TechSpot

Multiple iexplorer.exe process even when IE is not used

By Hi Hi
Apr 14, 2013
  1. I noticed that there are multiple instance of iexplorer.exe process in my Task Manager. I rarely use Internet Explorer. I couldn't figure out what is spawning the iexplorer process at all. A new iexplorer process is created for every few minutes apart. My system did not show any symptoms of being infected with virus. Can you please help me to identify the issue in the system. Thanks in advance for all your help and time.

    -----------------------------------
    I scanned my whole system using Charter Internet Security Suite (F-Secure). It did not find any virus.
    -----------------------------------

    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.04.13.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16540
    user :: GUDDU [administrator]

    Protection: Disabled

    4/14/2013 12:06:55 PM
    mbam-log-2013-04-14 (12-06-55).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208703
    Time elapsed: 2 minute(s), 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    -----------------------------------
    DDS Attach.txt


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/19/2012 9:57:55 AM
    System Uptime: 4/13/2013 10:27:06 AM (27 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM)2 Duo CPU T9900 @ 3.06GHz | Microprocessor | 797/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 465 GiB total, 432.585 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: Unknown Device
    Device ID: USB\VID_0000&PID_0000\5&1A65F586&0&1
    Manufacturer: (Standard USB Host Controller)
    Name: Unknown Device
    PNP Device ID: USB\VID_0000&PID_0000\5&1A65F586&0&1
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    7-Zip 9.20
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop Lightroom 4.3 64-bit
    Adobe Reader XI (11.0.02)
    AnyDVD
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Beyond Compare Version 3.3.5
    Bonjour
    Brother MFL-Pro Suite MFC-7860DW
    CCleaner
    Charter Security Suite
    Citrix Presentation Server Client
    CloneDVD2
    Computer Security 12.71.102.0 (release)
    CyberLink PowerDVD 9.5
    Dell Client System Update
    Dell ControlVault Host Components Installer 64 bit
    Dell System Detect
    Dell Touchpad
    DirectX 9 Runtime
    doPDF 7.3 printer
    Dropbox
    F-Secure CCF Reputation
    F-Secure CCF Scanning 1.18.127.7931 (release)
    F-Secure Network CCF 1.02.126
    FileZilla Client 3.6.0.2
    Freemake Audio Converter version 1.1.0
    Freemake Video Converter version 4.0.0
    Gadwin PrintScreen
    GOM Player
    Google Chrome
    Google Update Helper
    IDT Audio
    Integrated Webcam Driver (1.03.02.0919)
    iTunes
    iTunes Library Toolkit
    join.me
    Juniper Networks, Inc. Setup Client
    Juniper Networks, Inc. Setup Client 64-bit Activex Control
    Juniper Terminal Services Client
    Malwarebytes Anti-Malware version 1.75.0.1300
    MediaMonkey 4.0
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Mozilla Firefox 20.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Notepad++
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    NVIDIA Performance Drivers
    Online Safety 2.71.927.655
    PeerBlock 1.1 (r518)
    PhotoShowExpress
    RBVirtualFolder64Inst
    RICOH Media Driver ver.2.07.01.01
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Roxio File Backup
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    SIW 2011 Home Edition
    Sonic CinePlayer Decoder Pack
    TagScanner 5.1.630
    TeamViewer 8
    TeraCopy 2.27
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Winamp
    Winamp Detector Plug-in
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/7/2013 11:10:08 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024864.
    4/7/2013 11:10:08 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070020.
    4/13/2013 9:44:03 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    4/12/2013 2:43:33 AM, Error: F-Secure Gatekeeper [1] -
    .
    ==== End Of File ===========================

    --------------------------------------------------
    DDS - dds.txt

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16537
    Run by user at 13:03:59 on 2013-04-14
    #Option Extended Search is enabled.
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4084.2783 [GMT -5:00]
    .
    AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
    C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
    C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
    C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
    C:\Windows\System32\rpcnetp.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\SW\Util\TeamViewer8\TeamViewer_Service.exe
    C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
    C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Users\teledisaster\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\SW\Media\iTunes\iTunesHelper.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\teledisaster\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\notepad.exe
    C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSLAUNCH.EXE
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.dell.com
    uDefault_Page_URL = hxxp://www.dell.com
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    uRun: [PeerBlock] C:\SW\Util\PeerBlock\peerblock.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [F-Secure Hoster (42626)] "C:\Program Files (x86)\Charter Security Suite\fshoster32.exe" -app -hosterid:1
    mRun: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE" /splash
    mRun: [iTunesHelper] "C:\SW\Media\iTunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\SW\Util\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\TELEDI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\teledisaster\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\SW\Util\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\SW\Util\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: dell.com
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remote.amfam.com/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{277DC51F-E1E5-431F-86C0-A81925BDB55C} : DHCPNameServer = 172.16.30.10 172.16.30.11
    TCP: Interfaces\{99A95A43-F5B6-4241-8946-D03D2286A799} : DHCPNameServer = 192.168.1.1
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-Run: [nwiz] nwiz.exe /installquiet
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
    FF - plugin: C:\SW\Media\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-03-17 23:00; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    FF - ExtSQL: 2013-03-17 23:01; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2013-03-17 23:02; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2013-4-11 56016]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-19 55856]
    R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2013-3-2 62744]
    R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2013-3-2 14032]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [2012-10-19 89600]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2012-4-25 1043872]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2012-4-25 36768]
    R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-3-16 101888]
    R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [2012-11-26 183864]
    R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [2012-8-6 61176]
    R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-8 6810728]
    R2 TeamViewer8;TeamViewer 8;C:\SW\Util\TeamViewer8\TeamViewer_Service.exe [2013-3-3 3560800]
    R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2010-11-21 9728]
    R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2012-4-25 45672]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2013-3-2 200760]
    R3 fsni;fsni;C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys [2013-1-30 71680]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2008-6-3 168864]
    R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2008-9-18 315840]
    R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    RUnknown rpcnetp;rpcnetp; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMScheduler;MBAMScheduler;C:\SW\Util\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-3 418376]
    S2 MBAMService;MBAMService;C:\SW\Util\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-3 701512]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-3-17 266240]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-19 25928]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-2 19456]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-2 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-2 30208]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-19 1255736]
    .
    =============== Created Last 60 ================
    .
    2013-04-14 05:16:43--------d-----w-C:\Users\teledisaster\AppData\Local\ElevatedDiagnostics
    2013-04-13 01:16:0326520----a-w-C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
    2013-04-13 00:22:42861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2013-04-13 00:22:42782240----a-w-C:\Windows\SysWow64\deployJava1.dll
    2013-04-12 03:18:185550424----a-w-C:\Windows\System32\ntoskrnl.exe
    2013-04-12 03:18:153913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-12 03:18:143968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-12 03:18:136656----a-w-C:\Windows\SysWow64\apisetschema.dll
    2013-04-12 03:18:1343520----a-w-C:\Windows\System32\csrsrv.dll
    2013-04-12 03:18:13112640----a-w-C:\Windows\System32\smss.exe
    2013-04-12 03:18:10223752----a-w-C:\Windows\System32\drivers\fvevol.sys
    2013-04-12 03:18:073153408----a-w-C:\Windows\System32\win32k.sys
    2013-04-12 03:18:041655656----a-w-C:\Windows\System32\drivers\ntfs.sys
    2013-04-11 23:36:1856016----a-w-C:\Windows\System32\drivers\fsbts.sys
    2013-04-08 12:41:19--------d-----w-C:\ProgramData\HitmanPro
    2013-04-08 04:40:22--------d-----r-C:\Users\teledisaster\AppData\Roaming\Brother
    2013-04-01 01:29:25--------d-----w-C:\Users\teledisaster\AppData\Local\join.me
    2013-03-29 00:43:22--------d-----w-C:\Users\teledisaster\AppData\Local\Juniper Networks
    2013-03-29 00:43:14--------d-----w-C:\Users\teledisaster\AppData\Roaming\Juniper Networks
    2013-03-25 02:59:21--------d-----w-C:\MoviesTemp
    2013-03-25 02:55:43--------d-----w-C:\Program Files (x86)\Dell
    2013-03-25 02:55:23--------d-----w-C:\Windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA}
    2013-03-21 02:22:16--------d-----w-C:\Program Files (x86)\Citrix
    2013-03-19 00:10:50--------d-----w-C:\Users\teledisaster\AppData\Roaming\ControlCenter4
    2013-03-18 04:04:26--------d-----w-C:\ProgramData\Brother
    2013-03-18 03:37:07--------d-----w-C:\Users\teledisaster\AppData\Local\Mozilla
    2013-03-18 03:37:01--------d-----w-C:\Program Files (x86)\Mozilla Maintenance Service
    2013-03-17 19:55:06--------d-----w-C:\Users\teledisaster\AppData\Local\Adobe
    2013-03-17 19:54:25--------d-----w-C:\Photos
    2013-03-17 15:20:37--------d-----w-C:\Users\teledisaster\AppData\Roaming\TeraCopy
    2013-03-16 20:54:22--------d-----w-C:\ProgramData\Freemake
    2013-03-16 17:28:32--------d-----w-C:\ProgramData\iTunesUtilities
    2013-03-16 17:28:19--------d-----w-C:\Users\teledisaster\AppData\Local\iTunesUtilities
    2013-03-16 17:27:52--------d-----w-C:\ProgramData\IsolatedStorage
    2013-03-16 17:14:22--------d-----w-C:\Users\teledisaster\AppData\Roaming\TagScanner
    2013-03-16 17:05:00101376----a-w-C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
    2013-03-16 17:04:4583968----a-w-C:\Windows\System32\Spool\prtprocs\x64\CNBPP3.DLL
    2013-03-16 02:01:1317920----a-w-C:\Windows\SysWow64\rpcnetp.dll
    2013-03-16 02:00:3417920----a-w-C:\Windows\SysWow64\rpcnetp.exe
    2013-03-15 01:27:5619968----a-w-C:\Windows\System32\drivers\usb8023.sys
    2013-03-13 13:22:16--------d-----w-C:\Users\teledisaster\pnlinks
    2013-03-13 13:11:4544544----a-w-C:\Windows\SysWow64\agremove.exe
    2013-03-13 12:58:03--------d-----w-C:\Users\teledisaster\AppData\Roaming\ICAClient
    2013-03-04 02:02:40--------d-----w-C:\Users\teledisaster\AppData\Roaming\MediaMonkey
    2013-03-04 02:02:31--------d-----w-C:\ProgramData\MediaMonkey
    2013-03-04 01:52:24--------d-----w-C:\Users\teledisaster\AppData\Roaming\uTorrent
    2013-03-04 01:42:11--------d-----w-C:\Users\teledisaster\AppData\Roaming\Scooter Software
    2013-03-03 16:55:28--------d-----w-C:\Windows\PCHEALTH
    2013-03-03 16:53:33--------d-----w-C:\Program Files (x86)\Microsoft Visual Studio 8
    2013-03-03 16:52:52--------d-----w-C:\Users\teledisaster\AppData\Local\Microsoft Help
    2013-03-03 16:49:23--------d-----w-C:\Users\teledisaster\AppData\Local\CrashRpt
    2013-03-03 16:49:08--------d-----w-C:\Program Files (x86)\SIW 2011 Home Edition
    2013-03-03 16:48:42--------d-----w-C:\Users\teledisaster\AppData\Local\Programs
    2013-03-03 16:39:33--------d-----w-C:\Users\teledisaster\AppData\Roaming\Roxio Burn
    2013-03-03 02:06:58--------d-----r-C:\Dropbox
    2013-03-03 01:49:04--------d-----w-C:\Users\teledisaster\AppData\Roaming\Dropbox
    2013-03-03 01:38:22--------d-----w-C:\Users\teledisaster\AppData\Local\Apple Computer
    2013-03-03 01:38:1733240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
    2013-03-03 01:37:56--------d-----w-C:\Program Files\iPod
    2013-03-03 01:37:55--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-03-03 01:37:55--------d-----w-C:\Program Files\iTunes
    2013-03-03 01:37:21--------d-----w-C:\Program Files\Bonjour
    2013-03-03 01:37:21--------d-----w-C:\Program Files (x86)\Bonjour
    2013-03-02 18:52:4242672----a-w-C:\Windows\SysWow64\drivers\fsbts.sys
    2013-03-02 18:47:13--------d-----w-C:\Program Files (x86)\Charter Security Suite
    2013-03-02 18:45:48--------d-----w-C:\ProgramData\F-Secure
    2013-03-02 17:46:34--------d-----w-C:\Users\teledisaster\AppData\Local\Google
    2013-03-02 17:43:33--------d-----w-C:\Windows\System32\appmgmt
    2013-03-02 17:41:01--------d-----w-C:\SW
    2013-03-02 17:19:009728----a-w-C:\Windows\System32\Wdfres.dll
    2013-03-02 17:19:00785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
    2013-03-02 17:19:0054376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
    2013-03-02 17:19:002560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2013-03-02 17:16:312776576----a-w-C:\Windows\System32\msmpeg2vdec.dll
    2013-03-02 17:10:48216576----a-w-C:\Windows\System32\ncsi.dll
    2013-03-02 16:38:5046080----a-w-C:\Windows\System32\atmlib.dll
    2013-03-02 16:38:50367616----a-w-C:\Windows\System32\atmfd.dll
    2013-03-02 16:38:5034304----a-w-C:\Windows\SysWow64\atmlib.dll
    2013-03-02 16:38:50295424----a-w-C:\Windows\SysWow64\atmfd.dll
    2013-03-02 16:38:219162192----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CE762A3-1732-448E-8CCD-A8CBE758EEC3}\mpengine.dll
    2013-03-02 16:37:10750592----a-w-C:\Windows\System32\win32spl.dll
    2013-03-02 16:37:10492032----a-w-C:\Windows\SysWow64\win32spl.dll
    2013-03-02 16:35:3668608----a-w-C:\Windows\System32\taskhost.exe
    2013-02-14 19:47:1016384----a-w-C:\Windows\SysWow64\cshost.dll
    .
    ==================== Find6M ====================
    .
    2013-04-13 14:42:5017920----a-w-C:\Windows\System32\rpcnetp.exe
    2013-04-04 19:50:3225928----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-03-13 13:38:2073432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-13 13:38:20693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-02-21 10:30:161766912----a-w-C:\Windows\SysWow64\wininet.dll
    2013-02-21 10:29:392877440----a-w-C:\Windows\SysWow64\jscript9.dll
    2013-02-21 10:29:3761440----a-w-C:\Windows\SysWow64\iesetup.dll
    2013-02-21 10:29:37109056----a-w-C:\Windows\SysWow64\iesysprep.dll
    2013-02-21 10:15:072240512----a-w-C:\Windows\System32\wininet.dll
    2013-02-21 10:14:093958784----a-w-C:\Windows\System32\jscript9.dll
    2013-02-21 10:14:0567072----a-w-C:\Windows\System32\iesetup.dll
    2013-02-21 10:14:05136704----a-w-C:\Windows\System32\iesysprep.dll
    2013-02-19 12:01:032706432----a-w-C:\Windows\SysWow64\mshtml.tlb
    2013-02-19 11:42:142706432----a-w-C:\Windows\System32\mshtml.tlb
    2013-02-19 11:10:5371680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-02-19 10:51:1889600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
    2013-02-12 05:45:24135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31474112----a-w-C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:262176512----a-w-C:\Windows\apppatch\AcGenral.dll
    2013-01-17 06:28:58273840------w-C:\Windows\System32\MpSigStub.exe
    2013-01-13 21:17:039728---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17:022560---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16:4210752---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12:463584---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11:214096---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11:085632---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11:075632---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 21:11:073072---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11:073072---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:35:319728---ha-w-C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35:312560---ha-w-C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35:1810752---ha-w-C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32:073584---ha-w-C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31:484096---ha-w-C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31:415632---ha-w-C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31:405632---ha-w-C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31:403072---ha-w-C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31:403072---ha-w-C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31:001247744----a-w-C:\Windows\SysWow64\DWrite.dll
    2013-01-13 20:22:221988096----a-w-C:\Windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20:31293376----a-w-C:\Windows\SysWow64\dxgi.dll
    2013-01-13 20:09:00249856----a-w-C:\Windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08:43220160----a-w-C:\Windows\SysWow64\d3d10core.dll
    2013-01-13 20:08:351504768----a-w-C:\Windows\SysWow64\d3d11.dll
    2013-01-13 19:59:041643520----a-w-C:\Windows\System32\DWrite.dll
    2013-01-13 19:58:281175552----a-w-C:\Windows\System32\FntCache.dll
    2013-01-13 19:54:01604160----a-w-C:\Windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53:58207872----a-w-C:\Windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53:14187392----a-w-C:\Windows\SysWow64\UIAnimation.dll
    2013-01-13 19:51:302565120----a-w-C:\Windows\System32\d3d10warp.dll
    2013-01-13 19:49:17363008----a-w-C:\Windows\System32\dxgi.dll
    2013-01-13 19:48:47161792----a-w-C:\Windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46:251080832----a-w-C:\Windows\SysWow64\d3d10.dll
    2013-01-13 19:43:211230336----a-w-C:\Windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38:39333312----a-w-C:\Windows\System32\d3d10_1core.dll
    2013-01-13 19:38:321887232----a-w-C:\Windows\System32\d3d11.dll
    2013-01-13 19:38:21296960----a-w-C:\Windows\System32\d3d10core.dll
    2013-01-13 19:37:573419136----a-w-C:\Windows\SysWow64\d2d1.dll
    2013-01-13 19:25:04245248----a-w-C:\Windows\System32\WindowsCodecsExt.dll
    2013-01-13 19:24:33648192----a-w-C:\Windows\System32\d3d10level9.dll
    2013-01-13 19:24:30221184----a-w-C:\Windows\System32\UIAnimation.dll
    2013-01-13 19:20:42194560----a-w-C:\Windows\System32\d3d10_1.dll
    2013-01-13 19:20:041238528----a-w-C:\Windows\System32\d3d10.dll
    2013-01-13 19:15:401424384----a-w-C:\Windows\System32\WindowsCodecs.dll
    2013-01-13 19:10:363928064----a-w-C:\Windows\System32\d2d1.dll
    2013-01-13 19:02:06417792----a-w-C:\Windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34:58364544----a-w-C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32:43465920----a-w-C:\Windows\System32\WMPhoto.dll
    2013-01-13 18:09:52522752----a-w-C:\Windows\System32\XpsGdiConverter.dll
    2013-01-13 17:26:421158144----a-w-C:\Windows\SysWow64\XpsPrint.dll
    2013-01-13 17:05:091682432----a-w-C:\Windows\System32\XpsPrint.dll
    2013-01-04 06:11:212284544----a-w-C:\Windows\SysWow64\msmpeg2vdec.dll
    2013-01-04 05:46:09215040----a-w-C:\Windows\System32\winsrv.dll
    2013-01-04 04:51:165120----a-w-C:\Windows\SysWow64\wow32.dll
    2013-01-04 04:43:2144032----a-w-C:\Windows\apppatch\acwow64.dll
    2013-01-04 02:47:3525600----a-w-C:\Windows\SysWow64\setup16.exe
    2013-01-04 02:47:347680----a-w-C:\Windows\SysWow64\instnm.exe
    2013-01-04 02:47:342048----a-w-C:\Windows\SysWow64\user.exe
    2013-01-04 02:47:3314336----a-w-C:\Windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00:541913192----a-w-C:\Windows\System32\drivers\tcpip.sys
    2013-01-03 06:00:42288088----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-12-13 18:50:386112864----a-w-C:\Windows\System32\usbaaplrc.dll
    2012-12-13 18:50:3654784----a-w-C:\Windows\System32\drivers\usbaapl64.sys
    2012-12-07 13:20:16441856----a-w-C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:312746368----a-w-C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17308736----a-w-C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:432576384----a-w-C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:0430720----a-w-C:\Windows\System32\usk.rs
    2012-12-07 11:20:0343520----a-w-C:\Windows\System32\csrr.rs
    2012-12-07 11:20:0323552----a-w-C:\Windows\System32\oflc.rs
    2012-12-07 11:20:0145568----a-w-C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:0144544----a-w-C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:0120480----a-w-C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:0020480----a-w-C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:5920480----a-w-C:\Windows\System32\pegi.rs
    2012-12-07 11:19:5846592----a-w-C:\Windows\System32\fpb.rs
    2012-12-07 11:19:5740960----a-w-C:\Windows\System32\cob-au.rs
    .
    ============= FINISH: 13:04:17.24 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  3. Hi Hi

    Hi Hi TS Rookie Topic Starter Posts: 21

    Thank you very much for the reply. I ran the RougeKiller and MBAR and attached the logs. There are about 120+ instances of iexplorer.exe processes in my task manager as of 3 PM. I switched my computer on at 6 AM in the morning. Usually there will be no instances of iexplorer when I start my machine.Also, FYI - I blocked iexplorer.exe from accessing internet in Firewall settings as a precaution.
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please observe forum rules.
    All logs have to be pasted not attached.
     
  5. Hi Hi

    Hi Hi TS Rookie Topic Starter Posts: 21

    Sorry about that.

    ---------------------------------------
    RougeKiller log1
    ---------------------------------------
    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : user [Admin rights]
    Mode : Scan -- Date : 04/14/2013 14:56:09
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] JuniperSetupClient.exe -- C:\Users\teledisaster\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9500325AS +++++
    --- User ---
    [MBR] 3b7b8d95623b0025fb397752223023a7
    [BSP] af0c22724a5cf9658463caa31e899455 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 356 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 731136 | Size: 476582 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SanDisk SDDR-113 USB Device +++++
    --- User ---
    [MBR] 76096c62a8b7700a7420d4086433fec3
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32768 | Size: 60890 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_04142013_02d1456.txt >>
    RKreport[1]_S_04142013_02d1456.txt

    ---------------------------------------
    RougeKIller - log 2
    ---------------------------------------

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : user [Admin rights]
    Mode : Remove -- Date : 04/14/2013 14:57:33
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] JuniperSetupClient.exe -- C:\Users\teledisaster\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9500325AS +++++
    --- User ---
    [MBR] 3b7b8d95623b0025fb397752223023a7
    [BSP] af0c22724a5cf9658463caa31e899455 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 356 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 731136 | Size: 476582 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SanDisk SDDR-113 USB Device +++++
    --- User ---
    [MBR] 76096c62a8b7700a7420d4086433fec3
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32768 | Size: 60890 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2]_D_04142013_02d1457.txt >>
    RKreport[1]_S_04142013_02d1456.txt ; RKreport[2]_D_04142013_02d1457.txt

    ---------------------------------------
    mbar-log
    ---------------------------------------

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org

    Database version: v2013.04.14.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16540
    user :: GUDDU [administrator]

    4/14/2013 3:09:01 PM
    mbar-log-2013-04-14 (15-09-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 29912
    Time elapsed: 8 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ---------------------------------------
    System-log.txt
    ---------------------------------------

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16540

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.059000 GHz
    Memory total: 4282298368, free: 2554474496

    ------------ Kernel report ------------
    04/14/2013 15:00:20
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\DRIVERS\pcmcia.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iaStorV.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\system32\DRIVERS\sbp2port.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\Drivers\fsbts.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \??\C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
    \??\C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys
    \SystemRoot\System32\Drivers\ElbyCDIO.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\system32\DRIVERS\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\e1y60x64.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\bcmwl664.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\DRIVERS\rimmpx64.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\System32\Drivers\AnyDVD.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\system32\DRIVERS\portcls.sys
    \SystemRoot\system32\DRIVERS\drmk.sys
    \SystemRoot\system32\DRIVERS\VSTAZL6.SYS
    \SystemRoot\system32\DRIVERS\VSTDPV6.SYS
    \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStorV.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\OA001Vid.sys
    \SystemRoot\system32\DRIVERS\OA001Ufd.sys
    \SystemRoot\System32\Drivers\cvusbdrv.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WinUSB.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\System32\DRIVERS\scfilter.sys
    \??\C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys
    \SystemRoot\system32\DRIVERS\acpials.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\System32\Drivers\exfat.SYS
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\SysWOW64\ntdll.dll
    \Windows\System32\wow64.dll
    \Windows\System32\wow64win.dll
    \Windows\System32\wow64cpu.dll
    \Windows\System32\kernel32.dll
    \Windows\SysWOW64\kernel32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\user32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\lpk.dll
    \Windows\System32\ole32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\user32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\wininet.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\psapi.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa80038da530
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000090\
    Lower Device Object: 0xfffffa800cb586d0
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    Initialization returned 0x0
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80042a9060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8004115050
    Lower Device Driver Name: \Driver\iaStorV\
    Driver name found: iaStorV
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.04.14.05
    Downloaded database version: v2013.03.25.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa80042a9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80042a9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80042a9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004115050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStorV\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a002e39f20, 0xfffffa80042a9060, 0xfffffa800b75f590
    Lower DeviceData: 0xfffff8a005d5ec40, 0xfffffa8004115050, 0xfffffa800d1a6e40
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: F3794D2A

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 729088
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 731136 Numsec = 976039984

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa80038da530, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800af4a040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80038da530, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800cb586d0, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00f061420, 0xfffffa80038da530, 0xfffffa800a17d630
    Lower DeviceData: 0xfffff8a00db04c20, 0xfffffa800cb586d0, 0xfffffa8003834830
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 0

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 32768 Numsec = 124702720

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 63864569856 bytes
    Sector size: 512 bytes

    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  7. Hi Hi

    Hi Hi TS Rookie Topic Starter Posts: 21

    ComboFix Log. Since the ComboFix program ran successfully, I did not run RKill. Please let me know if you want me to run that program as well.
    --------------------------------

    ComboFix 13-04-14.01 - user 04/14/2013 21:54:38.1.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4084.2876 [GMT -5:00]
    Running from: c:\users\teledisaster\Desktop\ComboFix.exe
    AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\3002.abs
    c:\programdata\3002.xml
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-03-15 to 2013-04-15 )))))))))))))))))))))))))))))))
    .
    .
    2013-04-15 02:58 . 2013-04-15 02:58--------d-----w-c:\users\Default\AppData\Local\temp
    2013-04-14 22:03 . 2013-04-14 22:03--------d-----w-c:\users\Default\AppData\Local\Microsoft Help
    2013-04-14 05:16 . 2013-04-14 05:16--------d-----w-c:\users\teledisaster\AppData\Local\ElevatedDiagnostics
    2013-04-13 00:22 . 2013-04-13 00:22861088----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2013-04-13 00:22 . 2013-04-13 00:22782240----a-w-c:\windows\SysWow64\deployJava1.dll
    2013-04-13 00:20 . 2013-04-13 00:20--------d-----w-c:\programdata\McAfee
    2013-04-12 03:18 . 2013-02-21 10:1419230208----a-w-c:\windows\system32\mshtml.dll
    2013-04-12 03:18 . 2013-03-19 06:045550424----a-w-c:\windows\system32\ntoskrnl.exe
    2013-04-12 03:18 . 2013-03-19 05:043913560----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2013-04-12 03:18 . 2013-03-19 05:043968856----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2013-04-12 03:18 . 2013-03-19 05:4643520----a-w-c:\windows\system32\csrsrv.dll
    2013-04-12 03:18 . 2013-03-19 04:476656----a-w-c:\windows\SysWow64\apisetschema.dll
    2013-04-12 03:18 . 2013-03-19 03:06112640----a-w-c:\windows\system32\smss.exe
    2013-04-12 03:18 . 2013-01-24 06:01223752----a-w-c:\windows\system32\drivers\fvevol.sys
    2013-04-12 03:18 . 2013-03-01 03:363153408----a-w-c:\windows\system32\win32k.sys
    2013-04-12 03:18 . 2013-03-02 06:041655656----a-w-c:\windows\system32\drivers\ntfs.sys
    2013-04-11 23:36 . 2013-04-11 23:3656016----a-w-c:\windows\system32\drivers\fsbts.sys
    2013-04-08 12:41 . 2013-04-08 12:45--------d-----w-c:\programdata\HitmanPro
    2013-04-08 04:40 . 2013-04-08 04:40--------d-----r-c:\users\teledisaster\AppData\Roaming\Brother
    2013-04-01 01:29 . 2013-04-01 01:29--------d-----w-c:\users\teledisaster\AppData\Local\join.me
    2013-03-29 00:43 . 2013-03-29 00:43--------d-----w-c:\users\teledisaster\AppData\Local\Juniper Networks
    2013-03-29 00:43 . 2013-04-09 12:39--------d-----w-c:\users\teledisaster\AppData\Roaming\Juniper Networks
    2013-03-25 02:59 . 2013-03-25 03:02--------d-----w-C:\MoviesTemp
    2013-03-25 02:55 . 2013-03-25 02:55--------d-----w-c:\program files (x86)\Dell
    2013-03-25 02:55 . 2013-03-25 02:55--------d-----w-c:\windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA}
    2013-03-25 02:51 . 2013-03-25 02:51--------d-----w-c:\programdata\SlySoft
    2013-03-21 02:22 . 2013-03-21 02:22--------d-----w-c:\program files (x86)\Citrix
    2013-03-19 00:10 . 2013-03-19 00:11--------d-----w-c:\users\teledisaster\AppData\Roaming\ControlCenter4
    2013-03-18 04:04 . 2013-03-18 04:21--------d-----w-c:\programdata\Brother
    2013-03-18 04:04 . 2013-03-18 04:04--------d-----w-c:\users\teledisaster\AppData\Roaming\InstallShield
    2013-03-18 03:37 . 2013-03-18 03:37--------d-----w-c:\users\teledisaster\AppData\Local\Mozilla
    2013-03-18 03:37 . 2013-04-13 14:42--------d-----w-c:\program files (x86)\Mozilla Maintenance Service
    2013-03-17 19:55 . 2013-03-18 03:22--------d-----w-c:\users\teledisaster\AppData\Local\Adobe
    2013-03-17 19:54 . 2013-03-17 19:54--------d-----w-C:\Photos
    2013-03-17 19:52 . 2013-03-17 19:52--------d-----w-c:\program files\Common Files\Adobe
    2013-03-17 15:20 . 2013-03-17 15:54--------d-----w-c:\users\teledisaster\AppData\Roaming\TeraCopy
    2013-03-16 22:02 . 2013-03-16 22:02--------d-----w-c:\users\teledisaster\AppData\Roaming\GRETECH
    2013-03-16 20:54 . 2013-03-16 20:54--------d-----w-c:\programdata\Freemake
    2013-03-16 17:28 . 2013-03-16 17:28--------d-----w-c:\programdata\iTunesUtilities
    2013-03-16 17:28 . 2013-03-16 17:28--------d-----w-c:\users\teledisaster\AppData\Local\iTunesUtilities
    2013-03-16 17:27 . 2013-03-16 17:27--------d-----w-c:\programdata\IsolatedStorage
    2013-03-16 17:14 . 2013-03-16 17:14--------d-----w-c:\users\teledisaster\AppData\Roaming\TagScanner
    2013-03-16 17:05 . 2009-07-14 01:41101376----a-w-c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
    2013-03-16 17:04 . 2013-03-16 17:04--------d--h--w-c:\programdata\CanonBJ
    2013-03-16 17:04 . 2009-07-14 01:4083968----a-w-c:\windows\system32\Spool\prtprocs\x64\CNBPP3.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-15 02:14 . 2013-03-16 02:0117920----a-w-c:\windows\SysWow64\rpcnetp.dll
    2013-04-15 02:13 . 2013-03-16 02:0017920----a-w-c:\windows\SysWow64\rpcnetp.exe
    2013-04-15 02:13 . 2012-10-19 18:5117920----a-w-c:\windows\system32\rpcnetp.exe
    2013-04-12 03:19 . 2012-10-19 15:1872702784----a-w-c:\windows\system32\MRT.exe
    2013-04-04 19:50 . 2012-10-19 18:4425928----a-w-c:\windows\system32\drivers\mbam.sys
    2013-03-15 01:31 . 2013-03-15 01:3197280----a-w-c:\windows\system32\mshtmled.dll
    2013-03-15 01:31 . 2013-03-15 01:3192160----a-w-c:\windows\system32\SetIEInstalledDate.exe
    2013-03-15 01:31 . 2013-03-15 01:31905728----a-w-c:\windows\system32\mshtmlmedia.dll
    2013-03-15 01:31 . 2013-03-15 01:3181408----a-w-c:\windows\system32\icardie.dll
    2013-03-15 01:31 . 2013-03-15 01:3177312----a-w-c:\windows\system32\tdc.ocx
    2013-03-15 01:31 . 2013-03-15 01:31762368----a-w-c:\windows\system32\ieapfltr.dll
    2013-03-15 01:31 . 2013-03-15 01:3173728----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-03-15 01:31 . 2013-03-15 01:31719360----a-w-c:\windows\SysWow64\mshtmlmedia.dll
    2013-03-15 01:31 . 2013-03-15 01:3162976----a-w-c:\windows\system32\pngfilt.dll
    2013-03-15 01:31 . 2013-03-15 01:3161952----a-w-c:\windows\SysWow64\tdc.ocx
    2013-03-15 01:31 . 2013-03-15 01:31599552----a-w-c:\windows\system32\vbscript.dll
    2013-03-15 01:31 . 2013-03-15 01:31523264----a-w-c:\windows\SysWow64\vbscript.dll
    2013-03-15 01:31 . 2013-03-15 01:3152224----a-w-c:\windows\system32\msfeedsbs.dll
    2013-03-15 01:31 . 2013-03-15 01:3151200----a-w-c:\windows\system32\imgutil.dll
    2013-03-15 01:31 . 2013-03-15 01:3148640----a-w-c:\windows\SysWow64\mshtmler.dll
    2013-03-15 01:31 . 2013-03-15 01:3148640----a-w-c:\windows\system32\mshtmler.dll
    2013-03-15 01:31 . 2013-03-15 01:31452096----a-w-c:\windows\system32\dxtmsft.dll
    2013-03-15 01:31 . 2013-03-15 01:31441856----a-w-c:\windows\system32\html.iec
    2013-03-15 01:31 . 2013-03-15 01:3138400----a-w-c:\windows\SysWow64\imgutil.dll
    2013-03-15 01:31 . 2013-03-15 01:31361984----a-w-c:\windows\SysWow64\html.iec
    2013-03-15 01:31 . 2013-03-15 01:31281600----a-w-c:\windows\system32\dxtrans.dll
    2013-03-15 01:31 . 2013-03-15 01:3127648----a-w-c:\windows\system32\licmgr10.dll
    2013-03-15 01:31 . 2013-03-15 01:31270848----a-w-c:\windows\system32\iedkcs32.dll
    2013-03-15 01:31 . 2013-03-15 01:31247296----a-w-c:\windows\system32\webcheck.dll
    2013-03-15 01:31 . 2013-03-15 01:31235008----a-w-c:\windows\system32\url.dll
    2013-03-15 01:31 . 2013-03-15 01:3123040----a-w-c:\windows\SysWow64\licmgr10.dll
    2013-03-15 01:31 . 2013-03-15 01:31226304----a-w-c:\windows\system32\elshyph.dll
    2013-03-15 01:31 . 2013-03-15 01:31216064----a-w-c:\windows\system32\msls31.dll
    2013-03-15 01:31 . 2013-03-15 01:31197120----a-w-c:\windows\system32\msrating.dll
    2013-03-15 01:31 . 2013-03-15 01:31185344----a-w-c:\windows\SysWow64\elshyph.dll
    2013-03-15 01:31 . 2013-03-15 01:31173568----a-w-c:\windows\system32\ieUnatt.exe
    2013-03-15 01:31 . 2013-03-15 01:31167424----a-w-c:\windows\system32\iexpress.exe
    2013-03-15 01:31 . 2013-03-15 01:31158720----a-w-c:\windows\SysWow64\msls31.dll
    2013-03-15 01:31 . 2013-03-15 01:311509376----a-w-c:\windows\system32\inetcpl.cpl
    2013-03-15 01:31 . 2013-03-15 01:31150528----a-w-c:\windows\SysWow64\iexpress.exe
    2013-03-15 01:31 . 2013-03-15 01:31149504----a-w-c:\windows\system32\occache.dll
    2013-03-15 01:31 . 2013-03-15 01:31144896----a-w-c:\windows\system32\wextract.exe
    2013-03-15 01:31 . 2013-03-15 01:311441280----a-w-c:\windows\SysWow64\inetcpl.cpl
    2013-03-15 01:31 . 2013-03-15 01:311400416----a-w-c:\windows\system32\ieapfltr.dat
    2013-03-15 01:31 . 2013-03-15 01:31138752----a-w-c:\windows\SysWow64\wextract.exe
    2013-03-15 01:31 . 2013-03-15 01:3113824----a-w-c:\windows\system32\mshta.exe
    2013-03-15 01:31 . 2013-03-15 01:31137216----a-w-c:\windows\SysWow64\ieUnatt.exe
    2013-03-15 01:31 . 2013-03-15 01:31136192----a-w-c:\windows\system32\iepeers.dll
    2013-03-15 01:31 . 2013-03-15 01:31135680----a-w-c:\windows\system32\IEAdvpack.dll
    2013-03-15 01:31 . 2013-03-15 01:3112800----a-w-c:\windows\SysWow64\mshta.exe
    2013-03-15 01:31 . 2013-03-15 01:3112800----a-w-c:\windows\system32\msfeedssync.exe
    2013-03-15 01:31 . 2013-03-15 01:31110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
    2013-03-15 01:31 . 2013-03-15 01:311054720----a-w-c:\windows\system32\MsSpellCheckingFacility.exe
    2013-03-15 01:31 . 2013-03-15 01:31102912----a-w-c:\windows\system32\inseng.dll
    2013-03-15 01:24 . 2013-03-13 13:1144544----a-w-c:\windows\SysWow64\agremove.exe
    2013-03-13 13:38 . 2012-10-19 18:4273432----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-13 13:38 . 2012-10-19 18:42693976----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2013-03-02 18:52 . 2013-03-02 18:5242672----a-w-c:\windows\SysWow64\drivers\fsbts.sys
    2013-02-19 08:57 . 2013-03-02 16:389162192----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CE762A3-1732-448E-8CCD-A8CBE758EEC3}\mpengine.dll
    2013-02-12 05:45 . 2013-03-15 01:28135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45 . 2013-03-15 01:28308736----a-w-c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45 . 2013-03-15 01:28350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45 . 2013-03-15 01:28111104----a-w-c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48 . 2013-03-15 01:28474112----a-w-c:\windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48 . 2013-03-15 01:282176512----a-w-c:\windows\apppatch\AcGenral.dll
    2013-02-12 04:12 . 2013-03-15 01:2719968----a-w-c:\windows\system32\drivers\usb8023.sys
    2013-01-17 06:28 . 2010-11-21 03:27273840------w-c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\teledisaster\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\teledisaster\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\teledisaster\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\teledisaster\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerBlock"="c:\sw\Util\PeerBlock\peerblock.exe" [2010-11-07 2646128]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "F-Secure Hoster (42626)"="c:\program files (x86)\Charter Security Suite\fshoster32.exe" [2012-11-26 183864]
    "F-Secure Manager"="c:\program files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE" [2012-10-18 310992]
    "iTunesHelper"="c:\sw\Media\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    .
    c:\users\teledisaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\teledisaster\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R0 rpcnetp;rpcnetp;rpcnetp [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-03-14 101888]
    R2 MBAMScheduler;MBAMScheduler;c:\sw\Util\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
    R2 MBAMService;MBAMService;c:\sw\Util\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2012-06-05 266240]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2013-04-11 56016]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2013-03-02 62744]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2012-10-18 14032]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [2010-04-05 89600]
    S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2012-04-26 1043872]
    S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2012-04-26 36768]
    S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\Charter Security Suite\fshoster32.exe [2012-11-26 183864]
    S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [2012-08-06 61176]
    S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-08 6810728]
    S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
    S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2012-04-26 45672]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2013-03-02 200760]
    S3 fsni;fsni;c:\program files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys [2013-01-30 71680]
    S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-06-03 168864]
    S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-09-18 315840]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-04-10 08:511642448----a-w-c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 13:38]
    .
    2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02 17:46]
    .
    2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02 17:46]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\teledisaster\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\teledisaster\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\teledisaster\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\teledisaster\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2010-05-06 1712744]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-12 16416360]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-05-12 95336]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-04-05 487424]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 592240]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.dell.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\sw\Util\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: dell.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\
    FF - ExtSQL: 2013-03-17 23:00; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    FF - ExtSQL: 2013-03-17 23:01; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2013-03-17 23:02; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster]
    "ImagePath"="\"c:\program files (x86)\Charter Security Suite\fshoster32.exe\" -hosterid:0"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected]
    @Denied: ) (Everyone)
    "AgentIdentifier"="405d444e-aa41-4379-b041-b4da26837f45"
    "AuthorizationCode"=""
    "42626_AgentIdentifier"="405d444e-aa41-4379-b041-b4da26837f45"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-04-14 22:00:00
    ComboFix-quarantined-files.txt 2013-04-15 03:00
    .
    Pre-Run: 462,301,208,576 bytes free
    Post-Run: 462,151,614,464 bytes free
    .
    - - End Of File - - F0C7BED7228F6B968C8901903738B273
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good.

    How is computer doing?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. Hi Hi

    Hi Hi TS Rookie Topic Starter Posts: 21

    I really appreciate all the help and time that you are sparing for me. Thanks!

    The longer I leave the computer ON, the higher the iexplore.exe process gets spawned in Task Manager and slows down the system gradually. If I restart the computer, the system behaves normally at normal speed, till the iexpore process keeps piling up.

    --------------------------------
    AdwCleaner[S1].txt
    --------------------------------

    # AdwCleaner v2.200 - Logfile created 04/14/2013 at 22:48:44
    # Updated 02/04/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : user - GUDDU
    # Boot Mode : Normal
    # Running from : C:\Users\teledisaster\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16537

    [OK] Registry is clean.

    -\\ Mozilla Firefox v20.0.1 (en-US)

    -\\ Google Chrome v26.0.1410.64

    *************************

    AdwCleaner[R1].txt - [722 octets] - [14/04/2013 22:48:24]
    AdwCleaner[S1].txt - [654 octets] - [14/04/2013 22:48:44]

    ########## EOF - C:\AdwCleaner[S1].txt - [713 octets] ##########

    --------------------------------
    JRT.txt
    --------------------------------
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.8.3 (04.05.2013:1)
    OS: Windows 7 Professional x64
    Ran by user on Sun 04/14/2013 at 22:53:41.33
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 04/14/2013 at 22:59:14.95
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. Hi Hi

    Hi Hi TS Rookie Topic Starter Posts: 21

    --------------------------------
    OTL.txt
    --------------------------------

    OTL logfile created on: 4/14/2013 11:01:00 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\teledisaster\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.99 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 68.59% Memory free
    7.97 Gb Paging File | 6.57 Gb Available in Paging File | 82.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.41 Gb Total Space | 430.45 Gb Free Space | 92.49% Space Free | Partition Type: NTFS

    Computer Name: GUDDU | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/04/14 22:49:57 | 000,017,920 | ---- | M] () -- C:\Windows\SysWOW64\rpcnetp.exe
    PRC - [2013/04/14 22:46:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\teledisaster\Desktop\OTL.exe
    PRC - [2013/03/14 16:07:50 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    PRC - [2013/03/12 02:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\teledisaster\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2013/03/02 13:55:33 | 001,019,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
    PRC - [2013/03/02 13:55:33 | 000,622,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
    PRC - [2013/02/26 07:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) -- C:\SW\Util\TeamViewer8\TeamViewer_Service.exe
    PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/11/26 13:49:10 | 000,183,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
    PRC - [2012/10/18 11:44:00 | 000,208,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
    PRC - [2012/10/18 11:44:00 | 000,077,520 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSLAUNCH.EXE
    PRC - [2012/08/06 14:53:14 | 000,061,176 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/03/02 13:47:20 | 000,593,464 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
    MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/04/25 21:05:30 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
    SRV:64bit: - [2012/04/25 21:05:30 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
    SRV:64bit: - [2010/04/05 07:56:02 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/04/05 07:54:56 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2009/12/08 06:14:26 | 006,810,728 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/04/12 20:16:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\SW\Util\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\SW\Util\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/03/14 16:07:50 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
    SRV - [2013/03/13 08:38:21 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/26 07:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\SW\Util\TeamViewer8\TeamViewer_Service.exe -- (TeamViewer8)
    SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/11/26 13:49:10 | 000,183,864 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Charter Security Suite\fshoster32.exe -- (fshoster)
    SRV - [2012/10/18 11:44:00 | 000,208,592 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
    SRV - [2012/08/06 14:53:14 | 000,061,176 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
    SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2010/11/25 04:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 04:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/04/05 07:56:02 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe -- (STacSV)
    SRV - [2010/04/05 07:54:56 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe -- (AESTFilters)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/04/11 18:36:18 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/04/25 21:05:30 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/12/04 16:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/05 19:47:12 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/04/05 07:56:08 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/13 19:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
    DRV:64bit: - [2009/06/25 16:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
    DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/09/18 17:03:00 | 000,315,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Vid.sys -- (OA001Vid)
    DRV:64bit: - [2008/06/03 09:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Ufd.sys -- (OA001Ufd)
    DRV - [2013/03/02 13:55:44 | 000,200,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
    DRV - [2013/03/02 13:55:33 | 000,062,744 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
    DRV - [2013/03/02 13:52:42 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
    DRV - [2013/01/30 13:07:50 | 000,071,680 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys -- (fsni)
    DRV - [2012/10/18 11:43:44 | 000,014,032 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
    DRV - [2011/12/04 16:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2445504815-1892541520-3877237937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    IE - HKU\S-1-5-21-2445504815-1892541520-3877237937-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2445504815-1892541520-3877237937-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-2445504815-1892541520-3877237937-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2445504815-1892541520-3877237937-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
    FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\SW\Media\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 20:16:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/12 20:15:51 | 000,000,000 | ---D | M]

    [2013/03/17 22:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\teledisaster\AppData\Roaming\mozilla\Extensions
    [2013/04/12 19:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\teledisaster\AppData\Roaming\mozilla\Firefox\Profiles\e5ix491w.default\extensions
    [2013/03/17 23:02:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\teledisaster\AppData\Roaming\mozilla\Firefox\Profiles\e5ix491w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2013/04/12 19:47:29 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\teledisaster\AppData\Roaming\mozilla\firefox\profiles\e5ix491w.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2013/03/17 23:01:35 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\teledisaster\AppData\Roaming\mozilla\firefox\profiles\e5ix491w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/04/12 20:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/04/12 20:16:03 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2008/02/07 21:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
    [2008/02/07 21:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
    [2008/02/07 21:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
    [2007/03/16 17:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll
    [2007/03/16 17:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll
    [2007/03/16 17:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll
    [2008/02/07 21:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
    [2008/02/07 21:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
    [2013/03/07 09:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/03/07 09:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.dell.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    CHR - Extension: Google Docs = C:\Users\teledisaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\teledisaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\teledisaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Adblock Plus = C:\Users\teledisaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
    CHR - Extension: Google Search = C:\Users\teledisaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Gmail = C:\Users\teledisaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/04/14 21:58:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [F-Secure Hoster (42626)] C:\Program Files (x86)\Charter Security Suite\fshoster32.exe (F-Secure Corporation)
    O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
    O4 - HKU\S-1-5-21-2445504815-1892541520-3877237937-1000..\Run: [PeerBlock] C:\SW\Util\PeerBlock\peerblock.exe (PeerBlock, LLC)
    O4 - Startup: C:\Users\teledisaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\teledisaster\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2445504815-1892541520-3877237937-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2445504815-1892541520-3877237937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\SW\Util\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\SW\Util\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\SW\Util\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\SW\Util\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\SW\Util\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2445504815-1892541520-3877237937-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
    O16:64bit: - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab (JuniperSetupClientControl64 Class)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remote.amfam.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{277DC51F-E1E5-431F-86C0-A81925BDB55C}: DhcpNameServer = 172.16.30.10 172.16.30.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99A95A43-F5B6-4241-8946-D03D2286A799}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/04/14 22:53:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/04/14 22:53:25 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/04/14 22:50:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/04/14 22:46:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\teledisaster\Desktop\OTL.exe
    [2013/04/14 22:46:19 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\teledisaster\Desktop\JRT.exe
    [2013/04/14 22:00:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/04/14 21:53:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/04/14 21:53:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/04/14 21:53:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/04/14 21:53:40 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/04/14 21:53:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/04/14 21:19:49 | 005,052,676 | R--- | C] (Swearware) -- C:\Users\teledisaster\Desktop\ComboFix.exe
    [2013/04/14 14:54:33 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\Desktop\RK_Quarantine
    [2013/04/14 00:16:43 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Local\ElevatedDiagnostics
    [2013/04/13 19:02:44 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\teledisaster\Desktop\dds.com
    [2013/04/12 20:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/04/12 19:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2013/04/12 19:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2013/04/09 07:39:07 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
    [2013/04/08 07:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2013/04/07 23:40:22 | 000,000,000 | R--D | C] -- C:\Users\teledisaster\AppData\Roaming\Brother
    [2013/03/31 20:29:25 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Local\join.me
    [2013/03/28 19:43:22 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Local\Juniper Networks
    [2013/03/28 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Roaming\Juniper Networks
    [2013/03/24 21:59:21 | 000,000,000 | ---D | C] -- C:\MoviesTemp
    [2013/03/24 21:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    [2013/03/24 21:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
    [2013/03/24 21:55:23 | 000,000,000 | ---D | C] -- C:\Windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA}
    [2013/03/24 21:52:30 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\Documents\AnyDVDHD
    [2013/03/24 21:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
    [2013/03/24 21:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
    [2013/03/24 21:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
    [2013/03/20 21:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
    [2013/03/20 21:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
    [2013/03/18 19:10:50 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Roaming\ControlCenter4
    [2013/03/18 19:10:37 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
    [2013/03/17 23:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
    [2013/03/17 23:20:28 | 000,000,000 | ---D | C] -- C:\Brother
    [2013/03/17 23:20:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
    [2013/03/17 23:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4
    [2013/03/17 23:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browny02
    [2013/03/17 23:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ControlCenter4
    [2013/03/17 23:20:13 | 000,290,304 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5c.dll
    [2013/03/17 23:20:12 | 000,316,928 | ---- | C] (brother) -- C:\Windows\SysNative\NSSRH64.dll
    [2013/03/17 23:20:12 | 000,084,480 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll
    [2013/03/17 23:20:12 | 000,058,880 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\SysNative\BrWiaNCp.dll
    [2013/03/17 23:20:12 | 000,051,712 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\SysNative\Brnsplg.dll
    [2013/03/17 23:20:11 | 001,439,744 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWi209d.dll
    [2013/03/17 23:20:11 | 000,278,528 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrJDec.dll
    [2013/03/17 23:20:08 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BROSNMP.DLL
    [2013/03/17 23:20:08 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\SysWow64\BRRBTOOL.EXE
    [2013/03/17 23:20:08 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BRLMW03A.DLL
    [2013/03/17 23:20:08 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysWow64\BRLM03A.DLL
    [2013/03/17 23:20:06 | 000,245,760 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
    [2013/03/17 23:20:06 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
    [2013/03/17 23:20:06 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
    [2013/03/17 23:20:06 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
    [2013/03/17 23:20:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
    [2013/03/17 23:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
    [2013/03/17 23:04:21 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Roaming\InstallShield
    [2013/03/17 22:37:07 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Roaming\Mozilla
    [2013/03/17 22:37:07 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Local\Mozilla
    [2013/03/17 22:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2013/03/17 22:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2013/03/17 22:21:30 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\Documents\Adobe
    [2013/03/17 14:55:06 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Local\Adobe
    [2013/03/17 14:54:25 | 000,000,000 | ---D | C] -- C:\Photos
    [2013/03/17 14:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2013/03/17 10:20:37 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Roaming\TeraCopy
    [2013/03/17 10:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
    [2013/03/16 17:02:22 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Roaming\GRETECH
    [2013/03/16 17:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
    [2013/03/16 15:54:24 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\Documents\Freemake
    [2013/03/16 15:54:23 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
    [2013/03/16 15:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
    [2013/03/16 15:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
    [2013/03/16 12:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\iTunesUtilities
    [2013/03/16 12:28:19 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Local\iTunesUtilities
    [2013/03/16 12:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
    [2013/03/16 12:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes Library Toolkit
    [2013/03/16 12:14:22 | 000,000,000 | ---D | C] -- C:\Users\teledisaster\AppData\Roaming\TagScanner
    [2013/03/16 12:04:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

    ========== Files - Modified Within 30 Days ==========

    [2013/04/14 22:57:35 | 000,031,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/04/14 22:57:35 | 000,031,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/04/14 22:51:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/04/14 22:50:22 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2013/04/14 22:50:12 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/04/14 22:50:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/04/14 22:50:01 | 3211,722,752 | -HS- | M] () -- C:\hiberfil.sys
    [2013/04/14 22:49:57 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2013/04/14 22:49:57 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
    [2013/04/14 22:46:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\teledisaster\Desktop\OTL.exe
    [2013/04/14 22:46:20 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\teledisaster\Desktop\JRT.exe
    [2013/04/14 22:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/04/14 21:58:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/04/14 21:19:51 | 005,052,676 | R--- | M] (Swearware) -- C:\Users\teledisaster\Desktop\ComboFix.exe
    [2013/04/14 21:13:52 | 000,465,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/04/14 14:49:21 | 000,816,128 | ---- | M] () -- C:\Users\teledisaster\Desktop\RogueKiller.exe
    [2013/04/14 13:47:23 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/04/14 13:47:23 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/04/14 13:47:23 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/04/14 13:44:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2013/04/13 19:02:45 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\teledisaster\Desktop\dds.com
    [2013/04/13 10:05:27 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/04/11 18:36:18 | 000,056,016 | ---- | M] () -- C:\Windows\SysNative\drivers\fsbts.sys
    [2013/04/10 03:52:08 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/04/07 22:51:40 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/03/31 20:29:26 | 000,001,098 | ---- | M] () -- C:\Users\teledisaster\Desktop\join.me.lnk
    [2013/03/30 12:41:59 | 000,001,053 | ---- | M] () -- C:\Users\teledisaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/03/30 12:41:46 | 000,001,035 | ---- | M] () -- C:\Users\teledisaster\Desktop\Dropbox.lnk
    [2013/03/24 22:00:24 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2013/03/24 21:51:27 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
    [2013/03/24 21:48:53 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
    [2013/03/20 21:22:18 | 000,002,741 | ---- | M] () -- C:\Users\Public\Desktop\Citrix Program Neighborhood.lnk2
    [2013/03/20 20:38:55 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2013/03/18 19:27:34 | 000,002,015 | ---- | M] () -- C:\Users\teledisaster\Desktop\ControlCenter4.lnk
    [2013/03/17 23:21:39 | 000,000,234 | ---- | M] () -- C:\Windows\Brpfx04a.ini
    [2013/03/17 23:21:39 | 000,000,064 | ---- | M] () -- C:\Windows\brpcfx.ini
    [2013/03/17 23:20:28 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
    [2013/03/17 23:08:27 | 000,000,055 | ---- | M] () -- C:\Windows\SysWow64\BRDM7860DW.DAT
    [2013/03/17 22:37:03 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/03/17 14:52:38 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
    [2013/03/16 17:02:23 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
    [2013/03/16 13:05:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

    ========== Files Created - No Company Name ==========

    [2013/04/14 21:53:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/04/14 21:53:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/04/14 21:53:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/04/14 21:53:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/04/14 21:53:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/04/14 14:49:20 | 000,816,128 | ---- | C] () -- C:\Users\teledisaster\Desktop\RogueKiller.exe
    [2013/04/14 13:44:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2013/04/11 18:36:18 | 000,056,016 | ---- | C] () -- C:\Windows\SysNative\drivers\fsbts.sys
    [2013/03/31 20:29:26 | 000,001,098 | ---- | C] () -- C:\Users\teledisaster\Desktop\join.me.lnk
    [2013/03/31 20:29:26 | 000,001,098 | ---- | C] () -- C:\Users\teledisaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
    [2013/03/24 21:51:32 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2013/03/24 21:51:27 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
    [2013/03/24 21:48:53 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk
    [2013/03/20 21:22:18 | 000,002,741 | ---- | C] () -- C:\Users\Public\Desktop\Citrix Program Neighborhood.lnk2
    [2013/03/19 20:46:18 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2013/03/18 19:27:34 | 000,002,015 | ---- | C] () -- C:\Users\teledisaster\Desktop\ControlCenter4.lnk
    [2013/03/17 23:21:39 | 000,000,234 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2013/03/17 23:21:39 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2013/03/17 23:20:14 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
    [2013/03/17 23:20:13 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
    [2013/03/17 23:20:12 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\BrSNMP64.dll
    [2013/03/17 23:20:09 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
    [2013/03/17 23:20:08 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
    [2013/03/17 23:20:07 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\BRADM10A.DAT
    [2013/03/17 23:08:27 | 000,000,055 | ---- | C] () -- C:\Windows\SysWow64\BRDM7860DW.DAT
    [2013/03/17 22:37:03 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/03/17 22:37:03 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/03/17 14:52:38 | 000,001,907 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.3 64-bit.lnk
    [2013/03/17 14:52:38 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
    [2013/03/16 17:02:23 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
    [2013/03/16 13:05:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2013/03/15 21:01:13 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2013/03/15 21:00:34 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2013/03/02 13:52:42 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
    [2013/03/02 13:52:28 | 000,019,663 | ---- | C] () -- C:\Windows\prodsett_copy.ini
    [2012/10/19 11:19:14 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
    [2012/10/19 11:19:14 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
    [2012/10/19 11:19:14 | 000,259,176 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/03/18 19:11:28 | 000,000,000 | ---D | M] -- C:\Users\teledisaster\AppData\Roaming\ControlCenter4
    [2013/04/14 22:51:13 | 000,000,000 | ---D | M] -- C:\Users\teledisaster\AppData\Roaming\Dropbox
    [2013/03/20 21:24:07 | 000,000,000 | ---D | M] -- C:\Users\teledisaster\AppData\Roaming\ICAClient
    [2013/04/09 07:39:00 | 000,000,000 | ---D | M] -- C:\Users\teledisaster\AppData\Roaming\Juniper Networks
    [2013/03/16 17:21:19 | 000,000,000 | ---D | M] -- C:\Users\teledisaster\AppData\Roaming\MediaMonkey
    [2013/03/17 08:37:01 | 000,000,000 | ---D | M] -- C:\Users\teledisaster\AppData\Roaming\Notepad++
    [2013/03/03 20:42:11 | 000,000,000 | ---D | M] -- C:\Users\teledisaster\AppData\Roaming\Scooter Software
    [2012/10/19 13:46:00 | 000,000,000 | ---D | M] -- C:\Users\teledisaster\AppData\Roaming\Softland
    [2013/03/16 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\teledisaster\AppData\Roaming\TagScanner
    [2013/03/17 10:54:12 | 000,000,000 | ---D | M] -- C:\Users\teledisaster\AppData\Roaming\TeraCopy
    [2013/03/18 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\teledisaster\AppData\Roaming\uTorrent

    ========== Purity Check ==========



    < End of report >
     
  11. Hi Hi

    Hi Hi TS Rookie Topic Starter Posts: 21

    --------------------------------
    Extras.txt
    --------------------------------

    OTL Extras logfile created on: 4/14/2013 11:01:00 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\teledisaster\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.99 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 68.59% Memory free
    7.97 Gb Paging File | 6.57 Gb Available in Paging File | 82.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.41 Gb Total Space | 430.45 Gb Free Space | 92.49% Space Free | Partition Type: NTFS

    Computer Name: GUDDU | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2445504815-1892541520-3877237937-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\SW\Util\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\SW\Util\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\SW\Media\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\SW\Media\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\SW\Media\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\SW\Util\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\SW\Util\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\SW\Media\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\SW\Media\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\SW\Media\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultInboundAction" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05104062-16B3-4E13-A6AF-5F25E7AF00AC}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{0D516FEF-9E11-4CAD-8115-B91B4D465DA9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1466DD80-47C9-4F60-9558-E101894418D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{1616840B-5CAB-411B-B3BF-2DF57983159F}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{37086544-FD15-4283-934A-CB972A717F4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{583922DB-08E2-4BDB-8E89-866DA68766E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5D2BEDA7-FC95-4B62-8E78-CC348D0E208A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5E8E565E-4919-4AE3-A935-E5C9A327F557}" = lport=137 | protocol=17 | dir=in | app=system |
    "{6295E724-A9DD-40EE-9E61-54372BD77B50}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7B3D61F2-A68C-4077-BA59-83CC0A6CB4BE}" = rport=138 | protocol=17 | dir=out | app=system |
    "{812BDB34-1C4D-488A-8F75-5F81E1FF517F}" = lport=138 | protocol=17 | dir=in | app=system |
    "{8317DD1B-D1E5-48AD-93C2-6293A6638361}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{8458AF78-CBE0-475C-82D5-D929D88CA4BB}" = rport=139 | protocol=6 | dir=out | app=system |
    "{85BF0B36-43C8-44E0-8B7B-15294B1DB2D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8CE314D0-E38F-460E-B5F9-78136573F089}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
    "{9C0E0B49-42B7-4705-A6D6-66D190654852}" = lport=6004 | protocol=17 | dir=in | app=c:\sw\util\microsoft office\office12\outlook.exe |
    "{B75D7B87-A642-406C-9556-26E102F4D7F0}" = rport=137 | protocol=17 | dir=out | app=system |
    "{BCD72D4C-879B-44E3-9F49-5A1B07A79833}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E9978248-4E02-4E70-9AD9-93E0A84CCC77}" = rport=445 | protocol=6 | dir=out | app=system |
    "{EC0911CB-5528-4759-9576-19D6BB154C83}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F256EF0D-7EC2-4B12-BBE8-79FAC425B083}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F4C754CE-7124-406B-A19C-32F0D70046CC}" = lport=445 | protocol=6 | dir=in | app=system |
    "{FA72A2EC-EFB3-46C8-B4BB-55D9FD5DC8D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0029885F-CC61-49F4-A06F-53F69711896A}" = protocol=17 | dir=in | app=c:\sw\util\teamviewer8\teamviewer_service.exe |
    "{0E4B7085-C8AC-4D90-A174-69009381270D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1BE61180-7094-4352-8BE1-74ED618E7089}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{2310F333-BC4C-4256-AB31-68BD3E05DDF5}" = protocol=6 | dir=in | app=c:\program files (x86)\citrix\ica client\pn.exe |
    "{256C8BE5-3046-44B4-A93E-4B13453E401B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{272DE2F3-719B-4673-80A5-1D4CF3C364C1}" = dir=out | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "{2942EDB7-7E1C-4FB7-8F78-F400EC59C174}" = protocol=17 | dir=in | app=c:\sw\util\microsoft office\office12\onenote.exe |
    "{2B42F928-3881-4810-943A-22E0F331EABA}" = protocol=6 | dir=out | app=system |
    "{2D94356B-48B0-45F2-8C83-DA710E071E81}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2FDF9554-2270-4370-AE7E-F03AB6559046}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{4D713D64-326D-4662-9AF6-C50D0A9ECDED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{546E5867-3153-4381-BE8A-7D15AE737326}" = protocol=17 | dir=in | app=c:\users\teledisaster\appdata\roaming\dropbox\bin\dropbox.exe |
    "{57CECB0F-C421-4F1F-9C5C-A4C384190223}" = protocol=6 | dir=in | app=c:\users\teledisaster\appdata\roaming\dropbox\bin\dropbox.exe |
    "{5BEF2906-FFAB-4C9C-89AC-14976FD6B5F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{6572BAF8-12C7-442E-B801-30E197C59B5B}" = protocol=6 | dir=in | app=c:\sw\util\brother\brmfl10f\faxrx.exe |
    "{6746942E-5639-4885-837B-A92E527B27AF}" = protocol=6 | dir=in | app=c:\sw\util\utorrent\utorrent.exe |
    "{6901E24A-E979-4FC7-9E1D-CE82824F061C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{71C2F70C-4418-4808-AF10-BABBA3B2B644}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{73241CD6-253E-43D8-914E-3BB597A9B6DC}" = dir=in | app=%programfiles% (x86)\internet explorer\iexplore.exe |
    "{85F690F3-D25B-4BD1-ACF6-BFF33D95B63B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{93303A62-547A-4F16-9568-FE490038DC84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{939E8730-9FE8-4D62-A54B-986C49241593}" = protocol=6 | dir=in | app=c:\sw\util\teamviewer8\teamviewer_service.exe |
    "{94B9BAA3-0EFF-464C-BFE0-D53EF6211F91}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{A05C2E19-821A-406A-B696-C23ED73B0F0A}" = protocol=6 | dir=in | app=c:\sw\util\teamviewer8\teamviewer.exe |
    "{ADBE1D8E-FDE0-4945-BFF1-8115C0B1F08E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AF64DE99-99DC-4970-8CD6-6EE5951FA1A1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{B1D9B745-D909-4B20-AAF6-284A588D14FF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
    "{B32CA9D0-385D-4327-A7FB-041B17732E81}" = protocol=17 | dir=in | app=c:\sw\util\utorrent\utorrent.exe |
    "{BD0DBEC1-C156-43D2-8B92-0CD07C3DCF50}" = protocol=6 | dir=in | app=c:\sw\util\microsoft office\office12\onenote.exe |
    "{C4424029-F650-4B47-B845-73C6BB26C227}" = protocol=17 | dir=in | app=c:\sw\util\brother\brmfl10f\faxrx.exe |
    "{C5A40FB9-DDD8-469D-B18E-B639D83F8910}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D3F8410B-1959-4C0C-B7C6-557CFCE147FD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D4751F22-EFB8-4F5F-8140-45FA000CC13E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{D868B474-9F54-41D0-9951-B01EABFE0403}" = dir=in | app=c:\sw\media\itunes\itunes.exe |
    "{DB2B0BF3-BD65-4080-9B47-1B453322BBFB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{DD3EB957-A3C3-499A-A8EC-C5E4B0971E04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EA4F63B5-1870-4CBF-BAFF-1B936B412DB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F0975A96-3685-4A7E-8F13-191117C01E2F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{F14261EE-EFC5-4BA5-B3F2-470F989C8441}" = protocol=17 | dir=in | app=c:\program files (x86)\citrix\ica client\pn.exe |
    "{F2E9D344-08ED-4DDA-86AC-E6A698E85758}" = protocol=17 | dir=in | app=c:\sw\util\teamviewer8\teamviewer.exe |
    "{F5DCF55F-7D82-49B6-BBF0-EB36F6A2C7FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F6A1DE0C-3AB1-4621-BC2D-796389AF23C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FF788455-5354-4AE7-B41A-5DCDD7ACF493}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
    "TCP Query User{1BC4D6DB-7FA4-4DE2-AD35-57DC40CF3970}C:\users\teledisaster\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\teledisaster\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{D11AB16A-DF30-421A-A1AE-BD96F9DBB4B1}C:\sw\media\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\sw\media\winamp\winamp.exe |
    "UDP Query User{BBE7A8A1-F09B-482F-B3E1-F6820680E357}C:\sw\media\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\sw\media\winamp\winamp.exe |
    "UDP Query User{F5749746-AFF4-4CDD-9E06-678B4C5A6619}C:\users\teledisaster\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\teledisaster\appdata\roaming\dropbox\bin\dropbox.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
    "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
    "{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{72E1C93F-BA1C-4E88-BA29-C3B716217E69}" = Dell ControlVault Host Components Installer 64 bit
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{D759947B-8C5A-4480-B0DB-FC391F061C85}" = Adobe Photoshop Lightroom 4.3 64-bit
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CCleaner" = CCleaner
    "Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
    "doPDF 7 printer_is1" = doPDF 7.3 printer
    "Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client 64-bit Activex Control
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "TeraCopy_is1" = TeraCopy 2.27

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation
    "{04566294-A6B6-4462-9721-031073EB3694}" = Dell Client System Update
    "{19522497-1DF2-40E8-AB3A-F1E133173060}" = Online Safety 2.71.927.655
    "{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
    "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.01
    "{2FFABB79-E4B1-430A-AAE8-ACA886F3A34A}" = F-Secure Network CCF 1.02.126
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7860DW
    "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
    "{4EBE5044-43A3-49CC-9848-E5A11CA33E64}" = F-Secure CCF Scanning 1.18.127.7931 (release)
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 12.71.102.0 (release)
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73878BFE-7C75-4235-949D-44DEC7550F21}" = iTunes Library Toolkit
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B44A0FF-7F4F-4553-BD98-282640E6BEC7}" = Charter Security Suite
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW 2011 Home Edition
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "7-Zip" = 7-Zip 9.20
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "AnyDVD" = AnyDVD
    "BeyondCompare3_is1" = Beyond Compare Version 3.3.5
    "CloneDVD2" = CloneDVD2
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "FileZilla Client" = FileZilla Client 3.6.0.2
    "Freemake Audio Converter_is1" = Freemake Audio Converter version 1.1.0
    "Freemake Video Converter_is1" = Freemake Video Converter version 4.0.0
    "F-Secure ServiceEnabler 42626" = Charter Security Suite
    "Gadwin PrintScreen" = Gadwin PrintScreen
    "GOM Player" = GOM Player
    "Google Chrome" = Google Chrome
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "MediaMonkey_is1" = MediaMonkey 4.0
    "Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "TagScanner_is1" = TagScanner 5.1.630
    "TeamViewer 8" = TeamViewer 8
    "uTorrent" = µTorrent
    "Winamp" = Winamp

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2445504815-1892541520-3877237937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "9204f5692a8faf3b" = Dell System Detect
    "Dropbox" = Dropbox
    "JoinMe" = join.me
    "Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
    "Juniper_Term_Services" = Juniper Terminal Services Client
    "Winamp Detect" = Winamp Detector Plug-in

    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Is iexplore.exe running with IE actually closed?
     
  13. Hi Hi

    Hi Hi TS Rookie Topic Starter Posts: 21

    Yes. I hardly ever use IE. When I start the computer there are *no* iexplore.exe instances. But the number goes on on increasing as I keep the system ON. For example: yesterday I started my machine at 6 AM with no instance of iexplore. By 3 PM, there are 120+ instances of it. I did not use Internet Explorer at all during this time. I always use chrome.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  15. Hi Hi

    Hi Hi TS Rookie Topic Starter Posts: 21

    22:14:08.0523 3096 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    22:14:09.0241 3096 ============================================================
    22:14:09.0241 3096 Current date / time: 2013/04/15 22:14:09.0241
    22:14:09.0241 3096 SystemInfo:
    22:14:09.0241 3096
    22:14:09.0241 3096 OS Version: 6.1.7601 ServicePack: 1.0
    22:14:09.0241 3096 Product type: Workstation
    22:14:09.0241 3096 ComputerName: GUDDU
    22:14:09.0241 3096 UserName: user
    22:14:09.0241 3096 Windows directory: C:\Windows
    22:14:09.0241 3096 System windows directory: C:\Windows
    22:14:09.0241 3096 Running under WOW64
    22:14:09.0241 3096 Processor architecture: Intel x64
    22:14:09.0241 3096 Number of processors: 2
    22:14:09.0241 3096 Page size: 0x1000
    22:14:09.0241 3096 Boot type: Normal boot
    22:14:09.0241 3096 ============================================================
    22:14:10.0379 3096 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:14:10.0395 3096 Drive \Device\Harddisk1\DR1 - Size: 0xEDEA00000 (59.48 Gb), SectorSize: 0x200, Cylinders: 0x1E54, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:14:10.0395 3096 ============================================================
    22:14:10.0395 3096 \Device\Harddisk0\DR0:
    22:14:10.0395 3096 MBR partitions:
    22:14:10.0395 3096 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xB2000
    22:14:10.0395 3096 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB2800, BlocksNum 0x3A2D3030
    22:14:10.0395 3096 \Device\Harddisk1\DR1:
    22:14:10.0395 3096 MBR partitions:
    22:14:10.0395 3096 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x8000, BlocksNum 0x76ED000
    22:14:10.0395 3096 ============================================================
    22:14:10.0442 3096 C: <-> \Device\Harddisk0\DR0\Partition2
    22:14:10.0442 3096 ============================================================
    22:14:10.0442 3096 Initialize success
    22:14:10.0442 3096 ============================================================
    22:14:12.0860 5060 ============================================================
    22:14:12.0860 5060 Scan started
    22:14:12.0860 5060 Mode: Manual;
    22:14:12.0860 5060 ============================================================
    22:14:14.0155 5060 ================ Scan system memory ========================
    22:14:14.0155 5060 System memory - ok
    22:14:14.0155 5060 ================ Scan services =============================
    22:14:14.0311 5060 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    22:14:14.0311 5060 1394ohci - ok
    22:14:14.0342 5060 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    22:14:14.0357 5060 ACPI - ok
    22:14:14.0389 5060 [ 12C5274CD87449A2A37A607CDB321922 ] acpials C:\Windows\system32\DRIVERS\acpials.sys
    22:14:14.0389 5060 acpials - ok
    22:14:14.0404 5060 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    22:14:14.0404 5060 AcpiPmi - ok
    22:14:14.0482 5060 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    22:14:14.0482 5060 AdobeARMservice - ok
    22:14:14.0607 5060 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    22:14:14.0607 5060 AdobeFlashPlayerUpdateSvc - ok
    22:14:14.0654 5060 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    22:14:14.0669 5060 adp94xx - ok
    22:14:14.0701 5060 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    22:14:14.0716 5060 adpahci - ok
    22:14:14.0732 5060 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    22:14:14.0732 5060 adpu320 - ok
    22:14:14.0763 5060 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    22:14:14.0763 5060 AeLookupSvc - ok
    22:14:14.0872 5060 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
    22:14:14.0872 5060 AESTFilters - ok
    22:14:14.0919 5060 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    22:14:14.0950 5060 AFD - ok
    22:14:14.0981 5060 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    22:14:14.0997 5060 agp440 - ok
    22:14:15.0028 5060 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    22:14:15.0028 5060 ALG - ok
    22:14:15.0075 5060 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    22:14:15.0075 5060 aliide - ok
    22:14:15.0075 5060 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    22:14:15.0075 5060 amdide - ok
    22:14:15.0106 5060 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    22:14:15.0106 5060 AmdK8 - ok
    22:14:15.0122 5060 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    22:14:15.0122 5060 AmdPPM - ok
    22:14:15.0137 5060 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    22:14:15.0153 5060 amdsata - ok
    22:14:15.0169 5060 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    22:14:15.0184 5060 amdsbs - ok
    22:14:15.0184 5060 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    22:14:15.0200 5060 amdxata - ok
    22:14:15.0247 5060 [ 7CE7D6019D0D73F9203BA4FF4BA35B6A ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
    22:14:15.0247 5060 AnyDVD - ok
    22:14:15.0325 5060 [ CA5F1BD1261BC771D30096BBCFD625A0 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
    22:14:15.0325 5060 ApfiltrService - ok
    22:14:15.0371 5060 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    22:14:15.0371 5060 AppID - ok
    22:14:15.0418 5060 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    22:14:15.0418 5060 AppIDSvc - ok
    22:14:15.0434 5060 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    22:14:15.0434 5060 Appinfo - ok
    22:14:15.0481 5060 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:14:15.0496 5060 Apple Mobile Device - ok
    22:14:15.0543 5060 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    22:14:15.0543 5060 AppMgmt - ok
    22:14:15.0559 5060 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    22:14:15.0559 5060 arc - ok
    22:14:15.0574 5060 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    22:14:15.0590 5060 arcsas - ok
    22:14:15.0605 5060 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    22:14:15.0621 5060 AsyncMac - ok
    22:14:15.0652 5060 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    22:14:15.0652 5060 atapi - ok
    22:14:15.0699 5060 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    22:14:15.0730 5060 AudioEndpointBuilder - ok
    22:14:15.0746 5060 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    22:14:15.0761 5060 AudioSrv - ok
    22:14:15.0793 5060 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    22:14:15.0793 5060 AxInstSV - ok
    22:14:15.0824 5060 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    22:14:15.0839 5060 b06bdrv - ok
    22:14:15.0917 5060 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:14:15.0917 5060 b57nd60a - ok
    22:14:16.0120 5060 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    22:14:16.0167 5060 BCM43XX - ok
    22:14:16.0198 5060 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    22:14:16.0198 5060 BDESVC - ok
    22:14:16.0229 5060 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    22:14:16.0245 5060 Beep - ok
    22:14:16.0276 5060 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    22:14:16.0307 5060 BFE - ok
    22:14:16.0339 5060 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
    22:14:16.0370 5060 BITS - ok
    22:14:16.0401 5060 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    22:14:16.0401 5060 blbdrive - ok
    22:14:16.0479 5060 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    22:14:16.0479 5060 Bonjour Service - ok
    22:14:16.0526 5060 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    22:14:16.0526 5060 bowser - ok
    22:14:16.0573 5060 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    22:14:16.0573 5060 BrFiltLo - ok
    22:14:16.0588 5060 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    22:14:16.0588 5060 BrFiltUp - ok
    22:14:16.0651 5060 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    22:14:16.0666 5060 BridgeMP - ok
    22:14:16.0697 5060 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    22:14:16.0713 5060 Browser - ok
    22:14:16.0744 5060 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    22:14:16.0744 5060 Brserid - ok
    22:14:16.0775 5060 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    22:14:16.0775 5060 BrSerWdm - ok
    22:14:16.0807 5060 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:14:16.0822 5060 BrUsbMdm - ok
    22:14:16.0822 5060 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    22:14:16.0822 5060 BrUsbSer - ok
    22:14:16.0885 5060 [ DB109DA005B6FE2A350C5DD7CA768DFD ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
    22:14:16.0931 5060 BrYNSvc - ok
    22:14:16.0963 5060 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    22:14:16.0978 5060 BTHMODEM - ok
    22:14:17.0009 5060 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    22:14:17.0009 5060 bthserv - ok
    22:14:17.0056 5060 catchme - ok
    22:14:17.0087 5060 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    22:14:17.0087 5060 cdfs - ok
    22:14:17.0134 5060 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    22:14:17.0150 5060 cdrom - ok
    22:14:17.0197 5060 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    22:14:17.0197 5060 CertPropSvc - ok
    22:14:17.0228 5060 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    22:14:17.0243 5060 circlass - ok
    22:14:17.0275 5060 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    22:14:17.0275 5060 CLFS - ok
    22:14:17.0368 5060 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:14:17.0368 5060 clr_optimization_v2.0.50727_32 - ok
    22:14:17.0431 5060 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:14:17.0446 5060 clr_optimization_v2.0.50727_64 - ok
    22:14:17.0509 5060 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:14:17.0509 5060 clr_optimization_v4.0.30319_32 - ok
    22:14:17.0540 5060 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:14:17.0555 5060 clr_optimization_v4.0.30319_64 - ok
    22:14:17.0587 5060 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    22:14:17.0587 5060 CmBatt - ok
    22:14:17.0602 5060 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    22:14:17.0602 5060 cmdide - ok
    22:14:17.0665 5060 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
    22:14:17.0680 5060 CNG - ok
    22:14:17.0696 5060 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    22:14:17.0696 5060 Compbatt - ok
    22:14:17.0711 5060 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    22:14:17.0711 5060 CompositeBus - ok
    22:14:17.0711 5060 COMSysApp - ok
    22:14:17.0727 5060 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    22:14:17.0727 5060 crcdisk - ok
    22:14:17.0805 5060 [ 3741EC4A0F2AB12F4C461DCCD8BA9705 ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    22:14:17.0836 5060 Credential Vault Host Control Service - ok
    22:14:17.0867 5060 [ 214C0DC5881951F0B0802E3FCA4C4690 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    22:14:17.0867 5060 Credential Vault Host Storage - ok
    22:14:17.0914 5060 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    22:14:17.0930 5060 CryptSvc - ok
    22:14:17.0977 5060 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    22:14:18.0008 5060 CSC - ok
    22:14:18.0055 5060 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    22:14:18.0086 5060 CscService - ok
    22:14:18.0117 5060 [ DBC6B7337004D5C6C66731C29DB6EAEA ] cvusbdrv C:\Windows\system32\Drivers\cvusbdrv.sys
    22:14:18.0117 5060 cvusbdrv - ok
    22:14:18.0179 5060 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    22:14:18.0179 5060 DcomLaunch - ok
    22:14:18.0226 5060 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    22:14:18.0226 5060 defragsvc - ok
    22:14:18.0242 5060 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    22:14:18.0257 5060 DfsC - ok
    22:14:18.0289 5060 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    22:14:18.0289 5060 Dhcp - ok
    22:14:18.0304 5060 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    22:14:18.0320 5060 discache - ok
    22:14:18.0335 5060 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    22:14:18.0335 5060 Disk - ok
    22:14:18.0382 5060 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
    22:14:18.0382 5060 dmvsc - ok
    22:14:18.0413 5060 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    22:14:18.0413 5060 Dnscache - ok
    22:14:18.0476 5060 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    22:14:18.0491 5060 dot3svc - ok
    22:14:18.0507 5060 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    22:14:18.0523 5060 DPS - ok
    22:14:18.0554 5060 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    22:14:18.0554 5060 drmkaud - ok
    22:14:18.0616 5060 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    22:14:18.0679 5060 DXGKrnl - ok
    22:14:18.0725 5060 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
    22:14:18.0725 5060 e1yexpress - ok
    22:14:18.0757 5060 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    22:14:18.0772 5060 EapHost - ok
    22:14:18.0881 5060 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    22:14:18.0991 5060 ebdrv - ok
    22:14:19.0022 5060 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    22:14:19.0022 5060 EFS - ok
    22:14:19.0100 5060 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    22:14:19.0131 5060 ehRecvr - ok
    22:14:19.0147 5060 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    22:14:19.0147 5060 ehSched - ok
    22:14:19.0193 5060 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
    22:14:19.0193 5060 ElbyCDIO - ok
    22:14:19.0225 5060 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    22:14:19.0240 5060 elxstor - ok
    22:14:19.0256 5060 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    22:14:19.0256 5060 ErrDev - ok
    22:14:19.0318 5060 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    22:14:19.0318 5060 EventSystem - ok
    22:14:19.0349 5060 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    22:14:19.0349 5060 exfat - ok
    22:14:19.0490 5060 [ C0210658C92C7D1F11DA3BE238A2F762 ] F-Secure Gatekeeper C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
    22:14:19.0490 5060 F-Secure Gatekeeper - ok
    22:14:19.0552 5060 [ 506BD9D213B3AB6FE6FB2819EBC9A880 ] F-Secure HIPS C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys
    22:14:19.0552 5060 F-Secure HIPS - ok
    22:14:19.0599 5060 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    22:14:19.0599 5060 fastfat - ok
    22:14:19.0661 5060 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    22:14:19.0693 5060 Fax - ok
    22:14:19.0724 5060 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    22:14:19.0724 5060 fdc - ok
    22:14:19.0739 5060 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    22:14:19.0755 5060 fdPHost - ok
    22:14:19.0755 5060 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    22:14:19.0771 5060 FDResPub - ok
    22:14:19.0817 5060 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    22:14:19.0817 5060 FileInfo - ok
    22:14:19.0833 5060 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    22:14:19.0833 5060 Filetrace - ok
    22:14:19.0849 5060 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    22:14:19.0849 5060 flpydisk - ok
    22:14:19.0880 5060 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    22:14:19.0895 5060 FltMgr - ok
    22:14:19.0942 5060 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
    22:14:19.0958 5060 FontCache - ok
    22:14:20.0005 5060 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:14:20.0020 5060 FontCache3.0.0.0 - ok
    22:14:20.0114 5060 [ 74AB3D9A403FD2495CDB1DB5C49C061B ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    22:14:20.0114 5060 Freemake Improver - ok
    22:14:20.0176 5060 [ F59F2C574AA5D84477EB89F87C938F16 ] fsbts C:\Windows\system32\Drivers\fsbts.sys
    22:14:20.0176 5060 fsbts - ok
    22:14:20.0207 5060 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    22:14:20.0223 5060 FsDepends - ok
    22:14:20.0301 5060 [ 10881D41226100F44DF3BF66F5EA75C6 ] fshoster C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
    22:14:20.0301 5060 fshoster - ok
    22:14:20.0348 5060 [ 11CA1330E16D1772E868A86FBFD8A0AD ] FSMA C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
    22:14:20.0363 5060 FSMA - ok
    22:14:20.0426 5060 [ FFF3982981DF6DCD12FFDBE8BB101451 ] fsni C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys
    22:14:20.0426 5060 fsni - ok
    22:14:20.0473 5060 [ C67B42683036A503A2123EBEE9220AAA ] FSORSPClient C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
    22:14:20.0473 5060 FSORSPClient - ok
    22:14:20.0504 5060 [ 339E52896B03045FC2A738F9997FA38D ] fsvista C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
    22:14:20.0519 5060 fsvista - ok
    22:14:20.0551 5060 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    22:14:20.0566 5060 Fs_Rec - ok
    22:14:20.0597 5060 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    22:14:20.0613 5060 fvevol - ok
    22:14:20.0660 5060 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    22:14:20.0660 5060 gagp30kx - ok
    22:14:20.0707 5060 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:14:20.0707 5060 GEARAspiWDM - ok
    22:14:20.0753 5060 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    22:14:20.0785 5060 gpsvc - ok
    22:14:20.0847 5060 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:14:20.0847 5060 gupdate - ok
    22:14:20.0878 5060 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:14:20.0878 5060 gupdatem - ok
    22:14:20.0909 5060 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    22:14:20.0909 5060 hcw85cir - ok
    22:14:20.0956 5060 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    22:14:20.0972 5060 HdAudAddService - ok
    22:14:20.0987 5060 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:14:20.0987 5060 HDAudBus - ok
    22:14:21.0003 5060 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    22:14:21.0003 5060 HidBatt - ok
    22:14:21.0019 5060 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    22:14:21.0019 5060 HidBth - ok
    22:14:21.0050 5060 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    22:14:21.0065 5060 HidIr - ok
    22:14:21.0081 5060 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    22:14:21.0097 5060 hidserv - ok
    22:14:21.0253 5060 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    22:14:21.0268 5060 HidUsb - ok
    22:14:21.0299 5060 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    22:14:21.0315 5060 hkmsvc - ok
    22:14:21.0346 5060 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    22:14:21.0346 5060 HomeGroupListener - ok
    22:14:21.0393 5060 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    22:14:21.0393 5060 HomeGroupProvider - ok
    22:14:21.0393 5060 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    22:14:21.0409 5060 HpSAMD - ok
    22:14:21.0440 5060 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    22:14:21.0455 5060 HTTP - ok
    22:14:21.0471 5060 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    22:14:21.0471 5060 hwpolicy - ok
    22:14:21.0487 5060 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    22:14:21.0487 5060 i8042prt - ok
    22:14:21.0502 5060 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    22:14:21.0502 5060 iaStorV - ok
    22:14:21.0565 5060 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:14:21.0627 5060 idsvc - ok
    22:14:21.0643 5060 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    22:14:21.0643 5060 iirsp - ok
    22:14:21.0689 5060 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    22:14:21.0705 5060 IKEEXT - ok
    22:14:21.0721 5060 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    22:14:21.0721 5060 intelide - ok
    22:14:21.0736 5060 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    22:14:21.0736 5060 intelppm - ok
    22:14:21.0752 5060 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    22:14:21.0752 5060 IPBusEnum - ok
    22:14:21.0783 5060 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:14:21.0783 5060 IpFilterDriver - ok
    22:14:21.0814 5060 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    22:14:21.0830 5060 iphlpsvc - ok
    22:14:21.0861 5060 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    22:14:21.0861 5060 IPMIDRV - ok
    22:14:21.0877 5060 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    22:14:21.0877 5060 IPNAT - ok
    22:14:21.0923 5060 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    22:14:21.0955 5060 iPod Service - ok
    22:14:21.0986 5060 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    22:14:22.0001 5060 IRENUM - ok
    22:14:22.0017 5060 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    22:14:22.0017 5060 isapnp - ok
    22:14:22.0064 5060 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    22:14:22.0064 5060 iScsiPrt - ok
    22:14:22.0095 5060 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    22:14:22.0095 5060 kbdclass - ok
    22:14:22.0111 5060 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    22:14:22.0111 5060 kbdhid - ok
    22:14:22.0142 5060 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    22:14:22.0142 5060 KeyIso - ok
    22:14:22.0157 5060 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    22:14:22.0173 5060 KSecDD - ok
    22:14:22.0189 5060 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    22:14:22.0204 5060 KSecPkg - ok
    22:14:22.0220 5060 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    22:14:22.0220 5060 ksthunk - ok
    22:14:22.0282 5060 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    22:14:22.0313 5060 KtmRm - ok
    22:14:22.0360 5060 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    22:14:22.0376 5060 LanmanServer - ok
    22:14:22.0407 5060 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    22:14:22.0407 5060 LanmanWorkstation - ok
    22:14:22.0438 5060 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    22:14:22.0454 5060 lltdio - ok
    22:14:22.0485 5060 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    22:14:22.0485 5060 lltdsvc - ok
    22:14:22.0516 5060 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    22:14:22.0516 5060 lmhosts - ok
    22:14:22.0547 5060 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    22:14:22.0547 5060 LSI_FC - ok
    22:14:22.0563 5060 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    22:14:22.0579 5060 LSI_SAS - ok
    22:14:22.0579 5060 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    22:14:22.0579 5060 LSI_SAS2 - ok
    22:14:22.0594 5060 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    22:14:22.0594 5060 LSI_SCSI - ok
    22:14:22.0594 5060 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    22:14:22.0610 5060 luafv - ok
    22:14:22.0672 5060 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    22:14:22.0672 5060 MBAMProtector - ok
    22:14:22.0750 5060 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\SW\Util\Malwarebytes' Anti-Malware\mbamscheduler.exe
    22:14:22.0781 5060 MBAMScheduler - ok
    22:14:22.0813 5060 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\SW\Util\Malwarebytes' Anti-Malware\mbamservice.exe
    22:14:22.0844 5060 MBAMService - ok
    22:14:22.0875 5060 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    22:14:22.0891 5060 Mcx2Svc - ok
    22:14:22.0922 5060 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    22:14:22.0922 5060 megasas - ok
    22:14:22.0937 5060 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    22:14:22.0969 5060 MegaSR - ok
    22:14:22.0984 5060 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    22:14:23.0000 5060 MMCSS - ok
    22:14:23.0000 5060 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    22:14:23.0015 5060 Modem - ok
    22:14:23.0047 5060 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    22:14:23.0047 5060 monitor - ok
    22:14:23.0062 5060 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    22:14:23.0062 5060 mouclass - ok
    22:14:23.0078 5060 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    22:14:23.0078 5060 mouhid - ok
    22:14:23.0093 5060 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    22:14:23.0093 5060 mountmgr - ok
    22:14:23.0156 5060 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:14:23.0156 5060 MozillaMaintenance - ok
    22:14:23.0171 5060 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    22:14:23.0171 5060 mpio - ok
    22:14:23.0218 5060 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    22:14:23.0234 5060 mpsdrv - ok
    22:14:23.0281 5060 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    22:14:23.0312 5060 MpsSvc - ok
    22:14:23.0343 5060 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    22:14:23.0343 5060 MRxDAV - ok
    22:14:23.0390 5060 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:14:23.0390 5060 mrxsmb - ok
    22:14:23.0405 5060 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:14:23.0421 5060 mrxsmb10 - ok
    22:14:23.0452 5060 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:14:23.0452 5060 mrxsmb20 - ok
    22:14:23.0468 5060 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    22:14:23.0468 5060 msahci - ok
    22:14:23.0483 5060 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    22:14:23.0483 5060 msdsm - ok
    22:14:23.0499 5060 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    22:14:23.0499 5060 MSDTC - ok
    22:14:23.0530 5060 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    22:14:23.0530 5060 Msfs - ok
    22:14:23.0561 5060 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    22:14:23.0561 5060 mshidkmdf - ok
    22:14:23.0561 5060 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    22:14:23.0561 5060 msisadrv - ok
    22:14:23.0593 5060 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    22:14:23.0608 5060 MSiSCSI - ok
    22:14:23.0608 5060 msiserver - ok
    22:14:23.0639 5060 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    22:14:23.0655 5060 MSKSSRV - ok
    22:14:23.0655 5060 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    22:14:23.0671 5060 MSPCLOCK - ok
    22:14:23.0671 5060 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    22:14:23.0686 5060 MSPQM - ok
    22:14:23.0717 5060 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    22:14:23.0733 5060 MsRPC - ok
    22:14:23.0749 5060 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    22:14:23.0749 5060 mssmbios - ok
    22:14:23.0749 5060 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    22:14:23.0749 5060 MSTEE - ok
    22:14:23.0780 5060 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    22:14:23.0780 5060 MTConfig - ok
    22:14:23.0780 5060 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    22:14:23.0780 5060 Mup - ok
    22:14:23.0811 5060 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    22:14:23.0811 5060 napagent - ok
    22:14:23.0858 5060 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    22:14:23.0873 5060 NativeWifiP - ok
    22:14:23.0920 5060 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    22:14:23.0967 5060 NDIS - ok
    22:14:24.0014 5060 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    22:14:24.0014 5060 NdisCap - ok
    22:14:24.0061 5060 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    22:14:24.0061 5060 NdisTapi - ok
    22:14:24.0092 5060 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    22:14:24.0092 5060 Ndisuio - ok
    22:14:24.0107 5060 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    22:14:24.0123 5060 NdisWan - ok
    22:14:24.0123 5060 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    22:14:24.0139 5060 NDProxy - ok
    22:14:24.0139 5060 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    22:14:24.0139 5060 NetBIOS - ok
    22:14:24.0185 5060 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    22:14:24.0185 5060 NetBT - ok
    22:14:24.0201 5060 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    22:14:24.0217 5060 Netlogon - ok
    22:14:24.0279 5060 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    22:14:24.0295 5060 Netman - ok
    22:14:24.0310 5060 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    22:14:24.0326 5060 netprofm - ok
    22:14:24.0357 5060 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:14:24.0357 5060 NetTcpPortSharing - ok
    22:14:24.0404 5060 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    22:14:24.0404 5060 nfrd960 - ok
    22:14:24.0435 5060 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    22:14:24.0435 5060 NlaSvc - ok
    22:14:24.0451 5060 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    22:14:24.0451 5060 Npfs - ok
    22:14:24.0482 5060 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    22:14:24.0482 5060 nsi - ok
    22:14:24.0482 5060 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    22:14:24.0482 5060 nsiproxy - ok
     
  16. Hi Hi

    Hi Hi TS Rookie Topic Starter Posts: 21

    22:14:24.0544 5060 [ B8965FB53551B5455630A4B804D0791F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    22:14:24.0591 5060 Ntfs - ok
    22:14:24.0591 5060 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    22:14:24.0591 5060 Null - ok
    22:14:24.0622 5060 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
    22:14:24.0622 5060 nusb3hub - ok
    22:14:24.0638 5060 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
    22:14:24.0638 5060 nusb3xhc - ok
    22:14:24.0841 5060 [ 53A7E1DEA2E7FA22FD4F0C28C078F5A0 ] NVIDIA Performance Driver Service C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
    22:14:25.0028 5060 NVIDIA Performance Driver Service - ok
    22:14:25.0340 5060 [ 98741EEF3FD6856C677646680DB4CF9D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    22:14:25.0574 5060 nvlddmkm - ok
    22:14:25.0621 5060 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    22:14:25.0621 5060 nvraid - ok
    22:14:25.0652 5060 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    22:14:25.0652 5060 nvstor - ok
    22:14:25.0699 5060 [ B6FA4F13439D5CBDA4333118780C55EE ] nvsvc C:\Windows\system32\nvvsvc.exe
    22:14:25.0714 5060 nvsvc - ok
    22:14:25.0745 5060 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    22:14:25.0745 5060 nv_agp - ok
    22:14:25.0792 5060 [ 706F5504AF9F28C8641DAB5EDDFDE03B ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
    22:14:25.0808 5060 OA001Ufd - ok
    22:14:25.0839 5060 [ F39A394BDB20217DB5D6D91D54E83BF5 ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
    22:14:25.0855 5060 OA001Vid - ok
    22:14:25.0933 5060 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    22:14:25.0948 5060 odserv - ok
    22:14:25.0995 5060 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    22:14:25.0995 5060 ohci1394 - ok
    22:14:26.0042 5060 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:14:26.0057 5060 ose - ok
    22:14:26.0089 5060 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    22:14:26.0104 5060 p2pimsvc - ok
    22:14:26.0135 5060 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    22:14:26.0151 5060 p2psvc - ok
    22:14:26.0167 5060 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    22:14:26.0167 5060 Parport - ok
    22:14:26.0198 5060 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    22:14:26.0198 5060 partmgr - ok
    22:14:26.0229 5060 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    22:14:26.0229 5060 PcaSvc - ok
    22:14:26.0245 5060 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    22:14:26.0245 5060 pci - ok
    22:14:26.0291 5060 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    22:14:26.0291 5060 pciide - ok
    22:14:26.0369 5060 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    22:14:26.0401 5060 pcmcia - ok
    22:14:26.0510 5060 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    22:14:26.0541 5060 pcw - ok
    22:14:26.0557 5060 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    22:14:26.0572 5060 PEAUTH - ok
    22:14:26.0619 5060 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    22:14:26.0666 5060 PeerDistSvc - ok
    22:14:26.0728 5060 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    22:14:26.0744 5060 PerfHost - ok
    22:14:26.0806 5060 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    22:14:26.0853 5060 pla - ok
    22:14:26.0900 5060 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    22:14:26.0900 5060 PlugPlay - ok
    22:14:26.0915 5060 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    22:14:26.0931 5060 PNRPAutoReg - ok
    22:14:26.0947 5060 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    22:14:26.0947 5060 PNRPsvc - ok
    22:14:27.0009 5060 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    22:14:27.0025 5060 PolicyAgent - ok
    22:14:27.0056 5060 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    22:14:27.0056 5060 Power - ok
    22:14:27.0087 5060 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    22:14:27.0087 5060 PptpMiniport - ok
    22:14:27.0103 5060 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    22:14:27.0118 5060 Processor - ok
    22:14:27.0149 5060 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    22:14:27.0149 5060 ProfSvc - ok
    22:14:27.0165 5060 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    22:14:27.0165 5060 ProtectedStorage - ok
    22:14:27.0196 5060 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    22:14:27.0196 5060 Psched - ok
    22:14:27.0243 5060 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    22:14:27.0243 5060 PxHlpa64 - ok
    22:14:27.0305 5060 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    22:14:27.0337 5060 ql2300 - ok
    22:14:27.0352 5060 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    22:14:27.0352 5060 ql40xx - ok
    22:14:27.0383 5060 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    22:14:27.0399 5060 QWAVE - ok
    22:14:27.0415 5060 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    22:14:27.0415 5060 QWAVEdrv - ok
    22:14:27.0446 5060 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    22:14:27.0446 5060 RasAcd - ok
    22:14:27.0477 5060 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:14:27.0477 5060 RasAgileVpn - ok
    22:14:27.0493 5060 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    22:14:27.0493 5060 RasAuto - ok
    22:14:27.0508 5060 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:14:27.0524 5060 Rasl2tp - ok
    22:14:27.0539 5060 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    22:14:27.0539 5060 RasMan - ok
    22:14:27.0539 5060 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    22:14:27.0539 5060 RasPppoe - ok
    22:14:27.0555 5060 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    22:14:27.0571 5060 RasSstp - ok
    22:14:27.0571 5060 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    22:14:27.0586 5060 rdbss - ok
    22:14:27.0586 5060 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    22:14:27.0586 5060 rdpbus - ok
    22:14:27.0602 5060 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:14:27.0602 5060 RDPCDD - ok
    22:14:27.0617 5060 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    22:14:27.0633 5060 RDPDR - ok
    22:14:27.0633 5060 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    22:14:27.0633 5060 RDPENCDD - ok
    22:14:27.0633 5060 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    22:14:27.0633 5060 RDPREFMP - ok
    22:14:27.0680 5060 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    22:14:27.0680 5060 RdpVideoMiniport - ok
    22:14:27.0727 5060 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    22:14:27.0742 5060 RDPWD - ok
    22:14:27.0773 5060 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    22:14:27.0773 5060 rdyboost - ok
    22:14:27.0805 5060 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    22:14:27.0805 5060 RemoteAccess - ok
    22:14:27.0836 5060 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    22:14:27.0836 5060 RemoteRegistry - ok
    22:14:27.0883 5060 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
    22:14:27.0883 5060 rimmptsk - ok
    22:14:27.0992 5060 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    22:14:28.0039 5060 RoxMediaDB12OEM - ok
    22:14:28.0070 5060 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    22:14:28.0070 5060 RoxWatch12 - ok
    22:14:28.0101 5060 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    22:14:28.0101 5060 RpcEptMapper - ok
    22:14:28.0132 5060 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    22:14:28.0132 5060 RpcLocator - ok
    22:14:28.0163 5060 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    22:14:28.0179 5060 RpcSs - ok
    22:14:28.0210 5060 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    22:14:28.0210 5060 rspndr - ok
    22:14:28.0241 5060 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    22:14:28.0241 5060 s3cap - ok
    22:14:28.0257 5060 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    22:14:28.0257 5060 SamSs - ok
    22:14:28.0273 5060 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    22:14:28.0273 5060 sbp2port - ok
    22:14:28.0304 5060 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    22:14:28.0304 5060 SCardSvr - ok
    22:14:28.0304 5060 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    22:14:28.0319 5060 scfilter - ok
    22:14:28.0335 5060 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    22:14:28.0351 5060 Schedule - ok
    22:14:28.0382 5060 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    22:14:28.0382 5060 SCPolicySvc - ok
    22:14:28.0429 5060 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    22:14:28.0429 5060 sdbus - ok
    22:14:28.0444 5060 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    22:14:28.0460 5060 SDRSVC - ok
    22:14:28.0491 5060 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    22:14:28.0491 5060 secdrv - ok
    22:14:28.0491 5060 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    22:14:28.0507 5060 seclogon - ok
    22:14:28.0507 5060 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    22:14:28.0507 5060 SENS - ok
    22:14:28.0522 5060 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    22:14:28.0522 5060 SensrSvc - ok
    22:14:28.0553 5060 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    22:14:28.0553 5060 Serenum - ok
    22:14:28.0553 5060 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    22:14:28.0569 5060 Serial - ok
    22:14:28.0585 5060 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    22:14:28.0585 5060 sermouse - ok
    22:14:28.0600 5060 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    22:14:28.0616 5060 SessionEnv - ok
    22:14:28.0616 5060 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    22:14:28.0616 5060 sffdisk - ok
    22:14:28.0647 5060 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    22:14:28.0647 5060 sffp_mmc - ok
    22:14:28.0647 5060 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    22:14:28.0647 5060 sffp_sd - ok
    22:14:28.0647 5060 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    22:14:28.0647 5060 sfloppy - ok
    22:14:28.0694 5060 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    22:14:28.0725 5060 SharedAccess - ok
    22:14:28.0756 5060 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    22:14:28.0756 5060 ShellHWDetection - ok
    22:14:28.0787 5060 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    22:14:28.0803 5060 SiSRaid2 - ok
    22:14:28.0803 5060 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    22:14:28.0803 5060 SiSRaid4 - ok
    22:14:28.0850 5060 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    22:14:28.0850 5060 Smb - ok
    22:14:28.0881 5060 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    22:14:28.0897 5060 SNMPTRAP - ok
    22:14:28.0912 5060 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    22:14:28.0912 5060 spldr - ok
    22:14:28.0959 5060 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    22:14:28.0975 5060 Spooler - ok
    22:14:29.0068 5060 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    22:14:29.0193 5060 sppsvc - ok
    22:14:29.0209 5060 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    22:14:29.0209 5060 sppuinotify - ok
    22:14:29.0240 5060 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    22:14:29.0255 5060 srv - ok
    22:14:29.0271 5060 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    22:14:29.0318 5060 srv2 - ok
    22:14:29.0365 5060 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    22:14:29.0380 5060 SrvHsfHDA - ok
    22:14:29.0427 5060 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    22:14:29.0505 5060 SrvHsfV92 - ok
    22:14:29.0521 5060 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    22:14:29.0552 5060 SrvHsfWinac - ok
    22:14:29.0583 5060 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    22:14:29.0583 5060 srvnet - ok
    22:14:29.0630 5060 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    22:14:29.0645 5060 SSDPSRV - ok
    22:14:29.0661 5060 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    22:14:29.0661 5060 SstpSvc - ok
    22:14:29.0786 5060 [ 64F41D5A4CDCF83D36BC16E52FE1EA92 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe
    22:14:29.0801 5060 STacSV - ok
    22:14:29.0833 5060 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    22:14:29.0833 5060 stexstor - ok
    22:14:29.0879 5060 [ 7A0CEC55645E0817F70FB8708D93E669 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    22:14:29.0879 5060 STHDA - ok
    22:14:29.0926 5060 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    22:14:29.0926 5060 StillCam - ok
    22:14:29.0973 5060 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    22:14:30.0004 5060 stisvc - ok
    22:14:30.0067 5060 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    22:14:30.0067 5060 stllssvr - ok
    22:14:30.0129 5060 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    22:14:30.0129 5060 storflt - ok
    22:14:30.0160 5060 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
    22:14:30.0160 5060 StorSvc - ok
    22:14:30.0191 5060 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    22:14:30.0207 5060 storvsc - ok
    22:14:30.0238 5060 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    22:14:30.0238 5060 swenum - ok
    22:14:30.0301 5060 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    22:14:30.0316 5060 swprv - ok
    22:14:30.0379 5060 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    22:14:30.0425 5060 SysMain - ok
    22:14:30.0441 5060 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    22:14:30.0457 5060 TabletInputService - ok
    22:14:30.0472 5060 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    22:14:30.0488 5060 TapiSrv - ok
    22:14:30.0503 5060 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    22:14:30.0503 5060 TBS - ok
    22:14:30.0581 5060 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    22:14:30.0644 5060 Tcpip - ok
    22:14:30.0706 5060 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    22:14:30.0737 5060 TCPIP6 - ok
    22:14:30.0753 5060 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    22:14:30.0769 5060 tcpipreg - ok
    22:14:30.0800 5060 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    22:14:30.0800 5060 TDPIPE - ok
    22:14:30.0847 5060 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    22:14:30.0847 5060 TDTCP - ok
    22:14:30.0862 5060 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    22:14:30.0878 5060 tdx - ok
    22:14:31.0034 5060 [ 01CC3B9349B244C752CDD99EFDA080BB ] TeamViewer8 C:\SW\Util\TeamViewer8\TeamViewer_Service.exe
    22:14:31.0159 5060 TeamViewer8 - ok
    22:14:31.0159 5060 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    22:14:31.0174 5060 TermDD - ok
    22:14:31.0205 5060 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    22:14:31.0237 5060 TermService - ok
    22:14:31.0252 5060 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    22:14:31.0252 5060 Themes - ok
    22:14:31.0283 5060 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    22:14:31.0283 5060 THREADORDER - ok
    22:14:31.0299 5060 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    22:14:31.0299 5060 TrkWks - ok
    22:14:31.0346 5060 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    22:14:31.0361 5060 TrustedInstaller - ok
    22:14:31.0393 5060 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:14:31.0393 5060 tssecsrv - ok
    22:14:31.0439 5060 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    22:14:31.0455 5060 TsUsbFlt - ok
    22:14:31.0471 5060 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    22:14:31.0471 5060 TsUsbGD - ok
    22:14:31.0502 5060 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    22:14:31.0517 5060 tunnel - ok
    22:14:31.0533 5060 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    22:14:31.0533 5060 uagp35 - ok
    22:14:31.0549 5060 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    22:14:31.0564 5060 udfs - ok
    22:14:31.0595 5060 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    22:14:31.0595 5060 UI0Detect - ok
    22:14:31.0627 5060 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    22:14:31.0627 5060 uliagpkx - ok
    22:14:31.0642 5060 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    22:14:31.0642 5060 umbus - ok
    22:14:31.0673 5060 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    22:14:31.0673 5060 UmPass - ok
    22:14:31.0705 5060 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    22:14:31.0720 5060 UmRdpService - ok
    22:14:31.0736 5060 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    22:14:31.0751 5060 upnphost - ok
    22:14:31.0798 5060 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    22:14:31.0798 5060 USBAAPL64 - ok
    22:14:31.0814 5060 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    22:14:31.0814 5060 usbccgp - ok
    22:14:31.0861 5060 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    22:14:31.0861 5060 usbcir - ok
    22:14:31.0876 5060 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    22:14:31.0892 5060 usbehci - ok
    22:14:31.0923 5060 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    22:14:31.0939 5060 usbhub - ok
    22:14:31.0985 5060 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    22:14:31.0985 5060 usbohci - ok
    22:14:31.0985 5060 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
    22:14:32.0001 5060 usbprint - ok
    22:14:32.0001 5060 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:14:32.0017 5060 USBSTOR - ok
    22:14:32.0017 5060 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    22:14:32.0032 5060 usbuhci - ok
    22:14:32.0063 5060 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    22:14:32.0063 5060 usbvideo - ok
    22:14:32.0095 5060 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    22:14:32.0095 5060 UxSms - ok
    22:14:32.0110 5060 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    22:14:32.0110 5060 VaultSvc - ok
    22:14:32.0141 5060 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    22:14:32.0141 5060 vdrvroot - ok
    22:14:32.0188 5060 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    22:14:32.0204 5060 vds - ok
    22:14:32.0219 5060 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    22:14:32.0235 5060 vga - ok
    22:14:32.0235 5060 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    22:14:32.0251 5060 VgaSave - ok
    22:14:32.0282 5060 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    22:14:32.0282 5060 vhdmp - ok
    22:14:32.0282 5060 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    22:14:32.0282 5060 viaide - ok
    22:14:32.0313 5060 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    22:14:32.0313 5060 vmbus - ok
    22:14:32.0329 5060 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    22:14:32.0329 5060 VMBusHID - ok
    22:14:32.0344 5060 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    22:14:32.0344 5060 volmgr - ok
    22:14:32.0360 5060 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    22:14:32.0360 5060 volmgrx - ok
    22:14:32.0375 5060 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    22:14:32.0407 5060 volsnap - ok
    22:14:32.0422 5060 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    22:14:32.0422 5060 vsmraid - ok
    22:14:32.0500 5060 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    22:14:32.0563 5060 VSS - ok
    22:14:32.0563 5060 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    22:14:32.0563 5060 vwifibus - ok
    22:14:32.0578 5060 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    22:14:32.0594 5060 vwififlt - ok
    22:14:32.0625 5060 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    22:14:32.0625 5060 W32Time - ok
    22:14:32.0656 5060 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    22:14:32.0656 5060 WacomPen - ok
    22:14:32.0687 5060 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    22:14:32.0703 5060 WANARP - ok
    22:14:32.0719 5060 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    22:14:32.0719 5060 Wanarpv6 - ok
    22:14:32.0765 5060 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    22:14:32.0828 5060 WatAdminSvc - ok
    22:14:32.0890 5060 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    22:14:32.0953 5060 wbengine - ok
    22:14:32.0999 5060 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    22:14:32.0999 5060 WbioSrvc - ok
    22:14:33.0015 5060 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    22:14:33.0015 5060 wcncsvc - ok
    22:14:33.0031 5060 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    22:14:33.0031 5060 WcsPlugInService - ok
    22:14:33.0046 5060 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    22:14:33.0046 5060 Wd - ok
    22:14:33.0093 5060 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    22:14:33.0109 5060 Wdf01000 - ok
    22:14:33.0124 5060 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    22:14:33.0140 5060 WdiServiceHost - ok
    22:14:33.0140 5060 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    22:14:33.0140 5060 WdiSystemHost - ok
    22:14:33.0155 5060 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    22:14:33.0171 5060 WebClient - ok
    22:14:33.0187 5060 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    22:14:33.0187 5060 Wecsvc - ok
    22:14:33.0218 5060 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    22:14:33.0218 5060 wercplsupport - ok
    22:14:33.0218 5060 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    22:14:33.0218 5060 WerSvc - ok
    22:14:33.0265 5060 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    22:14:33.0265 5060 WfpLwf - ok
    22:14:33.0280 5060 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    22:14:33.0280 5060 WIMMount - ok
    22:14:33.0311 5060 WinDefend - ok
    22:14:33.0311 5060 WinHttpAutoProxySvc - ok
    22:14:33.0358 5060 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    22:14:33.0358 5060 Winmgmt - ok
    22:14:33.0452 5060 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    22:14:33.0499 5060 WinRM - ok
    22:14:33.0561 5060 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
    22:14:33.0561 5060 WinUsb - ok
    22:14:33.0592 5060 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    22:14:33.0623 5060 Wlansvc - ok
    22:14:33.0639 5060 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    22:14:33.0639 5060 WmiAcpi - ok
    22:14:33.0670 5060 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    22:14:33.0670 5060 wmiApSrv - ok
    22:14:33.0701 5060 WMPNetworkSvc - ok
    22:14:33.0733 5060 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    22:14:33.0733 5060 WPCSvc - ok
    22:14:33.0764 5060 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    22:14:33.0764 5060 WPDBusEnum - ok
    22:14:33.0779 5060 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    22:14:33.0795 5060 ws2ifsl - ok
    22:14:33.0811 5060 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    22:14:33.0811 5060 wscsvc - ok
    22:14:33.0811 5060 WSearch - ok
    22:14:33.0904 5060 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    22:14:33.0998 5060 wuauserv - ok
    22:14:34.0013 5060 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    22:14:34.0029 5060 WudfPf - ok
    22:14:34.0029 5060 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:14:34.0045 5060 WUDFRd - ok
    22:14:34.0060 5060 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    22:14:34.0076 5060 wudfsvc - ok
    22:14:34.0107 5060 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    22:14:34.0123 5060 WwanSvc - ok
    22:14:34.0154 5060 ================ Scan global ===============================
    22:14:34.0169 5060 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    22:14:34.0201 5060 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    22:14:34.0216 5060 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    22:14:34.0232 5060 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    22:14:34.0247 5060 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    22:14:34.0263 5060 [Global] - ok
    22:14:34.0263 5060 ================ Scan MBR ==================================
    22:14:34.0279 5060 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    22:14:34.0559 5060 \Device\Harddisk0\DR0 - ok
    22:14:34.0575 5060 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
    22:14:34.0575 5060 \Device\Harddisk1\DR1 - ok
    22:14:34.0575 5060 ================ Scan VBR ==================================
    22:14:34.0591 5060 [ BB8466089BE2267F7CF34955E45CB332 ] \Device\Harddisk0\DR0\Partition1
    22:14:34.0591 5060 \Device\Harddisk0\DR0\Partition1 - ok
    22:14:34.0606 5060 [ 42D7338884A37BB53A60AE2301D361E5 ] \Device\Harddisk0\DR0\Partition2
    22:14:34.0606 5060 \Device\Harddisk0\DR0\Partition2 - ok
    22:14:34.0622 5060 [ 7EF284204355267CEA5C082E27170E6D ] \Device\Harddisk1\DR1\Partition1
    22:14:34.0622 5060 \Device\Harddisk1\DR1\Partition1 - ok
    22:14:34.0622 5060 ============================================================
    22:14:34.0622 5060 Scan finished
    22:14:34.0622 5060 ============================================================
    22:14:34.0637 6616 Detected object count: 0
    22:14:34.0637 6616 Actual detected object count: 0
    22:15:13.0345 7160 Deinitialize success
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Nothing there.

    Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Attach the file to your next reply.
     
  18. Hi Hi

    Hi Hi TS Rookie Topic Starter Posts: 21

    I am attaching the process report as requested.
     

    Attached Files:

  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Something is not right there as CPU usage is pretty high (25%).

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  20. Hi Hi

    Hi Hi TS Rookie Topic Starter Posts: 21

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013
    Ran by SYSTEM at 16-04-2013 19:25:18
    Running from F:\
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [nwiz] nwiz.exe /installquiet [x]
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16416360 2010-05-12] (NVIDIA Corporation)
    HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [95336 2010-05-12] (NVIDIA Corporation)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-04-05] (IDT, Inc.)
    HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-04] (Alps Electric Co., Ltd.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
    HKLM-x32\...\Run: [F-Secure Hoster (42626)] "C:\Program Files (x86)\Charter Security Suite\fshoster32.exe" -app -hosterid:1 [183864 2012-11-26] (F-Secure Corporation)
    HKLM-x32\...\Run: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE" /splash [310992 2012-10-18] (F-Secure Corporation)
    HKLM-x32\...\Run: [iTunesHelper] "C:\SW\Media\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
    HKU\teledisaster\...\Run: [PeerBlock] C:\SW\Util\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\teledisaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ===================

    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [89600 2010-04-05] (Andrea Electronics Corporation)
    2 Freemake Improver; "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" [101888 2013-03-14] (Freemake)
    2 fshoster; "C:\Program Files (x86)\Charter Security Suite\fshoster32.exe" -hosterid:0 [183864 2012-11-26] (F-Secure Corporation)
    3 FSMA; "C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE" [208592 2012-10-18] (F-Secure Corporation)
    2 FSORSPClient; "C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe" [61176 2012-08-06] (F-Secure Corporation)
    2 MBAMScheduler; "C:\SW\Util\Malwarebytes' Anti-Malware\mbamscheduler.exe" [418376 2013-04-04] (Malwarebytes Corporation)
    2 MBAMService; "C:\SW\Util\Malwarebytes' Anti-Malware\mbamservice.exe" [701512 2013-04-04] (Malwarebytes Corporation)
    2 NVIDIA Performance Driver Service; "C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe" [6810728 2009-12-08] ()
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe [244736 2010-04-05] (IDT, Inc.)
    2 TeamViewer8; "C:\SW\Util\TeamViewer8\TeamViewer_Service.exe" [3560800 2013-02-26] (TeamViewer GmbH)

    ==================== Drivers (Whitelisted) =====================

    3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.)
    3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.)
    3 F-Secure Gatekeeper; \??\C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [200760 2013-03-02] ()
    1 F-Secure HIPS; \??\C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [62744 2013-03-02] (F-Secure Corporation)
    0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-04-11] ()
    0 fsbts; C:\Windows\SysWow64\Drivers\fsbts.sys [42672 2013-03-02] ()
    3 fsni; \??\C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys [71680 2013-01-30] (F-Secure Corporation)
    1 fsvista; \??\C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [14032 2012-10-18] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-04-16 16:20 - 2013-04-16 16:20 - 00000048 ____A C:\Windows\E3AE7DAE2309A290.log
    2013-04-15 19:56 - 2013-04-15 19:56 - 00014578 ____A C:\Users\teledisaster\Documents\Procexp.txt
    2013-04-15 19:54 - 2013-04-15 19:54 - 01160893 ____A C:\Users\teledisaster\Downloads\ProcessExplorer (1).zip
    2013-04-15 19:39 - 2013-04-15 19:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2013-04-15 19:13 - 2013-02-11 15:51 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\teledisaster\Desktop\TDSSKiller.exe
    2013-04-15 19:13 - 2010-12-31 22:14 - 00002254 ___RA C:\Users\teledisaster\Desktop\eula.txt
    2013-04-15 19:11 - 2013-04-15 19:12 - 02218636 ____A C:\Users\teledisaster\Desktop\tdsskiller.zip
    2013-04-14 20:05 - 2013-04-14 20:05 - 00097880 ____A C:\Users\teledisaster\Desktop\OTL.Txt
    2013-04-14 20:05 - 2013-04-14 20:05 - 00055164 ____A C:\Users\teledisaster\Desktop\Extras.Txt
    2013-04-14 19:59 - 2013-04-14 19:59 - 00000632 ____A C:\Users\teledisaster\Desktop\JRT.txt
    2013-04-14 19:53 - 2013-04-14 19:53 - 00000000 ____D C:\Windows\ERUNT
    2013-04-14 19:53 - 2013-04-14 19:53 - 00000000 ____D C:\JRT
    2013-04-14 19:52 - 2013-04-14 19:52 - 00001641 ____A C:\Users\teledisaster\Documents\techspot-step3.txt
    2013-04-14 19:48 - 2013-04-14 19:48 - 00000781 ____A C:\AdwCleaner[S1].txt
    2013-04-14 19:48 - 2013-04-14 19:48 - 00000722 ____A C:\AdwCleaner[R1].txt
    2013-04-14 19:46 - 2013-04-14 19:46 - 00602112 ____A (OldTimer Tools) C:\Users\teledisaster\Desktop\OTL.exe
    2013-04-14 19:46 - 2013-04-14 19:46 - 00551587 ____A (Oleg N. Scherbakov) C:\Users\teledisaster\Desktop\JRT.exe
    2013-04-14 19:45 - 2013-04-14 19:45 - 00613083 ____A C:\Users\teledisaster\Downloads\adwcleaner.exe
    2013-04-14 19:00 - 2013-04-14 19:00 - 00027076 ____A C:\ComboFix.txt
    2013-04-14 18:53 - 2013-04-14 19:00 - 00000000 ____D C:\Qoobox
    2013-04-14 18:53 - 2013-04-14 18:58 - 00000000 ____D C:\Windows\erdnt
    2013-04-14 18:53 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2013-04-14 18:53 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2013-04-14 18:53 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2013-04-14 18:53 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2013-04-14 18:53 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2013-04-14 18:53 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2013-04-14 18:53 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2013-04-14 18:53 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2013-04-14 18:19 - 2013-04-14 18:19 - 05052676 ____R (Swearware) C:\Users\teledisaster\Desktop\ComboFix.exe
    2013-04-14 14:03 - 2013-04-14 14:03 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2013-04-14 14:03 - 2013-04-14 14:03 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2013-04-14 11:57 - 2013-04-14 11:57 - 00002062 ____A C:\Users\teledisaster\Desktop\RKreport[2]_D_04142013_02d1457.txt
    2013-04-14 11:56 - 2013-04-14 11:56 - 00002127 ____A C:\Users\teledisaster\Desktop\RKreport[1]_S_04142013_02d1456.txt
    2013-04-14 11:54 - 2013-04-14 11:56 - 00000000 ____D C:\Users\teledisaster\Desktop\RK_Quarantine
    2013-04-14 11:53 - 2013-04-14 11:53 - 12917756 ____A C:\Users\teledisaster\Downloads\mbar-1.05.0.1001.zip
    2013-04-14 11:51 - 2013-04-14 11:51 - 00000104 ____A C:\Users\teledisaster\Desktop\quickies.txt
    2013-04-14 11:49 - 2013-04-14 11:49 - 00816128 ____A C:\Users\teledisaster\Desktop\RogueKiller.exe
    2013-04-14 10:44 - 2013-04-14 10:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2013-04-13 16:04 - 2013-04-14 10:04 - 00026174 ____A C:\Users\teledisaster\Desktop\dds.txt
    2013-04-13 16:04 - 2013-04-14 10:04 - 00005274 ____A C:\Users\teledisaster\Desktop\attach.txt
    2013-04-13 16:02 - 2013-04-13 16:02 - 00688992 ____R (Swearware) C:\Users\teledisaster\Desktop\dds.com
    2013-04-12 17:15 - 2013-04-12 23:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-04-12 16:42 - 2013-04-12 16:42 - 01786744 ____A (Juniper Networks, Inc.) C:\Users\teledisaster\Downloads\JuniperSetupClientInstaller(1).exe
    2013-04-12 16:36 - 2013-04-12 16:36 - 01786744 ____A (Juniper Networks, Inc.) C:\Users\teledisaster\Downloads\JuniperSetupClientInstaller.exe
    2013-04-12 16:29 - 2013-04-12 16:29 - 00896928 ____A (Oracle Corporation) C:\Users\teledisaster\Downloads\chromeinstall-7u17 (2).exe
    2013-04-12 16:23 - 2013-04-12 16:23 - 00896928 ____A (Oracle Corporation) C:\Users\teledisaster\Downloads\chromeinstall-7u17 (1).exe
    2013-04-12 16:22 - 2013-04-12 16:22 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2013-04-12 16:22 - 2013-04-12 16:22 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2013-04-12 16:22 - 2013-04-12 16:22 - 00000000 ____D C:\ProgramData\Sun
    2013-04-12 16:20 - 2013-04-12 16:20 - 00000000 ____D C:\ProgramData\McAfee
    2013-04-12 16:19 - 2013-04-12 16:19 - 00896928 ____A (Oracle Corporation) C:\Users\teledisaster\Downloads\chromeinstall-7u17.exe
    2013-04-11 19:19 - 2013-02-21 02:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-04-11 19:19 - 2013-02-21 02:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-04-11 19:19 - 2013-02-21 02:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-04-11 19:19 - 2013-02-21 02:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-04-11 19:19 - 2013-02-21 02:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-04-11 19:19 - 2013-02-21 02:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-04-11 19:19 - 2013-02-21 02:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-04-11 19:19 - 2013-02-21 02:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-04-11 19:19 - 2013-02-21 02:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-04-11 19:19 - 2013-02-21 02:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-04-11 19:19 - 2013-02-21 02:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-04-11 19:19 - 2013-02-21 02:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-04-11 19:19 - 2013-02-21 02:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-04-11 19:19 - 2013-02-21 02:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-04-11 19:19 - 2013-02-21 02:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-04-11 19:19 - 2013-02-21 02:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-04-11 19:19 - 2013-02-21 02:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-04-11 19:19 - 2013-02-21 02:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-04-11 19:19 - 2013-02-21 02:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-04-11 19:19 - 2013-02-21 02:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-04-11 19:19 - 2013-02-21 02:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-04-11 19:19 - 2013-02-21 02:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-04-11 19:19 - 2013-02-21 02:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-04-11 19:19 - 2013-02-21 02:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-04-11 19:19 - 2013-02-21 02:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-04-11 19:19 - 2013-02-19 04:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-04-11 19:19 - 2013-02-19 03:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-04-11 19:19 - 2013-02-19 03:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-04-11 19:19 - 2013-02-19 02:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-04-11 19:18 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-04-11 19:18 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2013-04-11 19:18 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-04-11 19:18 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-04-11 19:18 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2013-04-11 19:18 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
    2013-04-11 19:18 - 2013-03-01 22:04 - 01655656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-04-11 19:18 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-04-11 19:18 - 2013-02-21 02:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-04-11 19:18 - 2013-02-21 02:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-04-11 19:18 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
    2013-04-11 15:36 - 2013-04-11 15:36 - 00056016 ____A C:\Windows\System32\Drivers\fsbts.sys
    2013-04-08 18:59 - 2013-04-08 18:59 - 00388608 ____A (Trend Micro Inc.) C:\Users\teledisaster\Downloads\HijackThis.exe
    2013-04-08 18:59 - 2013-04-08 18:59 - 00010094 ____A C:\Users\teledisaster\Downloads\hijackthis.log
    2013-04-08 18:52 - 2013-04-14 19:50 - 00001914 ____A C:\Windows\PFRO.log
    2013-04-08 04:44 - 2013-04-08 04:44 - 00002132 ____A C:\Users\teledisaster\Documents\HitmanPro_20130408_0744.log
    2013-04-08 04:41 - 2013-04-08 04:45 - 00000000 ____D C:\ProgramData\HitmanPro
    2013-04-08 04:40 - 2013-04-08 04:40 - 09741664 ____A (SurfRight B.V.) C:\Users\teledisaster\Downloads\HitmanPro_x64.exe
    2013-04-08 04:40 - 2013-04-08 04:40 - 01160893 ____A C:\Users\teledisaster\Downloads\ProcessExplorer.zip
    2013-04-07 20:40 - 2013-04-07 20:40 - 00000000 ___RD C:\Users\teledisaster\AppData\Roaming\Brother
    2013-04-07 20:07 - 2013-04-16 16:19 - 00002221 ____A C:\Windows\setupact.log
    2013-04-07 20:07 - 2013-04-07 20:07 - 00000000 ____A C:\Windows\setuperr.log
    2013-03-31 17:29 - 2013-03-31 17:29 - 00001098 ____A C:\Users\teledisaster\Desktop\join.me.lnk
    2013-03-31 17:29 - 2013-03-31 17:29 - 00000000 ____D C:\Users\teledisaster\AppData\Local\join.me
    2013-03-28 16:43 - 2013-04-09 04:39 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\Juniper Networks
    2013-03-28 16:43 - 2013-03-28 16:43 - 00000000 ____D C:\Users\teledisaster\AppData\Local\Juniper Networks
    2013-03-24 18:55 - 2013-03-24 18:55 - 00000000 ____D C:\Windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA}
    2013-03-24 18:55 - 2013-03-24 18:55 - 00000000 ____D C:\Program Files (x86)\Dell
    2013-03-24 18:52 - 2013-03-24 18:52 - 00000000 ____D C:\Users\teledisaster\Documents\AnyDVDHD
    2013-03-24 18:51 - 2013-03-24 19:00 - 00000083 ___SH C:\ProgramData\.zreglib
    2013-03-24 18:51 - 2013-03-24 18:51 - 00000807 ____A C:\Users\Public\Desktop\CloneDVD2.lnk
    2013-03-24 18:51 - 2013-03-24 18:51 - 00000000 ____D C:\ProgramData\SlySoft
    2013-03-24 18:48 - 2013-03-24 18:48 - 00000767 ____A C:\Users\Public\Desktop\AnyDVD.lnk
    2013-03-22 16:30 - 2013-04-14 12:09 - 00000000 ____D C:\Users\teledisaster\Downloads\mbar
    2013-03-20 18:22 - 2013-03-20 18:22 - 00002741 ____A C:\Users\Public\Desktop\Citrix Program Neighborhood.lnk2
    2013-03-20 18:22 - 2013-03-20 18:22 - 00000000 ____D C:\Program Files (x86)\Citrix
    2013-03-19 17:46 - 2013-03-20 17:38 - 00000008 _RASH C:\ProgramData\ntuser.pol
    2013-03-18 17:47 - 2013-03-18 17:47 - 00040960 ____A C:\Users\teledisaster\Downloads\1Password0100-20130318.1ptbackup
    2013-03-18 16:29 - 2013-03-18 16:29 - 00000000 ____A C:\Users\teledisaster\Sti_Trace.log
    2013-03-18 16:27 - 2013-03-18 16:27 - 00002015 ____A C:\Users\teledisaster\Desktop\ControlCenter4.lnk
    2013-03-18 16:10 - 2013-03-18 16:11 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\ControlCenter4
    2013-03-17 20:21 - 2013-03-17 20:21 - 00000234 ____A C:\Windows\Brpfx04a.ini
    2013-03-17 20:21 - 2013-03-17 20:21 - 00000064 ____A C:\Windows\brpcfx.ini
    2013-03-17 20:20 - 2013-03-17 20:20 - 00000066 ____A C:\Windows\Brfaxrx.ini
    2013-03-17 20:20 - 2013-03-17 20:20 - 00000000 ____D C:\Users\Public\Documents\BrFaxRx
    2013-03-17 20:20 - 2013-03-17 20:20 - 00000000 ____D C:\ProgramData\ControlCenter4
    2013-03-17 20:20 - 2013-03-17 20:20 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
    2013-03-17 20:20 - 2013-03-17 20:20 - 00000000 ____D C:\Program Files (x86)\Browny02
    2013-03-17 20:20 - 2013-03-17 20:20 - 00000000 ____D C:\Program Files (x86)\Brother
    2013-03-17 20:20 - 2013-03-17 20:20 - 00000000 ____D C:\Brother
    2013-03-17 20:20 - 2012-09-10 13:31 - 00245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
    2013-03-17 20:20 - 2012-07-30 23:39 - 01439744 ____A (Brother Industries, Ltd.) C:\Windows\System32\BrWi209d.dll
    2013-03-17 20:20 - 2012-07-09 14:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
    2013-03-17 20:20 - 2012-07-05 03:32 - 00084480 ____A (Brother Industries, Ltd.) C:\Windows\System32\BrNetSti.dll
    2013-03-17 20:20 - 2012-06-04 22:59 - 00025299 ____A (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
    2013-03-17 20:20 - 2012-03-18 20:09 - 00316928 ____A (brother) C:\Windows\System32\NSSRH64.dll
    2013-03-17 20:20 - 2010-09-23 00:14 - 00058880 ____A (Brother Industries,Ltd.) C:\Windows\System32\BrWiaNCp.dll
    2013-03-17 20:20 - 2010-09-23 00:13 - 00051712 ____A (Brother Industries,Ltd) C:\Windows\System32\Brnsplg.dll
    2013-03-17 20:20 - 2010-05-10 00:45 - 00103736 ____A (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE
    2013-03-17 20:20 - 2010-04-01 02:27 - 00278528 ____A (Brother Industries, Ltd.) C:\Windows\System32\BrJDec.dll
    2013-03-17 20:20 - 2010-03-15 16:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
    2013-03-17 20:20 - 2010-02-04 18:42 - 00180224 ____A (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
    2013-03-17 20:20 - 2009-12-08 13:19 - 00290304 ____N (Brother Industries, Ltd.) C:\Windows\System32\BrfxDA5c.dll
    2013-03-17 20:20 - 2007-12-13 19:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
    2013-03-17 20:20 - 2005-04-21 20:36 - 00143360 ____A C:\Windows\System32\BrSNMP64.dll
    2013-03-17 20:20 - 2005-01-16 23:10 - 00045056 ____A C:\Windows\SysWOW64\BRTCPCON.DLL
    2013-03-17 20:20 - 2004-08-08 23:00 - 00000114 ____A C:\Windows\SysWOW64\BRLMW03A.INI
    2013-03-17 20:20 - 2004-08-08 22:42 - 00077824 ____A (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
    2013-03-17 20:20 - 2003-11-28 15:57 - 00000000 ____A C:\Windows\brdfxspd.dat
    2013-03-17 20:20 - 1999-10-26 08:00 - 00000050 ____A C:\Windows\System32\BRADM10A.DAT
    2013-03-17 20:08 - 2013-03-17 20:08 - 00000055 ____A C:\Windows\SysWOW64\BRDM7860DW.DAT
    2013-03-17 20:04 - 2013-03-17 20:21 - 00000000 ____D C:\ProgramData\Brother
    2013-03-17 20:04 - 2013-03-17 20:04 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\InstallShield
    2013-03-17 20:03 - 2013-03-17 20:03 - 00000000 ____D C:\Users\teledisaster\Downloads\wlan_wiz
    2013-03-17 20:03 - 2013-03-17 20:03 - 00000000 ____D C:\Users\teledisaster\Downloads\install
    2013-03-17 19:59 - 2013-03-17 20:03 - 129191600 ____A (A.I.SOFT,INC.) C:\Users\teledisaster\Downloads\MFC-7860DW-inst-C1-USA.EXE
    2013-03-17 19:37 - 2013-04-13 06:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-03-17 19:37 - 2013-03-17 19:37 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2013-03-17 19:37 - 2013-03-17 19:37 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\Mozilla
    2013-03-17 19:37 - 2013-03-17 19:37 - 00000000 ____D C:\Users\teledisaster\AppData\Local\Mozilla
    2013-03-17 19:37 - 2013-03-17 19:37 - 00000000 ____D C:\ProgramData\Mozilla
    2013-03-17 19:21 - 2013-03-17 19:21 - 00000000 ____D C:\Users\teledisaster\Documents\Adobe
    2013-03-17 11:55 - 2013-03-17 19:22 - 00000000 ____D C:\Users\teledisaster\AppData\Local\Adobe
    2013-03-17 11:54 - 2013-04-15 15:07 - 00000000 ____D C:\Photos
    2013-03-17 11:52 - 2013-03-17 11:52 - 00001887 ____A C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
    2013-03-17 11:52 - 2013-03-17 11:52 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2013-03-17 07:20 - 2013-03-17 07:54 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\TeraCopy
    2013-03-17 05:36 - 2013-03-17 05:36 - 00000017 ____A C:\Users\teledisaster\Documents\songscount.txt


    ==================== One Month Modified Files and Folders =======

    2013-04-16 19:25 - 2013-04-16 19:25 - 00000000 ____D C:\FRST
    2013-04-16 16:20 - 2013-04-16 16:20 - 00000048 ____A C:\Windows\E3AE7DAE2309A290.log
    2013-04-16 16:19 - 2013-04-07 20:07 - 00002221 ____A C:\Windows\setupact.log
    2013-04-16 16:19 - 2013-03-02 18:06 - 00000000 ___RD C:\Dropbox
    2013-04-16 16:19 - 2013-03-02 17:49 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\Dropbox
    2013-04-16 16:18 - 2013-03-15 18:01 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.dll
    2013-04-16 16:18 - 2013-03-15 18:00 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.exe
    2013-04-16 16:18 - 2013-03-02 09:46 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-04-16 16:18 - 2012-10-19 10:51 - 00017920 ____A C:\Windows\System32\rpcnetp.exe
    2013-04-16 16:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-04-16 05:51 - 2013-03-02 09:46 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-04-16 05:51 - 2012-10-19 06:57 - 01295221 ____A C:\Windows\WindowsUpdate.log
    2013-04-16 05:46 - 2009-07-13 20:45 - 00031312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-04-16 05:46 - 2009-07-13 20:45 - 00031312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-04-15 19:56 - 2013-04-15 19:56 - 00014578 ____A C:\Users\teledisaster\Documents\Procexp.txt
    2013-04-15 19:54 - 2013-04-15 19:54 - 01160893 ____A C:\Users\teledisaster\Downloads\ProcessExplorer (1).zip
    2013-04-15 19:40 - 2013-03-03 08:52 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-04-15 19:39 - 2013-04-15 19:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2013-04-15 19:38 - 2012-10-19 10:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-04-15 19:35 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2013-04-15 19:21 - 2012-10-19 06:58 - 00000000 ____D C:\Users\teledisaster\AppData\Local\VirtualStore
    2013-04-15 19:12 - 2013-04-15 19:11 - 02218636 ____A C:\Users\teledisaster\Desktop\tdsskiller.zip
    2013-04-15 15:07 - 2013-03-17 11:54 - 00000000 ____D C:\Photos
    2013-04-14 20:05 - 2013-04-14 20:05 - 00097880 ____A C:\Users\teledisaster\Desktop\OTL.Txt
    2013-04-14 20:05 - 2013-04-14 20:05 - 00055164 ____A C:\Users\teledisaster\Desktop\Extras.Txt
    2013-04-14 19:59 - 2013-04-14 19:59 - 00000632 ____A C:\Users\teledisaster\Desktop\JRT.txt
    2013-04-14 19:53 - 2013-04-14 19:53 - 00000000 ____D C:\Windows\ERUNT
    2013-04-14 19:53 - 2013-04-14 19:53 - 00000000 ____D C:\JRT
    2013-04-14 19:52 - 2013-04-14 19:52 - 00001641 ____A C:\Users\teledisaster\Documents\techspot-step3.txt
    2013-04-14 19:50 - 2013-04-08 18:52 - 00001914 ____A C:\Windows\PFRO.log
    2013-04-14 19:48 - 2013-04-14 19:48 - 00000781 ____A C:\AdwCleaner[S1].txt
    2013-04-14 19:48 - 2013-04-14 19:48 - 00000722 ____A C:\AdwCleaner[R1].txt
    2013-04-14 19:46 - 2013-04-14 19:46 - 00602112 ____A (OldTimer Tools) C:\Users\teledisaster\Desktop\OTL.exe
    2013-04-14 19:46 - 2013-04-14 19:46 - 00551587 ____A (Oleg N. Scherbakov) C:\Users\teledisaster\Desktop\JRT.exe
    2013-04-14 19:45 - 2013-04-14 19:45 - 00613083 ____A C:\Users\teledisaster\Downloads\adwcleaner.exe
    2013-04-14 19:00 - 2013-04-14 19:00 - 00027076 ____A C:\ComboFix.txt
    2013-04-14 19:00 - 2013-04-14 18:53 - 00000000 ____D C:\Qoobox
    2013-04-14 19:00 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
    2013-04-14 18:58 - 2013-04-14 18:53 - 00000000 ____D C:\Windows\erdnt
    2013-04-14 18:58 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2013-04-14 18:19 - 2013-04-14 18:19 - 05052676 ____R (Swearware) C:\Users\teledisaster\Desktop\ComboFix.exe
    2013-04-14 18:17 - 2012-10-19 08:09 - 00126136 ____A C:\Users\teledisaster\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-04-14 18:13 - 2009-07-13 20:45 - 00465704 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-04-14 14:03 - 2013-04-14 14:03 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2013-04-14 14:03 - 2013-04-14 14:03 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2013-04-14 14:02 - 2013-03-03 08:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
    2013-04-14 12:09 - 2013-03-22 16:30 - 00000000 ____D C:\Users\teledisaster\Downloads\mbar
    2013-04-14 11:57 - 2013-04-14 11:57 - 00002062 ____A C:\Users\teledisaster\Desktop\RKreport[2]_D_04142013_02d1457.txt
    2013-04-14 11:56 - 2013-04-14 11:56 - 00002127 ____A C:\Users\teledisaster\Desktop\RKreport[1]_S_04142013_02d1456.txt
    2013-04-14 11:56 - 2013-04-14 11:54 - 00000000 ____D C:\Users\teledisaster\Desktop\RK_Quarantine
    2013-04-14 11:53 - 2013-04-14 11:53 - 12917756 ____A C:\Users\teledisaster\Downloads\mbar-1.05.0.1001.zip
    2013-04-14 11:51 - 2013-04-14 11:51 - 00000104 ____A C:\Users\teledisaster\Desktop\quickies.txt
    2013-04-14 11:49 - 2013-04-14 11:49 - 00816128 ____A C:\Users\teledisaster\Desktop\RogueKiller.exe
    2013-04-14 10:47 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-04-14 10:44 - 2013-04-14 10:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2013-04-14 10:04 - 2013-04-13 16:04 - 00026174 ____A C:\Users\teledisaster\Desktop\dds.txt
    2013-04-14 10:04 - 2013-04-13 16:04 - 00005274 ____A C:\Users\teledisaster\Desktop\attach.txt
    2013-04-14 04:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2013-04-13 16:02 - 2013-04-13 16:02 - 00688992 ____R (Swearware) C:\Users\teledisaster\Desktop\dds.com
    2013-04-13 07:05 - 2012-10-19 10:44 - 00000890 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-04-13 06:42 - 2013-03-17 19:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-04-12 23:41 - 2013-04-12 17:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-04-12 16:42 - 2013-04-12 16:42 - 01786744 ____A (Juniper Networks, Inc.) C:\Users\teledisaster\Downloads\JuniperSetupClientInstaller(1).exe
    2013-04-12 16:36 - 2013-04-12 16:36 - 01786744 ____A (Juniper Networks, Inc.) C:\Users\teledisaster\Downloads\JuniperSetupClientInstaller.exe
    2013-04-12 16:29 - 2013-04-12 16:29 - 00896928 ____A (Oracle Corporation) C:\Users\teledisaster\Downloads\chromeinstall-7u17 (2).exe
    2013-04-12 16:23 - 2013-04-12 16:23 - 00896928 ____A (Oracle Corporation) C:\Users\teledisaster\Downloads\chromeinstall-7u17 (1).exe
    2013-04-12 16:22 - 2013-04-12 16:22 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2013-04-12 16:22 - 2013-04-12 16:22 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2013-04-12 16:22 - 2013-04-12 16:22 - 00000000 ____D C:\ProgramData\Sun
    2013-04-12 16:20 - 2013-04-12 16:20 - 00000000 ____D C:\ProgramData\McAfee
    2013-04-12 16:19 - 2013-04-12 16:19 - 00896928 ____A (Oracle Corporation) C:\Users\teledisaster\Downloads\chromeinstall-7u17.exe
    2013-04-12 16:14 - 2012-10-19 11:51 - 00000000 ____D C:\Windows\Panther
    2013-04-11 19:19 - 2012-10-19 07:18 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-04-11 15:36 - 2013-04-11 15:36 - 00056016 ____A C:\Windows\System32\Drivers\fsbts.sys
    2013-04-10 00:52 - 2013-03-02 09:47 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-04-09 04:39 - 2013-03-28 16:43 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\Juniper Networks
    2013-04-08 18:59 - 2013-04-08 18:59 - 00388608 ____A (Trend Micro Inc.) C:\Users\teledisaster\Downloads\HijackThis.exe
    2013-04-08 18:59 - 2013-04-08 18:59 - 00010094 ____A C:\Users\teledisaster\Downloads\hijackthis.log
    2013-04-08 04:45 - 2013-04-08 04:41 - 00000000 ____D C:\ProgramData\HitmanPro
    2013-04-08 04:44 - 2013-04-08 04:44 - 00002132 ____A C:\Users\teledisaster\Documents\HitmanPro_20130408_0744.log
    2013-04-08 04:40 - 2013-04-08 04:40 - 09741664 ____A (SurfRight B.V.) C:\Users\teledisaster\Downloads\HitmanPro_x64.exe
    2013-04-08 04:40 - 2013-04-08 04:40 - 01160893 ____A C:\Users\teledisaster\Downloads\ProcessExplorer.zip
    2013-04-07 20:40 - 2013-04-07 20:40 - 00000000 ___RD C:\Users\teledisaster\AppData\Roaming\Brother
    2013-04-07 20:07 - 2013-04-07 20:07 - 00000000 ____A C:\Windows\setuperr.log
    2013-04-07 19:51 - 2013-03-02 10:39 - 00000798 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2013-04-04 11:50 - 2012-10-19 10:44 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-03-31 17:29 - 2013-03-31 17:29 - 00001098 ____A C:\Users\teledisaster\Desktop\join.me.lnk
    2013-03-31 17:29 - 2013-03-31 17:29 - 00000000 ____D C:\Users\teledisaster\AppData\Local\join.me
    2013-03-30 09:41 - 2013-03-02 18:06 - 00001035 ____A C:\Users\teledisaster\Desktop\Dropbox.lnk
    2013-03-28 16:43 - 2013-03-28 16:43 - 00000000 ____D C:\Users\teledisaster\AppData\Local\Juniper Networks
    2013-03-24 19:00 - 2013-03-24 18:51 - 00000083 ___SH C:\ProgramData\.zreglib
    2013-03-24 18:55 - 2013-03-24 18:55 - 00000000 ____D C:\Windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA}
    2013-03-24 18:55 - 2013-03-24 18:55 - 00000000 ____D C:\Program Files (x86)\Dell
    2013-03-24 18:52 - 2013-03-24 18:52 - 00000000 ____D C:\Users\teledisaster\Documents\AnyDVDHD
    2013-03-24 18:51 - 2013-03-24 18:51 - 00000807 ____A C:\Users\Public\Desktop\CloneDVD2.lnk
    2013-03-24 18:51 - 2013-03-24 18:51 - 00000000 ____D C:\ProgramData\SlySoft
    2013-03-24 18:48 - 2013-03-24 18:48 - 00000767 ____A C:\Users\Public\Desktop\AnyDVD.lnk
    2013-03-20 18:24 - 2013-03-13 04:58 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\ICAClient
    2013-03-20 18:22 - 2013-03-20 18:22 - 00002741 ____A C:\Users\Public\Desktop\Citrix Program Neighborhood.lnk2
    2013-03-20 18:22 - 2013-03-20 18:22 - 00000000 ____D C:\Program Files (x86)\Citrix
    2013-03-20 17:38 - 2013-03-19 17:46 - 00000008 _RASH C:\ProgramData\ntuser.pol
    2013-03-19 17:45 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
    2013-03-18 22:04 - 2013-04-11 19:18 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-03-18 21:46 - 2013-04-11 19:18 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2013-03-18 21:04 - 2013-04-11 19:18 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-03-18 21:04 - 2013-04-11 19:18 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-03-18 20:47 - 2013-04-11 19:18 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2013-03-18 19:06 - 2013-04-11 19:18 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
    2013-03-18 17:47 - 2013-03-18 17:47 - 00040960 ____A C:\Users\teledisaster\Downloads\1Password0100-20130318.1ptbackup
    2013-03-18 16:29 - 2013-03-18 16:29 - 00000000 ____A C:\Users\teledisaster\Sti_Trace.log
    2013-03-18 16:29 - 2012-10-19 06:57 - 00000000 ____D C:\users\teledisaster
    2013-03-18 16:27 - 2013-03-18 16:27 - 00002015 ____A C:\Users\teledisaster\Desktop\ControlCenter4.lnk
    2013-03-18 16:22 - 2013-03-03 17:56 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\Winamp
    2013-03-18 16:22 - 2013-03-03 17:52 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\uTorrent
    2013-03-18 16:11 - 2013-03-18 16:10 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\ControlCenter4
    2013-03-17 20:21 - 2013-03-17 20:21 - 00000234 ____A C:\Windows\Brpfx04a.ini
    2013-03-17 20:21 - 2013-03-17 20:21 - 00000064 ____A C:\Windows\brpcfx.ini
    2013-03-17 20:21 - 2013-03-17 20:04 - 00000000 ____D C:\ProgramData\Brother
    2013-03-17 20:20 - 2013-03-17 20:20 - 00000066 ____A C:\Windows\Brfaxrx.ini
    2013-03-17 20:20 - 2013-03-17 20:20 - 00000000 ____D C:\Users\Public\Documents\BrFaxRx
    2013-03-17 20:20 - 2013-03-17 20:20 - 00000000 ____D C:\ProgramData\ControlCenter4
    2013-03-17 20:20 - 2013-03-17 20:20 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
    2013-03-17 20:20 - 2013-03-17 20:20 - 00000000 ____D C:\Program Files (x86)\Browny02
    2013-03-17 20:20 - 2013-03-17 20:20 - 00000000 ____D C:\Program Files (x86)\Brother
    2013-03-17 20:20 - 2013-03-17 20:20 - 00000000 ____D C:\Brother
    2013-03-17 20:19 - 2012-10-19 07:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-03-17 20:08 - 2013-03-17 20:08 - 00000055 ____A C:\Windows\SysWOW64\BRDM7860DW.DAT
    2013-03-17 20:04 - 2013-03-17 20:04 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\InstallShield
    2013-03-17 20:03 - 2013-03-17 20:03 - 00000000 ____D C:\Users\teledisaster\Downloads\wlan_wiz
    2013-03-17 20:03 - 2013-03-17 20:03 - 00000000 ____D C:\Users\teledisaster\Downloads\install
    2013-03-17 20:03 - 2013-03-17 19:59 - 129191600 ____A (A.I.SOFT,INC.) C:\Users\teledisaster\Downloads\MFC-7860DW-inst-C1-USA.EXE
    2013-03-17 19:37 - 2013-03-17 19:37 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2013-03-17 19:37 - 2013-03-17 19:37 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\Mozilla
    2013-03-17 19:37 - 2013-03-17 19:37 - 00000000 ____D C:\Users\teledisaster\AppData\Local\Mozilla
    2013-03-17 19:37 - 2013-03-17 19:37 - 00000000 ____D C:\ProgramData\Mozilla
    2013-03-17 19:23 - 2012-10-19 10:01 - 00000000 ____D C:\ProgramData\Adobe
    2013-03-17 19:22 - 2013-03-17 11:55 - 00000000 ____D C:\Users\teledisaster\AppData\Local\Adobe
    2013-03-17 19:22 - 2012-10-19 10:42 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\Adobe
    2013-03-17 19:21 - 2013-03-17 19:21 - 00000000 ____D C:\Users\teledisaster\Documents\Adobe
    2013-03-17 11:52 - 2013-03-17 11:52 - 00001887 ____A C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
    2013-03-17 11:52 - 2013-03-17 11:52 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2013-03-17 07:54 - 2013-03-17 07:20 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\TeraCopy
    2013-03-17 05:57 - 2013-03-16 14:21 - 00000000 ____A C:\MMWMDMExcept.log
    2013-03-17 05:57 - 2013-03-16 14:21 - 00000000 ____A C:\MMiPodExcept.log
    2013-03-17 05:37 - 2013-03-03 17:39 - 00000000 ____D C:\Users\teledisaster\AppData\Roaming\Notepad++
    2013-03-17 05:36 - 2013-03-17 05:36 - 00000017 ____A C:\Users\teledisaster\Documents\songscount.txt
    2013-03-17 05:36 - 2013-03-16 14:21 - 00010419 ____A C:\Users\teledisaster\AppData\Local\PrimoBurnerMM.log

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-04-14 18:19:07

    ==================== Memory info ===========================

    Percentage of memory in use: 17%
    Total physical RAM: 4083.92 MB
    Available physical RAM: 3353.96 MB
    Total Pagefile: 4082.12 MB
    Available Pagefile: 3340.46 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:465.41 GB) (Free:428.27 GB) NTFS
    3 Drive f: (THANOOJ) (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.35 GB) (Free:0.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 7633 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: F3794D2A

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 356 MB 1024 KB
    Partition 2 Primary 465 GB 357 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 356 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 465 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: 00000000

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7633 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F THANOOJ FAT32 Removable 7633 MB Healthy

    =========================================================
    ============================== MBR Partition Table ==================

    ==============================
    Partitions of Disk 0:
    ===============
    Disk ID: F3794D2A

    Partition 1:
    =========
    Hex: 802021000782152D0008000000200B00
    Active: YES
    Type: 07 (NTFS)
    Size: 356 MB

    Partition 2:
    =========
    Hex: 0082162D07FEFFFF00280B0030302D3A
    Active: NO
    Type: 07 (NTFS)
    Size: 465 GB

    ==============================
    Partitions of Disk 1:
    ===============
    Disk ID: 00000000

    Partition 1:
    =========
    Hex: 000021000B22D5CD20000000E08BEE00
    Active: NO
    Type: 0B
    Size: 7 GB


    Last Boot: 2013-04-13 21:58

    ==================== End Of Log =============================
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Nothing malicious there.

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      FF - user.js - File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      O4 - HKLM..\Run: [] File not found
      O15 - HKU\S-1-5-21-2445504815-1892541520-3877237937-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  22. Hi Hi

    Hi Hi TS Rookie Topic Starter Posts: 21

    ---------------------
    OTL
    ----------------------
    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2445504815-1892541520-3877237937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: teledisaster
    ->Temp folder emptied: 124857 bytes
    ->Temporary Internet Files folder emptied: 2548785 bytes
    ->FireFox cache emptied: 8440759 bytes
    ->Google Chrome cache emptied: 238598144 bytes
    ->Flash cache emptied: 506 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2232414 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67691 bytes
    RecycleBin emptied: 115073534 bytes

    Total Files Cleaned = 350.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: teledisaster

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: teledisaster
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 04162013_202621

    Files\Folders moved on Reboot...
    C:\Users\teledisaster\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\teledisaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    ------------------------------
    Security Check Log
    ------------------------------
    Results of screen317's Security Check version 0.99.62
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Computer Security
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    Adobe Reader XI
    Mozilla Firefox (20.0.1)
    Google Chrome 26.0.1410.43
    Google Chrome 26.0.1410.64
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````
    ------------------------------
    FSS Log
    -------------------------------
    Farbar Service Scanner Version: 14-04-2013
    Ran by user (administrator) on 16-04-2013 at 20:34:56
    Running from "C:\Users\teledisaster\Desktop"
    Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Attempt to access Yahoo IP returned error. Yahoo IP is offline
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
    ----------------------------------------
    ESET Log
    ---------------------------------------
    C:\SW\Media\AnyDVD\ElbyCDIO.dlla variant of Win32/Packed.Enigma.AAF trojancleaned by deleting - quarantined
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    How are things now?
     
  24. Hi Hi

    Hi Hi TS Rookie Topic Starter Posts: 21

    The problem is still there. I am not sure whats triggering it, but there is a new iexplore.exe process created for every 15 minutes. The CPU % is showing as Suspended for these process in Process Explorer tool. For a Intel Core 2 Duo T9900 3.06GHz laptop, it feels slow to me while opening up applications and while working. I have another laptop which is T8600 which seems much faster than this one. However, I did not see any symptoms of the system being infected. I accidently noticed this in Task Manager. The longer I keep my system ON, the more number of iexplore.exe process.
     
  25. Hi Hi

    Hi Hi TS Rookie Topic Starter Posts: 21

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...