXE
2012-03-19 17:00 . 2012-03-19 17:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-19 17:00 . 2012-03-19 17:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-19 08:39 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-03-19 07:18 . 2012-03-19 07:18 -------- d-----w- C:\avast! sandbox
2012-03-19 07:01 . 2012-03-19 08:08 -------- d-----w- c:\programdata\IObit
2012-03-19 07:00 . 2012-03-19 07:01 -------- d-----w- c:\users\Yusuf Ahmed-Yusuf\AppData\Roaming\IObit
2012-03-19 07:00 . 2012-03-19 08:08 -------- d-----w- c:\program files (x86)\IObit
2012-03-19 06:37 . 2012-03-21 14:19 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2012-03-19 02:58 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-19 02:58 . 2012-03-19 07:46 -------- d-----w- c:\programdata\AVAST Software
2012-03-19 02:58 . 2012-03-19 02:58 -------- d-----w- c:\program files\AVAST Software
2012-03-18 22:51 . 2012-03-19 00:33 -------- d-----w- C:\sh4ldr
2012-03-18 22:51 . 2012-03-18 22:51 -------- d-----w- c:\program files\Enigma Software Group
2012-03-18 22:49 . 2012-03-19 00:33 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-18 22:49 . 2012-03-18 22:49 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-03-18 22:40 . 2012-02-17 19:08 767952 ----a-w- c:\windows\BDTSupport.dll0329.old
2012-03-18 22:40 . 2012-02-17 19:08 149456 ----a-w- c:\windows\SGDetectionTool.dll0329.old
2012-03-18 22:40 . 2012-02-17 19:08 2250704 ----a-w- c:\windows\PCTBDCore.dll0329.old
2012-03-18 22:40 . 2012-02-24 14:31 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-03-18 22:40 . 2012-02-24 14:31 339608 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-03-18 22:40 . 2012-02-24 14:35 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-03-18 22:40 . 2012-03-18 23:47 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-18 22:38 . 2011-12-01 20:07 1096688 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-03-18 22:38 . 2011-12-01 20:07 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-03-18 22:38 . 2012-03-19 06:30 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-03-18 22:38 . 2012-02-24 14:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-03-18 22:37 . 2012-03-19 06:29 -------- d-----w- c:\programdata\PC Tools
2012-03-18 22:37 . 2012-03-18 22:37 -------- d-----w- c:\users\Yusuf Ahmed-Yusuf\AppData\Roaming\TestApp
2012-03-18 17:41 . 2012-03-18 18:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-17 17:45 . 2012-03-17 17:45 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 17:45 . 2012-03-17 17:45 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 08:08 . 2012-03-01 18:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CF1D0A9-977A-47F4-9561-1BBC4A7A7410}\mpengine.dll
2012-03-14 07:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 22:24 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 22:24 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 22:23 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 17:58 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:58 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:58 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:58 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:58 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:58 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:58 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-06 03:45 . 2012-03-06 03:45 -------- d-----w- c:\users\Yusuf Ahmed-Yusuf\AppData\Local\My_MP4Box_GUI
2012-03-06 03:07 . 2012-03-06 03:07 -------- d-----w- c:\program files\My MP4Box GUI
2012-03-06 02:54 . 2012-03-06 02:58 -------- d-----w- c:\users\Yusuf Ahmed-Yusuf\AppData\Roaming\avidemux
2012-03-06 02:54 . 2012-03-06 02:54 -------- d-----w- c:\program files (x86)\Avidemux 2.5
2012-03-06 01:14 . 2012-03-06 01:14 -------- d-----w- c:\program files (x86)\Free Video Joiner
2012-03-01 05:46 . 2012-03-01 05:46 -------- d-----w- c:\programdata\NCH Software
2012-03-01 05:46 . 2012-03-01 05:50 -------- d-----w- c:\users\Yusuf Ahmed-Yusuf\AppData\Roaming\NCH Software
2012-03-01 05:46 . 2012-03-01 05:46 -------- d-----w- c:\program files (x86)\NCH Software
2012-02-27 17:28 . 2012-03-02 11:48 -------- d-----w- c:\program files (x86)\Application Updater
2012-02-27 17:28 . 2012-02-27 17:28 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-02-26 21:28 . 2012-02-27 04:02 556632 ----a-w- c:\windows\system32\drivers\7917334drv.sys
2012-02-26 21:28 . 2012-02-27 04:02 460888 ----a-w- c:\windows\system32\drivers\96661089.sys
2012-02-24 02:57 . 2012-02-27 17:28 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-02-22 07:52 . 2012-02-22 07:52 -------- d-----w- c:\program files (x86)\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 02:25 . 2011-06-10 03:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2011-06-10 04:11 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 11:57 . 2012-02-16 03:57 460888 ----a-w- c:\windows\system32\drivers\18734784.sys
2012-02-05 00:10 . 2011-06-08 02:04 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-19 14:22 . 2012-01-19 14:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
2012-01-04 10:44 . 2012-02-15 10:20 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 10:20 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 10:20 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 10:20 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 10:20 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-19_07.46.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-08 02:04 . 2012-03-21 14:37 64126 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-21 14:37 30982 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-10 02:17 . 2012-03-21 14:37 17610 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2265134829-1860100101-14944148-1000_UserData.bin
- 2011-06-21 07:15 . 2012-01-13 14:52 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-06-21 07:15 . 2012-03-20 04:45 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-04-27 19:25 . 2011-04-27 19:25 84864 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2011-04-18 17:18 . 2011-04-18 17:18 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2011-06-09 23:40 . 2012-03-21 07:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-09 23:40 . 2012-03-19 07:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-09 23:40 . 2012-03-21 07:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-09 23:40 . 2012-03-19 07:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-19 07:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-21 07:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-21 14:30 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-06-15 01:20 . 2012-03-21 07:20 3680 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-03-19 07:46 . 2012-03-19 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-21 14:49 . 2012-03-21 14:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-21 14:49 . 2012-03-21 14:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-19 07:46 . 2012-03-19 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-11 17:43 . 2012-03-20 02:25 250528 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
- 2012-03-11 17:43 . 2012-03-11 17:43 250528 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
- 2012-03-11 17:43 . 2012-03-11 17:43 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.dll
+ 2012-03-11 17:43 . 2012-03-20 02:25 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.dll
- 2009-07-14 04:54 . 2012-03-19 07:46 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-21 14:49 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-03-20 02:57 621064 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-20 02:57 108284 c:\windows\system32\perfc009.dat
+ 2012-03-20 02:25 . 2012-03-20 02:25 465568 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
+ 2012-03-20 02:25 . 2012-03-20 02:25 376480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll
+ 2011-04-18 17:18 . 2011-04-18 17:18 189440 c:\windows\system32\drivers\MpFilter.sys
+ 2009-07-14 05:38 . 2012-03-21 08:25 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2011-12-26 05:57 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:01 . 2012-03-21 14:48 498504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-19 07:23 498504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-03-19 07:46 4341760 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-21 14:49 4341760 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-26 05:52 . 2012-03-21 14:48 5958672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-26 05:52 . 2012-03-19 07:23 5958672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-05-19 21:23 . 2011-05-19 21:23 2708992 c:\windows\Installer\326c54.msi
+ 2011-06-15 18:51 . 2011-06-15 18:51 1911808 c:\windows\Installer\326c4e.msi
+ 2009-07-14 04:54 . 2012-03-21 14:49 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-19 07:46 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-10 02:50 . 2012-03-21 14:48 51713792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2265134829-1860100101-14944148-1000-8192.dat
+ 2011-06-10 04:09 . 2012-03-21 14:32 18924004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2265134829-1860100101-14944148-1000-12288.dat
- 2011-06-10 04:09 . 2012-03-19 06:29 18924004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2265134829-1860100101-14944148-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"hVcFymSUOVmBXKV.exe"="c:\programdata\hVcFymSUOVmBXKV.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-06-10 560128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-02-01 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 18734784;18734784;c:\windows\system32\DRIVERS\18734784.sys [x]
S0 96661089;96661089;c:\windows\system32\DRIVERS\96661089.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 7917334drv;7917334drv;c:\windows\system32\DRIVERS\7917334drv.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-09-08 383544]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-01-19 76288]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2265134829-1860100101-14944148-1000Core.job
- c:\users\Yusuf Ahmed-Yusuf\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-13 05:16]
.
2012-03-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2265134829-1860100101-14944148-1000UA.job
- c:\users\Yusuf Ahmed-Yusuf\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-13 05:16]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2265134829-1860100101-14944148-1000Core.job
- c:\users\Yusuf Ahmed-Yusuf\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-21 06:20]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2265134829-1860100101-14944148-1000UA.job
- c:\users\Yusuf Ahmed-Yusuf\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-21 06:20]
.
2012-03-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-03-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-18 9608224]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Yusuf Ahmed-Yusuf\AppData\Roaming\Mozilla\Firefox\Profiles\efr7hmry.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - user.js: general.useragent.extra.brc -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:bd,38,7a,2c,85,c2,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,00,57,18,11,ac,31,4e,b7,43,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,00,57,18,11,ac,31,4e,b7,43,3e,\
.
[HKEY_USERS\S-1-5-21-2265134829-1860100101-14944148-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{301FD08C-C6ED-8CB6-D550-A0A3F871D626}*]
"maagdnopdnokiaidkmabldkmci"=hex:6f,61,6e,67,65,67,69,64,70,70,68,6a,6d,70,6a,
6f,66,69,6d,65,61,63,69,70,6a,6c,6a,64,70,69,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"ProductCode"="{4E871FDC-9F08-4B4F-86AE-6BAA1A282E2C}"
"PackageFeatures"=dword:00000003
"LanguageCode"="en-us"
"ProductACode"=dword:0000006e
"ProductBase"=dword:00000001
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="5.0.94.0"
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"UniqueId"="0795CC2B4EA6AB9D"
"ScannerBuild"=dword:000027e9
"ScannerVersionId"=dword:000019bf
"ScannerVersion"="Locked/open ESET for status."
"ei2"=hex(B):3e,34,d1,ac,94,7a,94,e5
"ei1"=hex(B):b8,ac,6f,af,84,c7,00,00
"ei3"=hex(B):05,c8,a6,4e,00,00,00,00
"ei4"=dword:00000003
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-03-21 10:52:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-21 14:52
ComboFix2.txt 2012-03-21 07:11
ComboFix3.txt 2012-03-19 07:50
ComboFix4.txt 2011-10-09 21:01
.
Pre-Run: 649,426,784,256 bytes free
Post-Run: 649,057,394,688 bytes free
.
- - End Of File - - 102282E0221B7C6EF51712B68C2749DF

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 AM

Posted 21 March 2012 - 12:29 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 leoluch

leoluch
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 21 March 2012 - 02:36 PM

No problem running either

TDSKILLER

15:34:34.0597 5692 TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
15:34:34.0909 5692 ============================================================
15:34:34.0909 5692 Current date / time: 2012/03/21 15:34:34.0909
15:34:34.0909 5692 SystemInfo:
15:34:34.0909 5692
15:34:34.0909 5692 OS Version: 6.1.7601 ServicePack: 1.0
15:34:34.0909 5692 Product type: Workstation
15:34:34.0909 5692 ComputerName: YUSUF
15:34:34.0909 5692 UserName: Yusuf Ahmed-Yusuf
15:34:34.0909 5692 Windows directory: C:\Windows
15:34:34.0909 5692 System windows directory: C:\Windows
15:34:34.0909 5692 Running under WOW64
15:34:34.0909 5692 Processor architecture: Intel x64
15:34:34.0909 5692 Number of processors: 4
15:34:34.0909 5692 Page size: 0x1000
15:34:34.0909 5692 Boot type: Normal boot
15:34:34.0909 5692 ============================================================
15:34:35.0782 5692 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:34:35.0813 5692 \Device\Harddisk0\DR0:
15:34:35.0813 5692 MBR used
15:34:35.0813 5692 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x187F000
15:34:35.0813 5692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1893000, BlocksNum 0x72E73000
15:34:35.0860 5692 Initialize success
15:34:35.0860 5692 ============================================================
15:34:37.0046 5968 ============================================================
15:34:37.0046 5968 Scan started
15:34:37.0046 5968 Mode: Manual;
15:34:37.0046 5968 ============================================================
15:34:38.0465 5968 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:34:38.0481 5968 1394ohci - ok
15:34:38.0543 5968 18734784 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\18734784.sys
15:34:38.0543 5968 18734784 - ok
15:34:38.0606 5968 7917334drv (8acbb0d11a99ef06bffd09c5b4df0925) C:\Windows\system32\DRIVERS\7917334drv.sys
15:34:38.0606 5968 7917334drv - ok
15:34:38.0668 5968 96661089 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\96661089.sys
15:34:38.0668 5968 96661089 - ok
15:34:38.0699 5968 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:34:38.0699 5968 ACPI - ok
15:34:38.0715 5968 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:34:38.0715 5968 AcpiPmi - ok
15:34:38.0746 5968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:34:38.0762 5968 adp94xx - ok
15:34:38.0777 5968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:34:38.0777 5968 adpahci - ok
15:34:38.0793 5968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:34:38.0793 5968 adpu320 - ok
15:34:38.0824 5968 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:34:38.0824 5968 AFD - ok
15:34:38.0840 5968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:34:38.0840 5968 agp440 - ok
15:34:38.0855 5968 ahcix64s (37fa0f874ba8ecd5851d44a7f1c9700e) C:\Windows\system32\DRIVERS\ahcix64s.sys
15:34:38.0855 5968 ahcix64s - ok
15:34:38.0871 5968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:34:38.0871 5968 aliide - ok
15:34:38.0887 5968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:34:38.0887 5968 amdide - ok
15:34:38.0949 5968 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
15:34:38.0949 5968 amdiox64 - ok
15:34:38.0965 5968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:34:38.0965 5968 AmdK8 - ok
15:34:39.0152 5968 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
15:34:39.0292 5968 amdkmdag - ok
15:34:39.0323 5968 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
15:34:39.0323 5968 amdkmdap - ok
15:34:39.0339 5968 AmdLLD64 (c27e46c19d5a48ca02c11e3c9b58f4c1) C:\Windows\system32\DRIVERS\AmdLLD64.sys
15:34:39.0339 5968 AmdLLD64 - ok
15:34:39.0355 5968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:34:39.0355 5968 AmdPPM - ok
15:34:39.0355 5968 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
15:34:39.0370 5968 amdsata - ok
15:34:39.0401 5968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:34:39.0417 5968 amdsbs - ok
15:34:39.0417 5968 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
15:34:39.0417 5968 amdxata - ok
15:34:39.0542 5968 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:34:39.0542 5968 AODDriver4.01 - ok
15:34:39.0573 5968 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:34:39.0573 5968 AppID - ok
15:34:39.0589 5968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:34:39.0604 5968 arc - ok
15:34:39.0604 5968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:34:39.0604 5968 arcsas - ok
15:34:39.0620 5968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:34:39.0620 5968 AsyncMac - ok
15:34:39.0635 5968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:34:39.0635 5968 atapi - ok
15:34:39.0651 5968 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
15:34:39.0651 5968 AtiHDAudioService - ok
15:34:39.0682 5968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:34:39.0682 5968 b06bdrv - ok
15:34:39.0698 5968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:34:39.0698 5968 b57nd60a - ok
15:34:39.0713 5968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:34:39.0713 5968 Beep - ok
15:34:39.0776 5968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:34:39.0776 5968 blbdrive - ok
15:34:39.0791 5968 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:34:39.0791 5968 bowser - ok
15:34:39.0807 5968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:34:39.0807 5968 BrFiltLo - ok
15:34:39.0823 5968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:34:39.0823 5968 BrFiltUp - ok
15:34:39.0838 5968 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:34:39.0838 5968 BridgeMP - ok
15:34:39.0854 5968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:34:39.0854 5968 Brserid - ok
15:34:39.0869 5968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:34:39.0869 5968 BrSerWdm - ok
15:34:39.0885 5968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:34:39.0885 5968 BrUsbMdm - ok
15:34:39.0885 5968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:34:39.0885 5968 BrUsbSer - ok
15:34:39.0901 5968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:34:39.0916 5968 BTHMODEM - ok
15:34:39.0947 5968 catchme - ok
15:34:39.0994 5968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:34:39.0994 5968 cdfs - ok
15:34:40.0010 5968 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:34:40.0010 5968 cdrom - ok
15:34:40.0025 5968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:34:40.0025 5968 circlass - ok
15:34:40.0088 5968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:34:40.0088 5968 CLFS - ok
15:34:40.0103 5968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:34:40.0103 5968 CmBatt - ok
15:34:40.0119 5968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:34:40.0119 5968 cmdide - ok
15:34:40.0150 5968 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:34:40.0150 5968 CNG - ok
15:34:40.0166 5968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:34:40.0166 5968 Compbatt - ok
15:34:40.0181 5968 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:34:40.0181 5968 CompositeBus - ok
15:34:40.0197 5968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:34:40.0197 5968 crcdisk - ok
15:34:40.0275 5968 CrystalSysInfo (5228b7a738dc90a06ae4f4a7412cb1e9) C:\Program Files\MediaCoder\SysInfoX64.sys
15:34:40.0275 5968 CrystalSysInfo - ok
15:34:40.0306 5968 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:34:40.0306 5968 DfsC - ok
15:34:40.0337 5968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:34:40.0337 5968 discache - ok
15:34:40.0353 5968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:34:40.0353 5968 Disk - ok
15:34:40.0369 5968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:34:40.0369 5968 drmkaud - ok
15:34:40.0400 5968 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:34:40.0415 5968 DXGKrnl - ok
15:34:40.0415 5968 EagleX64 - ok
15:34:40.0478 5968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:34:40.0540 5968 ebdrv - ok
15:34:40.0556 5968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:34:40.0571 5968 elxstor - ok
15:34:40.0587 5968 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys
15:34:40.0587 5968 EpfwLWF - ok
15:34:40.0603 5968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:34:40.0603 5968 ErrDev - ok
15:34:40.0618 5968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:34:40.0634 5968 exfat - ok
15:34:40.0634 5968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:34:40.0634 5968 fastfat - ok
15:34:40.0649 5968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:34:40.0649 5968 fdc - ok
15:34:40.0681 5968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:34:40.0681 5968 FileInfo - ok
15:34:40.0681 5968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:34:40.0681 5968 Filetrace - ok
15:34:40.0696 5968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:34:40.0696 5968 flpydisk - ok
15:34:40.0712 5968 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:34:40.0727 5968 FltMgr - ok
15:34:40.0743 5968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:34:40.0743 5968 FsDepends - ok
15:34:40.0759 5968 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:34:40.0759 5968 Fs_Rec - ok
15:34:40.0774 5968 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:34:40.0790 5968 fvevol - ok
15:34:40.0805 5968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:34:40.0805 5968 gagp30kx - ok
15:34:40.0837 5968 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:34:40.0837 5968 GEARAspiWDM - ok
15:34:40.0852 5968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:34:40.0852 5968 hcw85cir - ok
15:34:40.0868 5968 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:34:40.0868 5968 HDAudBus - ok
15:34:40.0883 5968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:34:40.0883 5968 HidBatt - ok
15:34:40.0883 5968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:34:40.0883 5968 HidBth - ok
15:34:40.0899 5968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:34:40.0899 5968 HidIr - ok
15:34:40.0915 5968 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:34:40.0915 5968 HidUsb - ok
15:34:40.0930 5968 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:34:40.0930 5968 HpSAMD - ok
15:34:40.0961 5968 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:34:40.0977 5968 HTTP - ok
15:34:40.0993 5968 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:34:40.0993 5968 hwpolicy - ok
15:34:41.0008 5968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:34:41.0008 5968 i8042prt - ok
15:34:41.0039 5968 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:34:41.0039 5968 iaStorV - ok
15:34:41.0071 5968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:34:41.0071 5968 iirsp - ok
15:34:41.0117 5968 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
15:34:41.0149 5968 IntcAzAudAddService - ok
15:34:41.0164 5968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:34:41.0180 5968 intelide - ok
15:34:41.0195 5968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:34:41.0195 5968 intelppm - ok
15:34:41.0211 5968 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:34:41.0211 5968 IpFilterDriver - ok
15:34:41.0227 5968 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:34:41.0242 5968 IPMIDRV - ok
15:34:41.0242 5968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:34:41.0242 5968 IPNAT - ok
15:34:41.0289 5968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:34:41.0289 5968 IRENUM - ok
15:34:41.0305 5968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:34:41.0305 5968 isapnp - ok
15:34:41.0320 5968 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\DRIVERS\msiscsi.sys
15:34:41.0320 5968 iScsiPrt - ok
15:34:41.0336 5968 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
15:34:41.0336 5968 k57nd60a - ok
15:34:41.0351 5968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:34:41.0351 5968 kbdclass - ok
15:34:41.0367 5968 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:34:41.0367 5968 kbdhid - ok
15:34:41.0383 5968 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:34:41.0383 5968 KSecDD - ok
15:34:41.0398 5968 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:34:41.0398 5968 KSecPkg - ok
15:34:41.0414 5968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:34:41.0429 5968 ksthunk - ok
15:34:41.0492 5968 Linksys_adapter_H (584528bf596a54b2bf6be5067adda44a) C:\Windows\system32\DRIVERS\AE2500w764.sys
15:34:41.0523 5968 Linksys_adapter_H - ok
15:34:41.0554 5968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:34:41.0554 5968 lltdio - ok
15:34:41.0617 5968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:34:41.0617 5968 LSI_FC - ok
15:34:41.0648 5968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:34:41.0648 5968 LSI_SAS - ok
15:34:41.0648 5968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:34:41.0663 5968 LSI_SAS2 - ok
15:34:41.0679 5968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:34:41.0679 5968 LSI_SCSI - ok
15:34:41.0726 5968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:34:41.0726 5968 luafv - ok
15:34:41.0757 5968 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
15:34:41.0757 5968 mcdbus - ok
15:34:41.0773 5968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:34:41.0773 5968 megasas - ok
15:34:41.0788 5968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:34:41.0804 5968 MegaSR - ok
15:34:41.0804 5968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:34:41.0804 5968 Modem - ok
15:34:41.0835 5968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:34:41.0835 5968 monitor - ok
15:34:41.0835 5968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:34:41.0835 5968 mouclass - ok
15:34:41.0866 5968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:34:41.0866 5968 mouhid - ok
15:34:41.0882 5968 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:34:41.0897 5968 mountmgr - ok
15:34:41.0944 5968 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
15:34:41.0944 5968 MpFilter - ok
15:34:41.0960 5968 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:34:41.0960 5968 mpio - ok
15:34:41.0975 5968 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:34:41.0975 5968 MpNWMon - ok
15:34:42.0022 5968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:34:42.0022 5968 mpsdrv - ok
15:34:42.0053 5968 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:34:42.0053 5968 MRxDAV - ok
15:34:42.0116 5968 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:34:42.0116 5968 mrxsmb - ok
15:34:42.0147 5968 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:34:42.0147 5968 mrxsmb10 - ok
15:34:42.0163 5968 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:34:42.0163 5968 mrxsmb20 - ok
15:34:42.0178 5968 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:34:42.0178 5968 msahci - ok
15:34:42.0209 5968 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:34:42.0209 5968 msdsm - ok
15:34:42.0225 5968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:34:42.0225 5968 Msfs - ok
15:34:42.0241 5968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:34:42.0241 5968 mshidkmdf - ok
15:34:42.0272 5968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:34:42.0272 5968 msisadrv - ok
15:34:42.0303 5968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:34:42.0303 5968 MSKSSRV - ok
15:34:42.0303 5968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:34:42.0303 5968 MSPCLOCK - ok
15:34:42.0334 5968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:34:42.0334 5968 MSPQM - ok
15:34:42.0350 5968 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:34:42.0350 5968 MsRPC - ok
15:34:42.0365 5968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:34:42.0365 5968 mssmbios - ok
15:34:42.0381 5968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:34:42.0381 5968 MSTEE - ok
15:34:42.0381 5968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:34:42.0381 5968 MTConfig - ok
15:34:42.0397 5968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:34:42.0397 5968 Mup - ok
15:34:42.0443 5968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:34:42.0475 5968 NativeWifiP - ok
15:34:42.0553 5968 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
15:34:42.0553 5968 NDIS - ok
15:34:42.0568 5968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:34:42.0568 5968 NdisCap - ok
15:34:42.0584 5968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:34:42.0584 5968 NdisTapi - ok
15:34:42.0631 5968 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:34:42.0631 5968 Ndisuio - ok
15:34:42.0646 5968 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:34:42.0646 5968 NdisWan - ok
15:34:42.0677 5968 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:34:42.0677 5968 NDProxy - ok
15:34:42.0693 5968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:34:42.0693 5968 NetBIOS - ok
15:34:42.0724 5968 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:34:42.0724 5968 NetBT - ok
15:34:42.0755 5968 netr28ux (883269c1ca478658f1334f3c39b0c7ac) C:\Windows\system32\DRIVERS\netr28ux.sys
15:34:42.0771 5968 netr28ux - ok
15:34:42.0787 5968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:34:42.0787 5968 nfrd960 - ok
15:34:42.0802 5968 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:34:42.0818 5968 NisDrv - ok
15:34:42.0818 5968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:34:42.0818 5968 Npfs - ok
15:34:42.0833 5968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:34:42.0833 5968 nsiproxy - ok
15:34:42.0880 5968 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:34:42.0911 5968 Ntfs - ok
15:34:42.0927 5968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:34:42.0927 5968 Null - ok
15:34:42.0943 5968 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:34:42.0943 5968 nvraid - ok
15:34:42.0958 5968 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:34:42.0958 5968 nvstor - ok
15:34:42.0989 5968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:34:42.0989 5968 nv_agp - ok
15:34:43.0005 5968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:34:43.0005 5968 ohci1394 - ok
15:34:43.0021 5968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:34:43.0021 5968 Parport - ok
15:34:43.0036 5968 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:34:43.0036 5968 partmgr - ok
15:34:43.0067 5968 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
15:34:43.0067 5968 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
15:34:43.0083 5968 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:34:43.0083 5968 pci - ok
15:34:43.0099 5968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:34:43.0099 5968 pciide - ok
15:34:43.0114 5968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:34:43.0130 5968 pcmcia - ok
15:34:43.0145 5968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:34:43.0145 5968 pcw - ok
15:34:43.0161 5968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:34:43.0161 5968 PEAUTH - ok
15:34:43.0208 5968 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:34:43.0208 5968 PptpMiniport - ok
15:34:43.0223 5968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:34:43.0223 5968 Processor - ok
15:34:43.0286 5968 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:34:43.0286 5968 Psched - ok
15:34:43.0333 5968 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
15:34:43.0333 5968 PSI - ok
15:34:43.0348 5968 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:34:43.0364 5968 PxHlpa64 - ok
15:34:43.0411 5968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:34:43.0426 5968 ql2300 - ok
15:34:43.0473 5968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:34:43.0473 5968 ql40xx - ok
15:34:43.0489 5968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:34:43.0489 5968 QWAVEdrv - ok
15:34:43.0504 5968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:34:43.0504 5968 RasAcd - ok
15:34:43.0520 5968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:34:43.0520 5968 RasAgileVpn - ok
15:34:43.0551 5968 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:34:43.0551 5968 Rasl2tp - ok
15:34:43.0567 5968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:34:43.0567 5968 RasPppoe - ok
15:34:43.0567 5968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:34:43.0567 5968 RasSstp - ok
15:34:43.0629 5968 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:34:43.0629 5968 rdbss - ok
15:34:43.0645 5968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:34:43.0645 5968 rdpbus - ok
15:34:43.0660 5968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:34:43.0660 5968 RDPCDD - ok
15:34:43.0676 5968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:34:43.0676 5968 RDPENCDD - ok
15:34:43.0691 5968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:34:43.0691 5968 RDPREFMP - ok
15:34:43.0707 5968 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:34:43.0707 5968 RDPWD - ok
15:34:43.0738 5968 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:34:43.0738 5968 rdyboost - ok
15:34:43.0769 5968 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
15:34:43.0769 5968 RimUsb - ok
15:34:43.0785 5968 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
15:34:43.0785 5968 RimVSerPort - ok
15:34:43.0816 5968 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
15:34:43.0816 5968 ROOTMODEM - ok
15:34:43.0832 5968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:34:43.0832 5968 rspndr - ok
15:34:43.0894 5968 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:34:43.0894 5968 SASDIFSV - ok
15:34:43.0910 5968 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:34:43.0910 5968 SASKUTIL - ok
15:34:43.0925 5968 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:34:43.0925 5968 sbp2port - ok
15:34:43.0957 5968 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:34:43.0957 5968 scfilter - ok
15:34:43.0972 5968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:34:43.0972 5968 secdrv - ok
15:34:44.0035 5968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:34:44.0035 5968 Serenum - ok
15:34:44.0050 5968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:34:44.0050 5968 Serial - ok
15:34:44.0081 5968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:34:44.0081 5968 sermouse - ok
15:34:44.0097 5968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:34:44.0097 5968 sffdisk - ok
15:34:44.0113 5968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:34:44.0113 5968 sffp_mmc - ok
15:34:44.0113 5968 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:34:44.0113 5968 sffp_sd - ok
15:34:44.0128 5968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:34:44.0144 5968 sfloppy - ok
15:34:44.0206 5968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:34:44.0206 5968 SiSRaid2 - ok
15:34:44.0237 5968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:34:44.0237 5968 SiSRaid4 - ok
15:34:44.0237 5968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:34:44.0237 5968 Smb - ok
15:34:44.0269 5968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:34:44.0269 5968 spldr - ok
15:34:44.0315 5968 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:34:44.0315 5968 srv - ok
15:34:44.0362 5968 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:34:44.0362 5968 srv2 - ok
15:34:44.0378 5968 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:34:44.0378 5968 srvnet - ok
15:34:44.0393 5968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:34:44.0393 5968 stexstor - ok
15:34:44.0425 5968 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:34:44.0425 5968 StillCam - ok
15:34:44.0440 5968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:34:44.0440 5968 swenum - ok
15:34:44.0487 5968 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:34:44.0518 5968 Tcpip - ok
15:34:44.0549 5968 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:34:44.0549 5968 TCPIP6 - ok
15:34:44.0581 5968 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:34:44.0581 5968 tcpipreg - ok
15:34:44.0596 5968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:34:44.0612 5968 TDPIPE - ok
15:34:44.0627 5968 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:34:44.0627 5968 TDTCP - ok
15:34:44.0643 5968 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:34:44.0643 5968 tdx - ok
15:34:44.0674 5968 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:34:44.0674 5968 TermDD - ok
15:34:44.0705 5968 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:34:44.0705 5968 tssecsrv - ok
15:34:44.0721 5968 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:34:44.0737 5968 TsUsbFlt - ok
15:34:44.0783 5968 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:34:44.0783 5968 tunnel - ok
15:34:44.0799 5968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:34:44.0799 5968 uagp35 - ok
15:34:44.0815 5968 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:34:44.0815 5968 udfs - ok
15:34:44.0830 5968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:34:44.0830 5968 uliagpkx - ok
15:34:44.0846 5968 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:34:44.0846 5968 umbus - ok
15:34:44.0861 5968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:34:44.0861 5968 UmPass - ok
15:34:44.0924 5968 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:34:44.0924 5968 usbccgp - ok
15:34:44.0939 5968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:34:44.0939 5968 usbcir - ok
15:34:44.0955 5968 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:34:44.0955 5968 usbehci - ok
15:34:44.0971 5968 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:34:44.0971 5968 usbhub - ok
15:34:44.0986 5968 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:34:44.0986 5968 usbohci - ok
15:34:45.0002 5968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:34:45.0002 5968 usbprint - ok
15:34:45.0017 5968 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:34:45.0017 5968 USBSTOR - ok
15:34:45.0033 5968 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:34:45.0033 5968 usbuhci - ok
15:34:45.0049 5968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:34:45.0049 5968 vdrvroot - ok
15:34:45.0064 5968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:34:45.0064 5968 vga - ok
15:34:45.0080 5968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:34:45.0080 5968 VgaSave - ok
15:34:45.0095 5968 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:34:45.0095 5968 vhdmp - ok
15:34:45.0111 5968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:34:45.0111 5968 viaide - ok
15:34:45.0127 5968 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:34:45.0127 5968 volmgr - ok
15:34:45.0158 5968 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:34:45.0158 5968 volmgrx - ok
15:34:45.0173 5968 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:34:45.0173 5968 volsnap - ok
15:34:45.0189 5968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:34:45.0189 5968 vsmraid - ok
15:34:45.0205 5968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:34:45.0220 5968 vwifibus - ok
15:34:45.0220 5968 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:34:45.0236 5968 vwififlt - ok
15:34:45.0236 5968 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:34:45.0236 5968 vwifimp - ok
15:34:45.0283 5968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:34:45.0283 5968 WacomPen - ok
15:34:45.0314 5968 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:34:45.0314 5968 WANARP - ok
15:34:45.0314 5968 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:34:45.0314 5968 Wanarpv6 - ok
15:34:45.0329 5968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:34:45.0345 5968 Wd - ok
15:34:45.0361 5968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:34:45.0361 5968 Wdf01000 - ok
15:34:45.0392 5968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:34:45.0392 5968 WfpLwf - ok
15:34:45.0439 5968 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:34:45.0439 5968 WimFltr - ok
15:34:45.0454 5968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:34:45.0454 5968 WIMMount - ok
15:34:45.0517 5968 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:34:45.0517 5968 WinUsb - ok
15:34:45.0532 5968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:34:45.0532 5968 WmiAcpi - ok
15:34:45.0548 5968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:34:45.0548 5968 ws2ifsl - ok
15:34:45.0579 5968 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:34:45.0579 5968 WSDPrintDevice - ok
15:34:45.0610 5968 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:34:45.0610 5968 WudfPf - ok
15:34:45.0626 5968 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:34:45.0626 5968 WUDFRd - ok
15:34:45.0657 5968 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:34:45.0782 5968 \Device\Harddisk0\DR0 - ok
15:34:45.0782 5968 Boot (0x1200) (e049eb384dab1f3f8db4dff4487c2125) \Device\Harddisk0\DR0\Partition0
15:34:45.0782 5968 \Device\Harddisk0\DR0\Partition0 - ok
15:34:45.0797 5968 Boot (0x1200) (0051e91e459c4e8de7960842dce31562) \Device\Harddisk0\DR0\Partition1
15:34:45.0797 5968 \Device\Harddisk0\DR0\Partition1 - ok
15:34:45.0797 5968 ============================================================
15:34:45.0797 5968 Scan finished
15:34:45.0797 5968 ============================================================
15:34:45.0797 5796 Detected object count: 0
15:34:45.0797 5796 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 AM

Posted 21 March 2012 - 02:47 PM

I would like to have the report from aswMBR now please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 leoluch

leoluch
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 21 March 2012 - 02:48 PM

ASWMBR



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-21 15:37:13
-----------------------------
15:37:13.042 OS Version: Windows x64 6.1.7601 Service Pack 1
15:37:13.042 Number of processors: 4 586 0x403
15:37:13.042 ComputerName: YUSUF UserName:
15:37:16.084 Initialize success
15:38:26.816 AVAST engine defs: 12032000
15:40:12.522 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
15:40:12.522 Disk 0 Vendor: ST310005 JC47 Size: 953869MB BusType: 11
15:40:12.538 Disk 0 MBR read successfully
15:40:12.538 Disk 0 MBR scan
15:40:12.538 Disk 0 Windows XP default MBR code
15:40:12.538 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
15:40:12.538 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12542 MB offset 81920
15:40:12.553 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941286 MB offset 25767936
15:40:12.584 Disk 0 scanning C:\Windows\system32\drivers
15:40:20.291 Service scanning
15:40:34.112 Modules scanning
15:40:34.128 Disk 0 trace - called modules:
15:40:34.128 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
15:40:34.128 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a4b060]
15:40:34.128 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8003ad6040]
15:40:34.144 5 amdxata.sys[fffff880010ba7a8] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa8003acf9c0]
15:40:38.153 AVAST engine scan C:\Windows
15:40:40.836 AVAST engine scan C:\Windows\system32
15:43:20.643 AVAST engine scan C:\Windows\system32\drivers
15:43:30.018 AVAST engine scan C:\Users\Yusuf Ahmed-Yusuf
15:47:16.624 Disk 0 MBR has been saved successfully to "C:\Users\Yusuf Ahmed-Yusuf\Desktop\MBR.dat"
15:47:16.624 The log file has been saved successfully to "C:\Users\Yusuf Ahmed-Yusuf\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 AM

Posted 21 March 2012 - 02:57 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\YouTube Downloader Toolbar
c:\program files (x86)\Common Files\Spigot

File::
c:\windows\system32\drivers\7917334drv.sys
c:\windows\system32\drivers\96661089.sys
c:\windows\system32\drivers\18734784.sys
c:\programdata\hVcFymSUOVmBXKV.exe

Firefox::
FF - ProfilePath - c:\users\Yusuf Ahmed-Yusuf\AppData\Roaming\Mozilla\Firefox\Profiles\efr7hmry.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}

Driver::
18734784
96661089
7917334drv

RegNull::
[HKEY_USERS\S-1-5-21-2265134829-1860100101-14944148-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{301FD08C-C6ED-8CB6-D550-A0A3F871D626}*]
 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 leoluch

leoluch
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 21 March 2012 - 04:09 PM

Computer is running a bit and chrome is still redirecting pages. Here is the script

ComboFix 12-03-21.01 - Yusuf Ahmed-Yusuf 1/2012 Wed 16:03:42.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.4095.2390 [GMT -4:00]
Running from: c:\users\Yusuf Ahmed-Yusuf\Desktop\ComboFix.exe
Command switches used :: c:\users\Yusuf Ahmed-Yusuf\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\hVcFymSUOVmBXKV.exe"
"c:\windows\system32\drivers\18734784.sys"
"c:\windows\system32\drivers\7917334drv.sys"
"c:\windows\system32\drivers\96661089.sys"
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Spigot
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\config.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\wth.dll
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files (x86)\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\chrome.manifest
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\install.rdf
c:\program files (x86)\Common Files\Spigot\wtxpcom\install.rdf
c:\program files (x86)\YouTube Downloader Toolbar
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome.manifest
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\brwobj.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\chevron.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\chevron.xul
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\JSWidget.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\login.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\login.xul
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\parser.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\RadioWidget.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\RadioWidget.xul
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\searchbox.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\searchbox.xul
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\utils.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\widgichevron.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\widgicomm.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\widgihandling.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\widgilisteners.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\content\widgiui.js
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\amazon.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\chevron.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\dailymotion.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\dropinsavings.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\dropinsavingsabt.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\ebay.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\facebook.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\googleplus.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\hulu.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\metacafe.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\radio-close.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\radio-minimize.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\radiobeta.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\search-button.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\search-wmrk-baidu.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\search-wmrk-yahoo.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\search-wmrk-yandex.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\search_baidu.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\search_yandex.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\search_youtube.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\searchbox.css
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\splitter.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\twitter.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\veoh.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\youtube.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\ytd.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\ytd_logo.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\skin\ytd_logo_hover.gif
c:\program files (x86)\YouTube Downloader Toolbar\FF\install.rdf
c:\program files (x86)\YouTube Downloader Toolbar\IE\5.0\config.ini
c:\program files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll
c:\program files (x86)\YouTube Downloader Toolbar\Res\amazon.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\dailymotion.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\dropinsavings.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\dropinsavingsabt.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ebay.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\facebook.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\googleplus.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\hulu.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\icon_settings.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1031.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1033.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1034.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1036.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1040.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\metacafe.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\radio-close.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\radio-minimize.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\radiobeta.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-button-hover.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-button.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-chevron.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_amazon.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_baidu.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_ebay.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_yahoo.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_yandex.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_youtube.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\twitter.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\veoh.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\widgets.xml
c:\program files (x86)\YouTube Downloader Toolbar\Res\youtube.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd_logo.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd_logo_hover.gif
c:\program files (x86)\YouTube Downloader Toolbar\WidgiHelper.exe
c:\windows\system32\drivers\18734784.sys
c:\windows\system32\drivers\7917334drv.sys
c:\windows\system32\drivers\96661089.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_18734784
-------\Legacy_7917334DRV
-------\Legacy_96661089
-------\Service_18734784
-------\Service_7917334drv
-------\Service_96661089
.
.
((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
.
.
2012-03-21 20:39 . 2012-03-21 20:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-21 20:39 . 2012-03-21 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-21 19:48 . 2012-03-14 00:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C132C3B-1243-4593-A07E-0AEF6BBFD69E}\mpengine.dll
2012-03-21 07:38 . 2012-03-21 07:38 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA83C6B9-23DB-4AF0-B4E6-9D35C2493787}\gapaengine.dll
2012-03-21 06:39 . 2012-03-21 06:39 -------- d-----w- c:\users\Yusuf Ahmed-Yusuf\AppData\Local\Safe mirror
2012-03-21 06:38 . 2012-03-21 14:22 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2012-03-20 05:02 . 2012-03-20 05:02 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-20 04:41 . 2012-03-20 04:44 1026 ----a-w- c:\windows\SysWow64\tmp.reg
2012-03-20 04:40 . 2012-03-21 08:25 -------- d-----w- c:\users\Yusuf Ahmed-Yusuf\SmitfraudFix
2012-03-20 02:57 . 2012-03-20 02:57 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-20 02:57 . 2012-03-20 02:57 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-20 02:25 . 2012-03-20 02:25 -------- d--h--w- c:\windows\AxInstSV
2012-03-19 21:06 . 2011-01-06 05:10 1895960 ----a-w- c:\users\Yusuf Ahmed-Yusuf\SREngLdr.EXE
2012-03-19 17:00 . 2012-03-19 17:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-19 17:00 . 2012-03-19 17:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-19 08:39 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-03-19 07:18 . 2012-03-19 07:18 -------- d-----w- C:\avast! sandbox
2012-03-19 07:01 . 2012-03-19 08:08 -------- d-----w- c:\programdata\IObit
2012-03-19 07:00 . 2012-03-19 07:01 -------- d-----w- c:\users\Yusuf Ahmed-Yusuf\AppData\Roaming\IObit
2012-03-19 07:00 . 2012-03-19 08:08 -------- d-----w- c:\program files (x86)\IObit
2012-03-19 06:37 . 2012-03-21 14:19 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2012-03-19 02:58 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-19 02:58 . 2012-03-19 07:46 -------- d-----w- c:\programdata\AVAST Software
2012-03-19 02:58 . 2012-03-19 02:58 -------- d-----w- c:\program files\AVAST Software
2012-03-18 22:51 . 2012-03-19 00:33 -------- d-----w- C:\sh4ldr
2012-03-18 22:51 . 2012-03-18 22:51 -------- d-----w- c:\program files\Enigma Software Group
2012-03-18 22:49 . 2012-03-19 00:33 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-18 22:49 . 2012-03-18 22:49 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-03-18 22:40 . 2012-02-17 19:08 767952 ----a-w- c:\windows\BDTSupport.dll0329.old
2012-03-18 22:40 . 2012-02-17 19:08 149456 ----a-w- c:\windows\SGDetectionTool.dll0329.old
2012-03-18 22:40 . 2012-02-17 19:08 2250704 ----a-w- c:\windows\PCTBDCore.dll0329.old
2012-03-18 22:40 . 2012-02-24 14:31 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-03-18 22:40 . 2012-02-24 14:31 339608 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-03-18 22:40 . 2012-02-24 14:35 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-03-18 22:40 . 2012-03-18 23:47 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-18 22:38 . 2011-12-01 20:07 1096688 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-03-18 22:38 . 2011-12-01 20:07 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-03-18 22:38 . 2012-03-19 06:30 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-03-18 22:38 . 2012-02-24 14:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-03-18 22:37 . 2012-03-19 06:29 -------- d-----w- c:\programdata\PC Tools
2012-03-18 22:37 . 2012-03-18 22:37 -------- d-----w- c:\users\Yusuf Ahmed-Yusuf\AppData\Roaming\TestApp
2012-03-18 17:41 . 2012-03-18 18:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-17 17:45 . 2012-03-17 17:45 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 17:45 . 2012-03-17 17:45 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 08:08 . 2012-03-01 18:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CF1D0A9-977A-47F4-9561-1BBC4A7A7410}\mpengine.dll
2012-03-14 07:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 22:24 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 22:24 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 22:23 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 17:58 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:58 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:58 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:58 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:58 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:58 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:58 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-06 03:45 . 2012-03-06 03:45 -------- d-----w- c:\users\Yusuf Ahmed-Yusuf\AppData\Local\My_MP4Box_GUI
2012-03-06 03:07 . 2012-03-06 03:07 -------- d-----w- c:\program files\My MP4Box GUI
2012-03-06 02:54 . 2012-03-06 02:58 -------- d-----w- c:\users\Yusuf Ahmed-Yusuf\AppData\Roaming\avidemux
2012-03-06 02:54 . 2012-03-06 02:54 -------- d-----w- c:\program files (x86)\Avidemux 2.5
2012-03-06 01:14 . 2012-03-06 01:14 -------- d-----w- c:\program files (x86)\Free Video Joiner
2012-03-01 05:46 . 2012-03-01 05:46 -------- d-----w- c:\programdata\NCH Software
2012-03-01 05:46 . 2012-03-01 05:50 -------- d-----w- c:\users\Yusuf Ahmed-Yusuf\AppData\Roaming\NCH Software
2012-03-01 05:46 . 2012-03-01 05:46 -------- d-----w- c:\program files (x86)\NCH Software
2012-02-27 17:28 . 2012-03-02 11:48 -------- d-----w- c:\program files (x86)\Application Updater
2012-02-22 07:52 . 2012-02-22 07:52 -------- d-----w- c:\program files (x86)\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 02:25 . 2011-06-10 03:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2011-06-10 04:11 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-05 00:10 . 2011-06-08 02:04 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-19 14:22 . 2012-01-19 14:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
2012-01-04 10:44 . 2012-02-15 10:20 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 10:20 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 10:20 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 10:20 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 10:20 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-19_07.46.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-08 02:04 . 2012-03-21 15:06 64404 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-21 15:06 30982 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-10 02:17 . 2012-03-21 15:06 17634 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2265134829-1860100101-14944148-1000_UserData.bin
- 2011-06-21 07:15 . 2012-01-13 14:52 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-06-21 07:15 . 2012-03-20 04:45 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-04-27 19:25 . 2011-04-27 19:25 84864 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2011-04-18 17:18 . 2011-04-18 17:18 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2011-06-09 23:40 . 2012-03-21 07:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-09 23:40 . 2012-03-19 07:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-09 23:40 . 2012-03-21 07:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-09 23:40 . 2012-03-19 07:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-21 07:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-19 07:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-21 14:30 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-06-15 01:20 . 2012-03-21 15:04 3680 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-03-19 07:46 . 2012-03-19 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-21 20:40 . 2012-03-21 20:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-21 20:40 . 2012-03-21 20:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-19 07:46 . 2012-03-19 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-11 17:43 . 2012-03-11 17:43 250528 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
+ 2012-03-11 17:43 . 2012-03-20 02:25 250528 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
+ 2012-03-11 17:43 . 2012-03-20 02:25 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.dll
- 2012-03-11 17:43 . 2012-03-11 17:43 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.dll
- 2009-07-14 04:54 . 2012-03-19 07:46 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-21 20:40 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-03-20 02:57 621064 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-20 02:57 108284 c:\windows\system32\perfc009.dat
+ 2012-03-20 02:25 . 2012-03-20 02:25 465568 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
+ 2012-03-20 02:25 . 2012-03-20 02:25 376480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll
+ 2009-07-14 04:45 . 2012-03-21 20:40 523032 c:\windows\system32\FNTCACHE.DAT
+ 2011-04-18 17:18 . 2011-04-18 17:18 189440 c:\windows\system32\drivers\MpFilter.sys
- 2009-07-14 05:38 . 2011-12-26 05:57 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2012-03-21 08:25 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:01 . 2012-03-21 20:39 500676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-03-19 07:46 4341760 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-21 20:40 4341760 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-26 05:52 . 2012-03-21 20:39 5958672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-26 05:52 . 2012-03-19 07:23 5958672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-05-19 21:23 . 2011-05-19 21:23 2708992 c:\windows\Installer\326c54.msi
+ 2011-06-15 18:51 . 2011-06-15 18:51 1911808 c:\windows\Installer\326c4e.msi
+ 2009-07-14 04:54 . 2012-03-21 20:40 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-19 07:46 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-10 02:50 . 2012-03-21 20:39 55242220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2265134829-1860100101-14944148-1000-8192.dat
+ 2011-06-10 04:09 . 2012-03-21 14:32 18924004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2265134829-1860100101-14944148-1000-12288.dat
- 2011-06-10 04:09 . 2012-03-19 06:29 18924004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2265134829-1860100101-14944148-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"hVcFymSUOVmBXKV.exe"="c:\programdata\hVcFymSUOVmBXKV.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-06-10 560128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-02-01 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-09-08 383544]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-01-19 76288]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2265134829-1860100101-14944148-1000Core.job
- c:\users\Yusuf Ahmed-Yusuf\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-13 05:16]
.
2012-03-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2265134829-1860100101-14944148-1000UA.job
- c:\users\Yusuf Ahmed-Yusuf\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-13 05:16]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2265134829-1860100101-14944148-1000Core.job
- c:\users\Yusuf Ahmed-Yusuf\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-21 06:20]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2265134829-1860100101-14944148-1000UA.job
- c:\users\Yusuf Ahmed-Yusuf\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-21 06:20]
.
2012-03-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-03-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-18 9608224]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"combofix"="c:\combofix\CF25315.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Yusuf Ahmed-Yusuf\AppData\Roaming\Mozilla\Firefox\Profiles\efr7hmry.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - user.js: general.useragent.extra.brc -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:bd,38,7a,2c,85,c2,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,00,57,18,11,ac,31,4e,b7,43,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,00,57,18,11,ac,31,4e,b7,43,3e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"ProductCode"="{4E871FDC-9F08-4B4F-86AE-6BAA1A282E2C}"
"PackageFeatures"=dword:00000003
"LanguageCode"="en-us"
"ProductACode"=dword:0000006e
"ProductBase"=dword:00000001
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="5.0.94.0"
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"UniqueId"="0795CC2B4EA6AB9D"
"ScannerBuild"=dword:000027e9
"ScannerVersionId"=dword:000019bf
"ScannerVersion"="Locked/open ESET for status."
"ei2"=hex(B):3e,34,d1,ac,94,7a,94,e5
"ei1"=hex(B):b8,ac,6f,af,84,c7,00,00
"ei3"=hex(B):05,c8,a6,4e,00,00,00,00
"ei4"=dword:00000003
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-03-21 16:44:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-21 20:44
ComboFix2.txt 2012-03-21 14:52
ComboFix3.txt 2012-03-21 07:11
ComboFix4.txt 2012-03-19 07:50
ComboFix5.txt 2012-03-21 20:02
.
Pre-Run: 649,089,515,520 bytes free
Post-Run: 648,624,201,728 bytes free
.
- - End Of File - - F2E64419A76DBD502C9306B74E52106B

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 AM

Posted 21 March 2012 - 04:44 PM

It is only redirecting in chrome? - No other browsers?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 leoluch

leoluch
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 21 March 2012 - 04:51 PM

Yes,only chrome is redirecting.

Edited by leoluch, 21 March 2012 - 04:56 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 AM

Posted 21 March 2012 - 09:10 PM

Hello


very good - I want you to uninstall it and then reinstall it and let me know if it still rediects


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 leoluch

leoluch
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 22 March 2012 - 12:07 AM

Wow thanks it no longer redirect the webpages.
By the way what does
C:\Windows\SysWOW64\rundll32.exe

do?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 AM

Posted 22 March 2012 - 12:17 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 leoluch

leoluch
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 22 March 2012 - 02:02 AM

Okay here

Update for Microsoft Office 2007 (KB2508958)
4500_G510nz_Help_Web
4500G510nz_Software_Min
4500G510nz_web
Adobe AIR
Adobe Reader X (10.1.2)
AMD Fusion Media Explorer
AMD Fusion Utility for Desktops
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
AudioCoder x64 2011
Avidemux 2.5 (32-bit)
AviSynth 2.5
BlackBerry Desktop Software 6.1
BufferChm
Build Your Own Net Dream (remove only)
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplayEx 1.8
Cobian Backup 10
Combined Community Codec Pack 2011-06-26
Consumer In-Home Service Agreement
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
DirectX 9 Runtime
eMule
Facebook Video Calling 1.1.1.1
FileZilla Client 3.5.3
Free Video Joiner 1.1
Freemake Video Converter version 3.0.1
Google Chrome
GoToAssist 8.0.0.514
HF pAppLoc version 0.8
Internet Explorer
Japanese Fonts Support For Adobe Reader X
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 30
JDownloader 0.9
Junk Mail filter update
KeyHoleTV
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Messenger Companion
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MiPony 1.6.0
Mozilla Firefox 11.0 (x86 en-GB)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Pandion
PhotoShowExpress
piaip AppLocale
Prism Video File Converter
QuickTime
RAIDXpert
RAR Repair Tool v.4.0
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Scan
Secunia PSI (2.0.0.4003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skins
Skype? 5.8
Software Informer 1.1
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
System Requirements Lab CYRI
Tencent QQ
THX TruStudio PC
Toolbox
TrustedID
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.11
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Software Update
YouTube Downloader Toolbar v5.0
μTorrent




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users