TechSpot

Nobbled with Google redirect

By tonylindek
Nov 28, 2011
  1. My daughter's laptop has caught some variant of the Google redirect virus. I've followed the instructions in the sticky note and logs follow.

    Tony.
    ======================================
    MBAM
    ====
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8236

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    28-Nov-2011 20:49:32
    mbam-log-2011-11-28 (20-49-32).txt

    Scan type: Quick scan
    Objects scanned: 190945
    Time elapsed: 4 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER
    ====
    empty

    DDS
    ===
    dds.txt
    -------
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by vc at 21:36:12 on 2011-11-28
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2197 [GMT 0:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: AutorunsDisabled - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
    uRun: [AdobeBridge]
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{BCDF04DB-B757-47B9-AA2D-8FF45DC03030} : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{BCDF04DB-B757-47B9-AA2D-8FF45DC03030}\C496675626F687D264633383 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{BCDF04DB-B757-47B9-AA2D-8FF45DC03030}\F4A77596275633027457563747 : DhcpNameServer = 172.16.42.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: AutorunsDisabled - No File
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\vc\AppData\Roaming\Mozilla\Firefox\Profiles\g2aa1na6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://pinterest.com/|https://accounts.google.com/Service...//hootsuite.com/dashboard|http://twitter.com/
    FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\vc\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-5-31 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA008Ufd.sys --> C:\Windows\system32\DRIVERS\OA008Ufd.sys [?]
    R3 OA008Vid;Creative Camera OA008 Function Driver;C:\Windows\system32\DRIVERS\OA008Vid.sys --> C:\Windows\system32\DRIVERS\OA008Vid.sys [?]
    R3 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-7 1038088]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-4 28152]
    S3 RDPDISPM;RDPDISPM;C:\Windows\system32\DRIVERS\rdpdispm.sys --> C:\Windows\system32\DRIVERS\rdpdispm.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys --> C:\Windows\system32\DRIVERS\wdcsam.sys [?]
    S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-11-28 16:41:44 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06AD7913-9090-416D-831B-91427F1745B3}\offreg.dll
    2011-11-28 16:41:40 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06AD7913-9090-416D-831B-91427F1745B3}\mpengine.dll
    2011-11-25 16:18:17 -------- d-----w- C:\Program Files\CCleaner
    2011-11-25 16:16:32 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-11-25 11:58:46 -------- d-----w- C:\Users\vc\AppData\Roaming\Malwarebytes
    2011-11-25 11:58:35 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-11-25 11:58:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-09 13:15:34 636728 ----a-w- C:\Program Files (x86)\autoruns.exe
    2011-11-09 11:15:23 -------- d-----w- C:\Program Files\iPod
    2011-11-09 11:15:22 -------- d-----w- C:\Program Files\iTunes
    2011-11-09 11:15:22 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-11-09 11:12:22 -------- d-----w- C:\Program Files\Bonjour
    2011-11-09 11:12:22 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-11-09 10:11:22 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 10:11:22 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 10:11:21 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-09 10:11:19 3144704 ----a-w- C:\Windows\System32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2011-11-28 16:37:11 4845856 ----a-w- C:\Program Files (x86)\procexp.exe
    2011-11-09 11:05:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-08-30 23:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-08-30 23:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
    2011-08-30 23:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-08-30 23:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-08-30 23:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-08-30 23:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-08-30 23:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-08-30 23:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    .
    ============= FINISH: 21:43:59.94 ===============


    attach.txt
    ----------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 06-Nov-2009 18:36:53
    System Uptime: 28-Nov-2011 16:30:35 (5 hours ago)
    .
    Motherboard: Dell Inc. | | 0C234M
    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | U2E1 | 2401/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 272.095 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 8.207 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP573: 12-Nov-2011 09:53:52 - Windows Update
    RP574: 16-Nov-2011 09:30:16 - Windows Update
    RP575: 19-Nov-2011 13:58:39 - Windows Update
    RP576: 22-Nov-2011 19:39:30 - Windows Update
    RP577: 26-Nov-2011 12:52:32 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ABBYY FineReader 7.0 Professional Edition
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Recommended Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Extra Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.4.6
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Amazon Kindle For PC v1.1
    Amazon MP3 Downloader 1.0.9
    Apple Application Support
    Apple Software Update
    Brother HL-2030
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    Connect
    D3DX10
    Dell Driver Download Manager
    Dell Support Center (Support Software)
    Driving Test Success - All Tests 2011 Edition
    Google Chrome
    Google Earth
    Google Update Helper
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 26
    kuler
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Mesh Runtime
    Microsoft Expression Web
    Microsoft Expression Web MUI (English)
    Microsoft Expression Web Service Pack 1 (SP1)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Mindjet MindManager Pro 7
    Mozilla Firefox (3.6)
    Mozilla Firefox 8.0 (x86 en-GB)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyHeritage Family Tree Builder
    PDF-XChange 3
    PDF Settings CS4
    Photoshop Camera Raw
    QuickTime
    RICOH Media Driver ver.2.07.01.00
    Roxio Burn
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB2553010)
    Skype Click to Call
    Skype™ 5.5
    Spelling Dictionaries Support For Adobe Reader 9
    Spotify
    Suite Shared Configuration CS4
    SyncBackSE
    TweetDeck
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    VMware Player
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    WinSCP 4.2.4 beta
    .
    ==== Event Viewer Messages From Past Week ========
    .
    28-Nov-2011 16:30:48, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    28-Nov-2011 16:29:53, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    28-Nov-2011 16:26:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    28-Nov-2011 16:26:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    28-Nov-2011 16:26:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    28-Nov-2011 16:26:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    28-Nov-2011 16:26:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    28-Nov-2011 16:26:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    28-Nov-2011 16:26:05, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
    28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    28-Nov-2011 14:21:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    25-Nov-2011 16:19:55, Error: Service Control Manager [7034] - The Spybot S&D 2 Live Protection Service service terminated unexpectedly. It has done this 1 time(s).
    25-Nov-2011 11:46:49, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    24-Nov-2011 17:39:09, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    24-Nov-2011 17:37:40, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    24-Nov-2011 17:32:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    24-Nov-2011 17:16:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==========================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. tonylindek

    tonylindek TS Rookie Topic Starter Posts: 20

    Thanks for the reply, Broni. Unfortunately, aswMBR will not run. I tried disabling real-time protection in MSE and also running in safe mode. Neither time would anything happen after I double-clicked the icon. I did not go on to run combofix - should I?

    Thanks,
    Tony.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Run this instead...

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  5. tonylindek

    tonylindek TS Rookie Topic Starter Posts: 20

    That one worked, Broni. Screen contents are:

    =====
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`abf38a00

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
    =====

    T.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    We need to reset your MBR.

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec")

    exit

    Restart computer.

    Post new Bootkit Remover log.
     
  7. tonylindek

    tonylindek TS Rookie Topic Starter Posts: 20

    Thanks, Broni. That didn't seem to work. Log:

    =====
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`abf38a00

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
    =====

    Should I just reinstall Windows?

    Thanks,
    Tony.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    No.
    It looks like you may be infected with the newest TDL rootkit.
    Let's check.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
     
  9. tonylindek

    tonylindek TS Rookie Topic Starter Posts: 20

    Thanks again, Broni. Log is as follows:

    =====
    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
    Ran by vc at 2011-12-02 05:24:29
    Running from C:\Users\vc\Desktop
    Service Pack 1 (X64) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ========================== Registry (Whitelisted) =============

    HKLM\...\Winlogon: [Userinit]
    HKLM-x32\...\Winlogon: [Userinit]
    HKLM\...\Winlogon: [Shell]
    HKLM-x32\...\Winlogon: [Shell] [x x] ()

    ==================== Services (Whitelisted) ======


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2011-12-02 05:24 - 2011-12-02 05:24 - 0000000 ____D C:\FRST
    2011-12-02 05:23 - 2011-12-02 05:24 - 1377555 ____A C:\Users\vc\Desktop\FRST64.exe
    2011-12-01 07:47 - 2011-12-01 07:47 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{01d9ffa1-172a-11e0-83fe-002219ef65b4}.TxR.blf
    2011-11-30 07:09 - 2011-12-01 07:55 - 0053372 ____A C:\Users\vc\Desktop\bootkit_remover_debug_log.txt
    2011-11-30 07:07 - 2011-11-30 07:07 - 0044607 ____A C:\Users\vc\Downloads\bootkit_remover.zip
    2011-11-29 06:54 - 2011-12-01 07:55 - 0000508 ____A C:\Users\vc\Desktop\Virus and Malware Removal - TechSpot OpenBoards.website
    2011-11-29 06:42 - 2011-11-29 06:42 - 1916416 ____A (AVAST Software) C:\Users\vc\Desktop\aswMBR.exe
    2011-11-29 06:41 - 2011-11-29 06:41 - 0067168 ____A C:\Users\vc\Desktop\reply 1.docx
    2011-11-29 06:41 - 2011-11-29 06:41 - 0000162 ___AH C:\Users\vc\Desktop\~$eply 1.docx
    2011-11-28 21:00 - 2011-11-28 21:00 - 0000000 ____A C:\Users\vc\Desktop\20111128-2100.log
    2011-11-28 20:45 - 2011-11-28 21:46 - 0030812 ____A C:\Users\vc\Desktop\scanlogs.txt
    2011-11-28 20:41 - 2011-11-28 20:41 - 0607260 ____R (Swearware) C:\Users\vc\Desktop\dds.scr
    2011-11-28 20:40 - 2011-11-28 20:40 - 0302592 ____A C:\Users\vc\Desktop\n5mk7iv8.exe
    2011-11-28 17:36 - 2011-11-28 17:36 - 2525216 ____A C:\Users\vc\Documents\AutoRuns.arn
    2011-11-28 16:40 - 2011-11-28 16:40 - 0577930 ____A C:\Users\vc\Downloads\Autoruns.zip
    2011-11-28 16:35 - 2011-11-28 16:37 - 0068084 ____A C:\Users\vc\Downloads\ProcessExplorer.zip
    2011-11-28 15:57 - 2011-11-28 15:57 - 1566512 ____A (Kaspersky Lab ZAO) C:\Users\vc\Downloads\tdsskiller.exe
    2011-11-28 15:56 - 2011-11-28 15:56 - 1241136 ____A (Soluto Inc) C:\Users\vc\Downloads\solutoinstaller.exe
    2011-11-25 16:18 - 2011-11-25 16:18 - 0000000 ____D C:\Program Files\CCleaner
    2011-11-25 16:16 - 2011-11-25 16:18 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2011-11-25 16:16 - 2011-11-25 16:18 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2011-11-25 16:08 - 2011-11-25 16:08 - 0141120 ____A (GridinSoft) C:\Users\vc\Downloads\unhider.exe
    2011-11-25 12:03 - 2011-11-25 12:04 - 3511776 ____A (Piriform Ltd) C:\Users\vc\Downloads\ccsetup312.exe
    2011-11-25 12:02 - 2011-11-25 12:05 - 47360456 ____A (Safer-Networking Ltd. ) C:\Users\vc\Downloads\spybotsd-2.0.6-beta4.exe
    2011-11-25 11:58 - 2011-11-25 11:58 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\Users\vc\AppData\Roaming\Malwarebytes
    2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\ProgramData\Malwarebytes
    2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-25 11:56 - 2011-11-25 11:57 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\vc\Downloads\mbam-setup-1.51.2.1300.exe
    2011-11-25 11:54 - 2011-11-25 11:55 - 0000361 ____A C:\rkill.log
    2011-11-25 11:52 - 2011-11-25 11:52 - 1008114 ____A C:\Users\vc\Downloads\rkill.exe
    2011-11-25 10:51 - 2011-11-25 10:51 - 0000692 ____A C:\Users\vc\Desktop\Libraries - Shortcut.lnk
    2011-11-24 18:58 - 2009-07-14 04:54 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
    2011-11-24 18:16 - 2011-11-24 18:17 - 14580096 ____A (Mozilla) C:\Users\vc\Downloads\Firefox Setup 8.0.1.exe
    2011-11-24 18:16 - 2011-11-24 18:16 - 0743811 ____A C:\Users\vc\Documents\bookmarks-2011-11-24.json
    2011-11-24 18:15 - 2011-11-24 18:15 - 1651479 ____A C:\Users\vc\Documents\bookmarks.html
    2011-11-24 18:06 - 2011-11-24 18:06 - 0001500 ____A C:\Users\vc\Desktop\Skype.lnk
    2011-11-24 17:24 - 2011-11-29 06:56 - 0591440 ____A C:\Windows\ntbtlog.txt
    2011-11-24 17:11 - 2011-11-24 17:11 - 0000649 ____A C:\Users\vc\Desktop\System Fix.lnk
    2011-11-13 10:29 - 2011-11-13 10:29 - 0095459 ____A C:\Users\vc\Downloads\oct 2011 338.jpg
    2011-11-13 09:11 - 2011-11-13 09:11 - 0874218 ____A C:\Users\vc\Downloads\nextgen-gallery.zip
    2011-11-11 16:20 - 2011-11-11 16:20 - 0076836 ____A C:\Users\vc\Downloads\drawing 2010a 006.jpg
    2011-11-09 13:15 - 2011-11-28 16:40 - 0636728 ____A (Sysinternals - www.sysinternals.com) C:\Program Files (x86)\autoruns.exe
    2011-11-09 11:15 - 2011-11-09 11:17 - 0000000 ____D C:\Program Files\iTunes
    2011-11-09 11:15 - 2011-11-09 11:16 - 0000000 ____D C:\Program Files (x86)\iTunes
    2011-11-09 11:15 - 2011-11-09 11:15 - 0000000 ____D C:\Program Files\iPod
    2011-11-09 11:12 - 2011-11-09 11:12 - 0000000 ____D C:\Program Files\Bonjour
    2011-11-09 11:12 - 2011-11-09 11:12 - 0000000 ____D C:\Program Files (x86)\Bonjour
    2011-11-09 10:11 - 2011-09-29 16:29 - 1923952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2011-11-09 10:11 - 2011-09-29 04:03 - 3144704 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-11-05 12:52 - 2011-11-28 16:40 - 0049648 ____A C:\Program Files (x86)\autoruns.chm
    2011-11-03 17:06 - 2011-11-03 17:06 - 0000053 ____A C:\Users\vc\Downloads\googled8a0bdcb8fb56c79.html

    ============ 3 Months Modified Files and Folders =============

    2011-12-02 05:24 - 2011-12-02 05:23 - 1377555 ____A C:\Users\vc\Desktop\FRST64.exe
    2011-12-02 05:22 - 2009-11-06 18:32 - 1056706 ____A C:\Windows\WindowsUpdate.log
    2011-12-02 05:22 - 2009-07-14 04:51 - 0305295 ____A C:\Windows\setupact.log
    2011-12-01 07:55 - 2011-11-30 07:09 - 0053372 ____A C:\Users\vc\Desktop\bootkit_remover_debug_log.txt
    2011-12-01 07:55 - 2011-11-29 06:54 - 0000508 ____A C:\Users\vc\Desktop\Virus and Malware Removal - TechSpot OpenBoards.website
    2011-12-01 07:51 - 2009-07-14 04:45 - 0013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2011-12-01 07:51 - 2009-07-14 04:45 - 0013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2011-12-01 07:50 - 2009-07-14 05:13 - 0733964 ____A C:\Windows\System32\PerfStringBackup.INI
    2011-12-01 07:47 - 2011-12-01 07:47 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{01d9ffa1-172a-11e0-83fe-002219ef65b4}.TxR.blf
    2011-12-01 07:44 - 2011-09-03 13:09 - 0000000 ____D C:\Users\All Users\VMware
    2011-12-01 07:44 - 2011-09-03 13:09 - 0000000 ____D C:\ProgramData\VMware
    2011-12-01 07:44 - 2009-11-06 18:29 - 3193565184 __ASH C:\hiberfil.sys
    2011-12-01 07:44 - 2009-07-14 05:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
    2011-11-30 07:08 - 2011-09-20 03:02 - 0083968 ____A (Esage Lab) C:\Users\vc\Desktop\boot_cleaner.exe
    2011-11-30 07:07 - 2011-11-30 07:07 - 0044607 ____A C:\Users\vc\Downloads\bootkit_remover.zip
    2011-11-29 06:56 - 2011-11-24 17:24 - 0591440 ____A C:\Windows\ntbtlog.txt
    2011-11-29 06:42 - 2011-11-29 06:42 - 1916416 ____A (AVAST Software) C:\Users\vc\Desktop\aswMBR.exe
    2011-11-29 06:41 - 2011-11-29 06:41 - 0067168 ____A C:\Users\vc\Desktop\reply 1.docx
    2011-11-29 06:41 - 2011-11-29 06:41 - 0000162 ___AH C:\Users\vc\Desktop\~$eply 1.docx
    2011-11-28 21:46 - 2011-11-28 20:45 - 0030812 ____A C:\Users\vc\Desktop\scanlogs.txt
    2011-11-28 21:00 - 2011-11-28 21:00 - 0000000 ____A C:\Users\vc\Desktop\20111128-2100.log
    2011-11-28 20:41 - 2011-11-28 20:41 - 0607260 ____R (Swearware) C:\Users\vc\Desktop\dds.scr
    2011-11-28 20:40 - 2011-11-28 20:40 - 0302592 ____A C:\Users\vc\Desktop\n5mk7iv8.exe
    2011-11-28 17:36 - 2011-11-28 17:36 - 2525216 ____A C:\Users\vc\Documents\AutoRuns.arn
    2011-11-28 16:40 - 2011-11-28 16:40 - 0577930 ____A C:\Users\vc\Downloads\Autoruns.zip
    2011-11-28 16:40 - 2011-11-09 13:15 - 0636728 ____A (Sysinternals - www.sysinternals.com) C:\Program Files (x86)\autoruns.exe
    2011-11-28 16:40 - 2011-11-05 12:52 - 0049648 ____A C:\Program Files (x86)\autoruns.chm
    2011-11-28 16:37 - 2011-11-28 16:35 - 0068084 ____A C:\Users\vc\Downloads\ProcessExplorer.zip
    2011-11-28 16:37 - 2011-09-19 10:36 - 4845856 ____A (Sysinternals - www.sysinternals.com) C:\Program Files (x86)\procexp.exe
    2011-11-28 16:29 - 2009-11-18 13:18 - 0000000 ____D C:\Users\vc\AppData\Local\ElevatedDiagnostics
    2011-11-28 15:57 - 2011-11-28 15:57 - 1566512 ____A (Kaspersky Lab ZAO) C:\Users\vc\Downloads\tdsskiller.exe
    2011-11-28 15:56 - 2011-11-28 15:56 - 1241136 ____A (Soluto Inc) C:\Users\vc\Downloads\solutoinstaller.exe
    2011-11-27 19:47 - 2011-09-04 17:12 - 0000000 ____D C:\Users\vc\Documents\Jackdaw 19
    2011-11-26 15:49 - 2010-01-13 16:41 - 0016860 ____A C:\Users\vc\Documents\DVD list.2.docx
    2011-11-25 16:18 - 2011-11-25 16:18 - 0000000 ____D C:\Program Files\CCleaner
    2011-11-25 16:18 - 2011-11-25 16:16 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2011-11-25 16:18 - 2011-11-25 16:16 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2011-11-25 16:08 - 2011-11-25 16:08 - 0141120 ____A (GridinSoft) C:\Users\vc\Downloads\unhider.exe
    2011-11-25 12:05 - 2011-11-25 12:02 - 47360456 ____A (Safer-Networking Ltd. ) C:\Users\vc\Downloads\spybotsd-2.0.6-beta4.exe
    2011-11-25 12:04 - 2011-11-25 12:03 - 3511776 ____A (Piriform Ltd) C:\Users\vc\Downloads\ccsetup312.exe
    2011-11-25 11:58 - 2011-11-25 11:58 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\Users\vc\AppData\Roaming\Malwarebytes
    2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\ProgramData\Malwarebytes
    2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-25 11:57 - 2011-11-25 11:56 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\vc\Downloads\mbam-setup-1.51.2.1300.exe
    2011-11-25 11:55 - 2011-11-25 11:54 - 0000361 ____A C:\rkill.log
    2011-11-25 11:52 - 2011-11-25 11:52 - 1008114 ____A C:\Users\vc\Downloads\rkill.exe
    2011-11-25 10:51 - 2011-11-25 10:51 - 0000692 ____A C:\Users\vc\Desktop\Libraries - Shortcut.lnk
    2011-11-25 08:59 - 2009-12-08 18:54 - 0000000 ____D C:\Users\All Users\Mozilla Firefox 3.6 Beta 4
    2011-11-25 08:59 - 2009-12-08 18:54 - 0000000 ____D C:\ProgramData\Mozilla Firefox 3.6 Beta 4
    2011-11-25 08:50 - 2009-11-07 09:37 - 0000000 ____D C:\Users\vc\Downloads\_old
    2011-11-24 18:32 - 2009-11-07 11:15 - 0000000 ____D C:\Users\vc\AppData\Roaming\Skype
    2011-11-24 18:17 - 2011-11-24 18:16 - 14580096 ____A (Mozilla) C:\Users\vc\Downloads\Firefox Setup 8.0.1.exe
    2011-11-24 18:16 - 2011-11-24 18:16 - 0743811 ____A C:\Users\vc\Documents\bookmarks-2011-11-24.json
    2011-11-24 18:15 - 2011-11-24 18:15 - 1651479 ____A C:\Users\vc\Documents\bookmarks.html
    2011-11-24 18:06 - 2011-11-24 18:06 - 0001500 ____A C:\Users\vc\Desktop\Skype.lnk
    2011-11-24 17:15 - 2009-11-07 10:04 - 0037760 ____A C:\Windows\PFRO.log
    2011-11-24 17:14 - 2010-06-22 09:04 - 0000307 ____A C:\Windows\Brownie.ini
    2011-11-24 17:11 - 2011-11-24 17:11 - 0000649 ____A C:\Users\vc\Desktop\System Fix.lnk
    2011-11-19 20:00 - 2010-06-07 15:26 - 0000000 ____D C:\Users\vc\AppData\Roaming\Spotify
    2011-11-19 19:26 - 2010-06-07 15:26 - 0000000 ____D C:\Users\vc\AppData\Local\Spotify
    2011-11-19 14:02 - 2009-11-07 09:29 - 0000000 ____D C:\Users\vc\Documents\Pics
    2011-11-19 09:17 - 2009-11-07 10:13 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2011-11-18 23:59 - 2011-07-04 14:29 - 0002393 ____A C:\Users\vc\Desktop\Google Chrome.lnk
    2011-11-18 23:28 - 2011-09-03 14:24 - 0000000 ____D C:\Users\vc\AppData\Local\VMware
    2011-11-17 10:49 - 2010-11-19 15:16 - 0000000 ____D C:\Program Files (x86)\Google
    2011-11-13 18:10 - 2011-09-03 14:24 - 0000000 ____D C:\Users\vc\AppData\Roaming\VMware
    2011-11-13 15:05 - 2010-06-25 16:27 - 0000426 ____A C:\Windows\BRWMARK.INI
    2011-11-13 15:03 - 2010-06-22 09:04 - 0000054 ____A C:\Windows\SysWOW64\bd2030.dat
    2011-11-13 14:45 - 2009-11-07 09:42 - 0000000 ___RD C:\Users\vc\Documents\Writing
    2011-11-13 10:29 - 2011-11-13 10:29 - 0095459 ____A C:\Users\vc\Downloads\oct 2011 338.jpg
    2011-11-13 09:11 - 2011-11-13 09:11 - 0874218 ____A C:\Users\vc\Downloads\nextgen-gallery.zip
    2011-11-11 16:20 - 2011-11-11 16:20 - 0076836 ____A C:\Users\vc\Downloads\drawing 2010a 006.jpg
    2011-11-10 19:49 - 2011-10-08 17:21 - 0000000 ____D C:\Users\vc\Documents\WordPress
    2011-11-09 11:17 - 2011-11-09 11:15 - 0000000 ____D C:\Program Files\iTunes
    2011-11-09 11:16 - 2011-11-09 11:15 - 0000000 ____D C:\Program Files (x86)\iTunes
    2011-11-09 11:15 - 2011-11-09 11:15 - 0000000 ____D C:\Program Files\iPod
    2011-11-09 11:12 - 2011-11-09 11:12 - 0000000 ____D C:\Program Files\Bonjour
    2011-11-09 11:12 - 2011-11-09 11:12 - 0000000 ____D C:\Program Files (x86)\Bonjour
    2011-11-09 11:05 - 2011-05-20 16:49 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2011-11-09 11:03 - 2009-07-14 04:45 - 3018296 ____A C:\Windows\System32\FNTCACHE.DAT
    2011-11-09 11:02 - 2009-07-14 03:20 - 0000000 ____D C:\Program Files\Common Files\System
    2011-11-09 10:46 - 2009-11-07 18:03 - 0000000 ____D C:\Users\All Users\Microsoft Help
    2011-11-09 10:46 - 2009-11-07 18:03 - 0000000 ____D C:\ProgramData\Microsoft Help
    2011-11-09 10:42 - 2009-11-06 19:00 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2011-11-05 14:59 - 2009-11-07 11:14 - 0000000 ___RD C:\Program Files (x86)\Skype
    2011-11-05 14:59 - 2009-11-07 11:14 - 0000000 ____D C:\Users\All Users\Skype
    2011-11-05 14:59 - 2009-11-07 11:14 - 0000000 ____D C:\ProgramData\Skype
    2011-11-03 17:30 - 2009-11-20 11:13 - 0000600 ____A C:\Users\vc\AppData\Roaming\winscp.rnd
    2011-11-03 17:06 - 2011-11-03 17:06 - 0000053 ____A C:\Users\vc\Downloads\googled8a0bdcb8fb56c79.html
    2011-10-25 15:21 - 2009-11-07 10:50 - 0000000 ____D C:\Users\vc\AppData\Roaming\Adobe
    2011-10-23 14:11 - 2011-10-23 14:11 - 0000178 ____A C:\Users\vc\Desktop\Wall Workout for Your Belly, Butt & Thighs - Prevention.com.URL
    2011-10-20 18:19 - 2011-10-20 18:19 - 0027053 ____A C:\Users\vc\Downloads\MormonEntertainment.JPG
    2011-10-19 08:28 - 2011-10-19 08:24 - 56176640 ____A C:\Users\vc\Downloads\f5l009v140.exe
    2011-10-15 17:29 - 2010-08-04 11:45 - 0000000 ____D C:\Users\vc\Documents\Jewellery
    2011-10-14 10:25 - 2011-10-14 10:25 - 1149904 ____A C:\Windows\Minidump\101411-17004-01.dmp
    2011-10-14 10:25 - 2011-06-20 17:15 - 0000000 ____D C:\Windows\Minidump
    2011-10-14 10:25 - 2011-06-20 17:14 - 483135118 ____A C:\Windows\MEMORY.DMP
    2011-10-14 08:06 - 2009-11-07 18:25 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2011-10-13 16:41 - 2010-06-07 15:26 - 0000000 ____D C:\Program Files (x86)\Spotify
    2011-10-08 13:40 - 2011-10-08 13:40 - 1336579 ____A C:\Users\vc\Downloads\VCblog-10-08-2011.xml
    2011-10-08 13:25 - 2011-10-08 13:25 - 3981530 ____A C:\Users\vc\Downloads\wordpress-3.2.1.zip
    2011-10-08 09:50 - 2011-10-08 09:50 - 0000000 ____D C:\Program Files (x86)\QuickTime
    2011-10-06 22:00 - 2011-10-06 22:00 - 0000081 ____A C:\Users\vc\Desktop\Playscript Competition - Amateur Stage Magazine.URL
    2011-09-29 16:29 - 2011-11-09 10:11 - 1923952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2011-09-29 04:03 - 2011-11-09 10:11 - 3144704 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-09-20 23:23 - 2011-09-20 23:23 - 0000077 ____A C:\Users\vc\Desktop\The Elms Hotel, United Kingdom - Boutique & Luxury Hotels.URL
    2011-09-19 14:36 - 2011-07-26 18:40 - 0016496 ____A C:\Users\vc\Documents\Personal Assistant Services.docx
    2011-09-17 19:27 - 2011-09-03 14:25 - 0000000 ____D C:\Users\vc\My VMs
    2011-09-10 07:40 - 2011-09-10 07:40 - 0031363 ____A C:\Users\vc\Documents\print2.docx
    2011-09-10 07:34 - 2011-09-10 07:34 - 0032675 ____A C:\Users\vc\Documents\Print1.docx
    2011-09-04 23:05 - 2011-09-04 09:18 - 0013840 ____A C:\Users\vc\Documents\Pricing.docx


    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 40%
    Total physical RAM: 4060.83 MB
    Available physical RAM: 2396.65 MB
    Total Pagefile: 8119.86 MB
    Available Pagefile: 6235.88 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.87 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:451.07 GB) (Free:270.11 GB) NTFS ==>[System with boot components]
    2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.21 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B

    Partitions of Disk 0:

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 14 GB 39 MB
    Partition 3 Primary 451 GB 14 GB

    Disk: 0
    Partition 3
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 451 GB Healthy System

    ==========================================================

    Last Boot: 2011-11-21 11:56

    ======================= End Of Log ==========================
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    That looks good.

    Go ahead with Combofix.
     
  11. tonylindek

    tonylindek TS Rookie Topic Starter Posts: 20

    Thanks, as always, Broni. Combofix log file follows. (bootcleaner still shows the rootkit in place)

    =====
    ComboFix 11-12-01.03 - vc 2-Dec-2011 6:04.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2526 [GMT 0:00]
    Running from: c:\users\vc\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\vc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    c:\users\vc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
    c:\users\vc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
    c:\users\vc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
    c:\users\vc\Desktop\System Fix.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-02 06:38 . 2011-12-02 06:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-02 05:53 . 2011-12-02 05:53 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8A42711-6A38-474E-8BAE-07263E042ED7}\offreg.dll
    2011-12-02 05:53 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8A42711-6A38-474E-8BAE-07263E042ED7}\mpengine.dll
    2011-12-02 05:24 . 2011-12-02 05:25 -------- d-----w- C:\FRST
    2011-11-25 16:18 . 2011-11-25 16:18 -------- d-----w- c:\program files\CCleaner
    2011-11-25 16:16 . 2011-11-25 16:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-11-25 11:58 . 2011-11-25 11:58 -------- d-----w- c:\users\vc\AppData\Roaming\Malwarebytes
    2011-11-25 11:58 . 2011-11-25 11:58 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-25 11:58 . 2011-11-25 11:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-11-09 13:15 . 2011-11-28 16:40 636728 ----a-w- c:\program files (x86)\autoruns.exe
    2011-11-09 11:15 . 2011-11-09 11:15 -------- d-----w- c:\program files\iPod
    2011-11-09 11:15 . 2011-11-09 11:17 -------- d-----w- c:\program files\iTunes
    2011-11-09 11:15 . 2011-11-09 11:16 -------- d-----w- c:\program files (x86)\iTunes
    2011-11-09 11:12 . 2011-11-09 11:12 -------- d-----w- c:\program files\Bonjour
    2011-11-09 11:12 . 2011-11-09 11:12 -------- d-----w- c:\program files (x86)\Bonjour
    2011-11-09 10:11 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 10:11 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-09 10:11 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 10:11 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-28 16:37 . 2011-09-19 10:36 4845856 ----a-w- c:\program files (x86)\procexp.exe
    2011-11-09 11:05 . 2011-05-20 16:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-11 07:07 . 2011-10-11 07:08 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBD09F0D-1225-447C-9513-A7ED85BDCD73}\gapaengine.dll
    2011-10-07 04:16 . 2009-12-10 23:00 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-11-09 611712]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-25 64112]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-07 1038088]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-04 28152]
    R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
    R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [x]
    S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [x]
    S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
    TCP: DhcpNameServer = 10.0.1.1
    FF - ProfilePath - c:\users\vc\AppData\Roaming\Mozilla\Firefox\Profiles\g2aa1na6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://pinterest.com/|https://accounts.google.com/Service...//hootsuite.com/dashboard|http://twitter.com/
    FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{048DBD20-445E8C82-05040104}]
    "ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-12-02 07:01:29
    ComboFix-quarantined-files.txt 2011-12-02 07:01
    .
    Pre-Run: 294,470,684,672 bytes free
    Post-Run: 295,315,513,344 bytes free
    .
    - - End Of File - - 133CD3A34CB769369CCACE928EE1473E
    =====
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good now.

    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. tonylindek

    tonylindek TS Rookie Topic Starter Posts: 20

    Redirect is still active, Broni. Logs follow in two (or more parts):

    =====
    OTL.txt

    OTL logfile created on: 03-Dec-2011 06:17:22 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\vc\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd-MMM-yyyy

    3.97 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.39% Memory free
    7.93 Gb Paging File | 6.14 Gb Available in Paging File | 77.49% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.07 Gb Total Space | 275.10 Gb Free Space | 60.99% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 8.21 Gb Free Space | 56.03% Space Free | Partition Type: NTFS

    Computer Name: LORDPETERWIMSEY | User Name: vc | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011-12-03 06:11:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\vc\Desktop\OTL.exe
    PRC - [2011-03-25 22:26:58 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
    PRC - [2011-03-25 22:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
    PRC - [2011-03-25 22:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
    PRC - [2011-03-25 22:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    PRC - [2011-03-25 21:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011-09-27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011-09-27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011-03-25 22:26:48 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
    MOD - [2011-03-25 22:26:18 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011-04-27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2011-04-27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010-01-21 03:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009-11-07 16:18:25 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2009-07-14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009-06-25 18:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009-03-03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
    SRV - [2011-03-25 22:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2011-03-25 22:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
    SRV - [2011-03-25 22:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
    SRV - [2011-03-25 21:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
    SRV - [2010-08-19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
    SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009-11-07 16:16:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009-06-10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009-01-30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011-05-10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011-04-27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2011-03-25 22:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
    DRV:64bit: - [2011-03-25 22:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
    DRV:64bit: - [2011-03-25 22:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
    DRV:64bit: - [2011-03-25 22:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV:64bit: - [2011-03-25 21:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
    DRV:64bit: - [2011-03-25 19:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV:64bit: - [2011-03-25 19:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV:64bit: - [2011-03-11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011-03-11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010-11-20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-11-20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010-06-09 23:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010-01-21 03:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010-01-21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2010-01-21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2010-01-21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2009-11-09 15:07:30 | 000,010,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
    DRV:64bit: - [2009-11-09 10:36:45 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV:64bit: - [2009-08-24 10:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009-07-14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-06-25 19:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009-06-25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2009-06-25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2009-06-25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2009-06-10 20:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
    DRV:64bit: - [2009-06-10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009-06-05 05:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009-05-18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009-05-14 08:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009-01-06 01:02:00 | 000,310,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA008Vid.sys -- (OA008Vid)
    DRV:64bit: - [2008-11-26 14:02:18 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA008Ufd.sys -- (OA008Ufd)
    DRV:64bit: - [2008-04-16 07:39:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam.sys -- (WDC_SAM)
    DRV:64bit: - [2007-10-02 23:42:00 | 000,078,952 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
    DRV - [2010-08-19 12:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
    DRV - [2009-11-09 10:36:45 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
    DRV - [2009-07-14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008-11-04 23:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2941439023-2714059470-3458206924-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    IE - HKU\S-1-5-21-2941439023-2714059470-3458206924-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 87 26 AB D0 AA CC 01 [binary data]
    IE - HKU\S-1-5-21-2941439023-2714059470-3458206924-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2941439023-2714059470-3458206924-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "http://pinterest.com/|https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&ss=1&scc=1&ltmpl=default&ltmplcache=2#inbox|http://www.facebook.com/|http://vclinde.wordpress.com/|http://hootsuite.com/dashboard|http://twitter.com/"
    FF - prefs.js..extensions.enabledItems: compatibility@addons.mozilla.org:0.8.3
    FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
    FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
    FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:1.2.1
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
    FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vc\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vc\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\ProgramData\Mozilla Firefox 3.6 Beta 4\components [2011-10-08 09:50:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\ProgramData\Mozilla Firefox 3.6 Beta 4\plugins [2011-11-09 11:06:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-11-19 09:17:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-11-09 11:06:12 | 000,000,000 | ---D | M]

    [2009-11-07 10:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vc\AppData\Roaming\Mozilla\Extensions
    [2011-11-25 10:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vc\AppData\Roaming\Mozilla\Firefox\Profiles\g2aa1na6.default\extensions
    [2011-11-24 18:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vc\AppData\Roaming\Mozilla\Firefox\Profiles\g2aa1na6.default\extensions\compatibility@addons.mozilla.org
    [2011-11-17 20:38:03 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\vc\AppData\Roaming\Mozilla\Firefox\Profiles\g2aa1na6.default\extensions\https-everywhere@eff.org
    [2011-11-24 18:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vc\AppData\Roaming\Mozilla\Firefox\Profiles\g2aa1na6.default\extensions\isreaditlater@ideashower.com
    [2011-06-28 08:40:48 | 000,000,993 | ---- | M] () -- C:\Users\vc\AppData\Roaming\Mozilla\Firefox\Profiles\g2aa1na6.default\searchplugins\Orange%20search.xml
    [2011-11-19 09:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011-11-05 14:59:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    () (No name found) -- C:\USERS\VC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2AA1NA6.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
    [2011-11-19 09:17:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011-05-04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011-05-07 08:41:31 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2011-05-07 08:41:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011-05-07 08:41:31 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2011-05-07 08:41:31 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2009-12-06 18:23:09 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\MyHeritage.xml
    [2011-05-07 08:41:31 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\vc\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\vc\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\vc\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\vc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Skype Click to Call = C:\Users\vc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

    O1 HOSTS File: ([2011-12-02 06:39:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKU\S-1-5-21-2941439023-2714059470-3458206924-1001\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2941439023-2714059470-3458206924-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2941439023-2714059470-3458206924-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (Reg Error: Key error.)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCDF04DB-B757-47B9-AA2D-8FF45DC03030}: DhcpNameServer = 10.0.1.1
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011-12-03 06:11:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\vc\Desktop\OTL.exe
    [2011-12-02 05:56:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011-12-02 05:56:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011-12-02 05:56:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011-12-02 05:55:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011-12-02 05:55:05 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011-12-02 05:52:20 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011-12-02 05:49:44 | 004,324,789 | R--- | C] (Swearware) -- C:\Users\vc\Desktop\ComboFix.exe
    [2011-12-02 05:24:21 | 000,000,000 | ---D | C] -- C:\FRST
    [2011-11-29 06:42:39 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\vc\Desktop\aswMBR.exe
    [2011-11-28 20:41:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\vc\Desktop\dds.scr
    [2011-11-25 16:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011-11-25 16:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011-11-25 11:58:46 | 000,000,000 | ---D | C] -- C:\Users\vc\AppData\Roaming\Malwarebytes
    [2011-11-25 11:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011-11-25 11:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011-11-25 11:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011-11-17 10:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2011-11-09 13:15:34 | 000,636,728 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files (x86)\autoruns.exe
    [2011-11-09 11:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011-11-09 11:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011-11-09 11:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011-11-09 11:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2011-11-09 11:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011-11-09 11:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2011-11-09 11:05:51 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011-11-05 14:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011-09-19 10:36:22 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files (x86)\procexp.exe
    [1 C:\Users\vc\Desktop\*.tmp files -> C:\Users\vc\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011-12-03 06:11:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\vc\Desktop\OTL.exe
    [2011-12-03 06:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011-12-02 07:02:19 | 000,000,508 | ---- | M] () -- C:\Users\vc\Desktop\Virus and Malware Removal - TechSpot OpenBoards.website
    [2011-12-02 06:39:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011-12-02 05:49:49 | 004,324,789 | R--- | M] (Swearware) -- C:\Users\vc\Desktop\ComboFix.exe
    [2011-12-02 05:24:11 | 001,377,555 | ---- | M] () -- C:\Users\vc\Desktop\FRST64.exe
    [2011-12-01 07:51:39 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011-12-01 07:51:39 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011-12-01 07:50:35 | 000,733,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011-12-01 07:50:35 | 000,633,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011-12-01 07:50:35 | 000,113,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011-12-01 07:44:19 | 3193,565,184 | -HS- | M] () -- C:\hiberfil.sys
    [2011-11-30 07:08:53 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\vc\Desktop\boot_cleaner.exe
    [2011-11-29 06:42:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\vc\Desktop\aswMBR.exe
    [2011-11-28 20:41:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\vc\Desktop\dds.scr
    [2011-11-28 20:40:42 | 000,302,592 | ---- | M] () -- C:\Users\vc\Desktop\n5mk7iv8.exe
    [2011-11-28 17:36:32 | 002,525,216 | ---- | M] () -- C:\Users\vc\Documents\AutoRuns.arn
    [2011-11-28 16:40:39 | 000,636,728 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files (x86)\autoruns.exe
    [2011-11-28 16:40:35 | 000,049,648 | ---- | M] () -- C:\Program Files (x86)\autoruns.chm
    [2011-11-28 16:37:11 | 004,845,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files (x86)\procexp.exe
    [2011-11-25 11:58:36 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011-11-25 10:51:39 | 000,000,692 | ---- | M] () -- C:\Users\vc\Desktop\Libraries - Shortcut.lnk
    [2011-11-24 18:16:01 | 000,743,811 | ---- | M] () -- C:\Users\vc\Documents\bookmarks-2011-11-24.json
    [2011-11-24 18:15:44 | 001,651,479 | ---- | M] () -- C:\Users\vc\Documents\bookmarks.html
    [2011-11-24 18:06:00 | 000,001,500 | ---- | M] () -- C:\Users\vc\Desktop\Skype.lnk
    [2011-11-24 17:14:26 | 000,000,307 | ---- | M] () -- C:\Windows\Brownie.ini
    [2011-11-19 09:18:47 | 000,002,052 | ---- | M] () -- C:\Users\vc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011-11-18 23:59:01 | 000,002,393 | ---- | M] () -- C:\Users\vc\Desktop\Google Chrome.lnk
    [2011-11-17 10:49:11 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2011-11-13 15:05:57 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
    [2011-11-13 15:03:57 | 000,000,054 | ---- | M] () -- C:\Windows\SysWow64\bd2030.dat
    [2011-11-09 11:17:03 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011-11-09 11:06:13 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011-11-09 11:03:59 | 003,018,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011-11-05 14:59:19 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011-11-03 17:30:26 | 000,000,600 | ---- | M] () -- C:\Users\vc\AppData\Roaming\winscp.rnd
    [1 C:\Users\vc\Desktop\*.tmp files -> C:\Users\vc\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011-12-02 06:21:22 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
    [2011-12-02 06:21:21 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\TweetDeck.lnk
    [2011-12-02 06:21:20 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011-12-02 06:21:19 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011-12-02 06:21:18 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011-12-02 06:21:17 | 000,002,785 | ---- | C] () -- C:\Users\Public\Desktop\MindMan.lnk
    [2011-12-02 06:21:16 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom.lnk
    [2011-12-02 06:21:15 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011-12-02 06:21:14 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2011-12-02 06:21:13 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011-12-02 05:56:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011-12-02 05:56:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011-12-02 05:56:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011-12-02 05:56:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011-12-02 05:56:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011-12-02 05:23:14 | 001,377,555 | ---- | C] () -- C:\Users\vc\Desktop\FRST64.exe
    [2011-11-29 06:54:11 | 000,000,508 | ---- | C] () -- C:\Users\vc\Desktop\Virus and Malware Removal - TechSpot OpenBoards.website
    [2011-11-28 20:40:42 | 000,302,592 | ---- | C] () -- C:\Users\vc\Desktop\n5mk7iv8.exe
    [2011-11-28 17:36:31 | 002,525,216 | ---- | C] () -- C:\Users\vc\Documents\AutoRuns.arn
    [2011-11-25 11:58:36 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011-11-25 10:51:39 | 000,000,692 | ---- | C] () -- C:\Users\vc\Desktop\Libraries - Shortcut.lnk
    [2011-11-24 18:58:18 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2011-11-24 18:58:18 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [2011-11-24 18:58:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2011-11-24 18:58:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2011-11-24 18:58:17 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 2.5 64-bit.lnk
    [2011-11-24 18:58:17 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011-11-24 18:58:17 | 000,001,436 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
    [2011-11-24 18:58:17 | 000,001,407 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
    [2011-11-24 18:58:17 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    [2011-11-24 18:58:17 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    [2011-11-24 18:58:17 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2011-11-24 18:58:17 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2011-11-24 18:58:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2011-11-24 18:58:17 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    [2011-11-24 18:58:17 | 000,001,283 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
    [2011-11-24 18:58:17 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2011-11-24 18:58:17 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4 (64 Bit).lnk
    [2011-11-24 18:58:17 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011-11-24 18:58:17 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
    [2011-11-24 18:58:17 | 000,000,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweetDeck.lnk
    [2011-11-24 18:58:16 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
    [2011-11-24 18:58:16 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
    [2011-11-24 18:16:00 | 000,743,811 | ---- | C] () -- C:\Users\vc\Documents\bookmarks-2011-11-24.json
    [2011-11-24 18:15:38 | 001,651,479 | ---- | C] () -- C:\Users\vc\Documents\bookmarks.html
    [2011-11-24 18:06:00 | 000,001,500 | ---- | C] () -- C:\Users\vc\Desktop\Skype.lnk
    [2011-11-05 12:52:32 | 000,049,648 | ---- | C] () -- C:\Program Files (x86)\autoruns.chm
    [2011-04-17 18:06:11 | 000,738,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010-12-10 22:21:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2010-12-10 13:59:12 | 000,001,037 | ---- | C] () -- C:\Users\vc\AppData\Local\Account.atomsvc
    [2010-08-19 16:17:39 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010-06-25 16:27:21 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2010-06-22 09:05:31 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
    [2010-06-22 09:05:30 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
    [2010-06-22 09:05:30 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
    [2010-06-22 09:05:29 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI
    [2010-06-22 09:04:55 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat
    [2010-06-22 09:04:42 | 000,000,307 | ---- | C] () -- C:\Windows\Brownie.ini
    [2010-05-31 16:47:53 | 000,003,235 | ---- | C] () -- C:\Users\vc\AppData\Local\Temp11.html
    [2010-05-31 16:47:46 | 000,000,778 | ---- | C] () -- C:\Users\vc\AppData\Local\Temp1.html
    [2009-12-06 18:23:04 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
    [2009-11-23 18:44:44 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2009-11-20 11:13:18 | 000,000,600 | ---- | C] () -- C:\Users\vc\AppData\Roaming\winscp.rnd
    [2009-11-06 18:30:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2009-07-14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009-07-14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009-07-14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009-07-14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009-07-13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009-07-13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009-06-10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2010-04-16 19:01:11 | 000,000,000 | ---D | M] -- C:\Users\vc\AppData\Roaming\6C512E380BF01C8A7C4ED37BDCFFC3C9
    [2009-12-21 23:50:04 | 000,000,000 | ---D | M] -- C:\Users\vc\AppData\Roaming\Amazon
    [2009-12-06 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\vc\AppData\Roaming\MyHeritage
    [2010-08-17 20:02:20 | 000,000,000 | ---D | M] -- C:\Users\vc\AppData\Roaming\SmartDraw
    [2011-11-19 20:00:54 | 000,000,000 | ---D | M] -- C:\Users\vc\AppData\Roaming\Spotify
    [2009-12-06 18:23:04 | 000,000,000 | ---D | M] -- C:\Users\vc\AppData\Roaming\The Complete Genealogy Reporter - FTB
    [2010-09-21 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\vc\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2011-04-19 18:00:42 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
     
  14. tonylindek

    tonylindek TS Rookie Topic Starter Posts: 20

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011-09-03 13:10:38 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2010-11-20 12:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2009-11-07 02:28:36 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011-12-02 07:01:43 | 000,011,284 | ---- | M] () -- C:\ComboFix.txt
    [2011-12-01 07:44:19 | 3193,565,184 | -HS- | M] () -- C:\hiberfil.sys
    [2009-11-18 12:56:52 | 000,020,206 | ---- | M] () -- C:\M1319.log
    [2006-12-01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011-12-01 07:44:21 | 4258,091,008 | -HS- | M] () -- C:\pagefile.sys
    [2011-11-25 11:55:48 | 000,000,361 | ---- | M] () -- C:\rkill.log

    < %systemroot%\Fonts\*.com >
    [2009-07-14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009-07-14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009-07-14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009-07-14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009-06-10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010-11-10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2011-11-28 16:40:35 | 000,049,648 | ---- | M] () -- C:\Program Files (x86)\autoruns.chm
    [2011-11-28 16:40:39 | 000,636,728 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files (x86)\autoruns.exe
    [2009-07-14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
    [2011-11-28 16:37:11 | 004,845,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files (x86)\procexp.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011-07-27 18:25:15 | 000,000,221 | -HS- | M] () -- C:\Users\vc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011-11-29 06:42:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\vc\Desktop\aswMBR.exe
    [2011-11-30 07:08:53 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\vc\Desktop\boot_cleaner.exe
    [2011-12-02 05:49:49 | 004,324,789 | R--- | M] (Swearware) -- C:\Users\vc\Desktop\ComboFix.exe
    [2010-07-19 12:09:26 | 004,780,600 | ---- | M] (DivX, Inc.) -- C:\Users\vc\Desktop\DivXWebPlayerInstallerv15.exe
    [2010-11-28 22:56:12 | 098,427,240 | ---- | M] (Sony Corporation ) -- C:\Users\vc\Desktop\DVESetup_EN_3301.exe
    [2011-12-02 05:24:11 | 001,377,555 | ---- | M] () -- C:\Users\vc\Desktop\FRST64.exe
    [2010-12-10 15:42:51 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\vc\Desktop\install_flash_player.exe
    [2011-11-28 20:40:42 | 000,302,592 | ---- | M] () -- C:\Users\vc\Desktop\n5mk7iv8.exe
    [2011-12-03 06:11:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\vc\Desktop\OTL.exe
    [1 C:\Users\vc\Desktop\*.tmp files -> C:\Users\vc\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009-06-10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011-07-27 18:25:14 | 000,000,402 | -HS- | M] () -- C:\Users\vc\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Files - Unicode (All) ==========
    [2009-11-07 09:51:16 | 000,000,000 | ---D | M](C:\Users\vc\Favorites\??sorted Bookmarks) -- C:\Users\vc\Favorites\褈Ɠsorted Bookmarks

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
    =====
    Extras.txt

    OTL Extras logfile created on: 03-Dec-2011 06:17:22 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\vc\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd-MMM-yyyy

    3.97 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.39% Memory free
    7.93 Gb Paging File | 6.14 Gb Available in Paging File | 77.49% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.07 Gb Total Space | 275.10 Gb Free Space | 60.99% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 8.21 Gb Free Space | 56.03% Space Free | Partition Type: NTFS

    Computer Name: LORDPETERWIMSEY | User Name: vc | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2941439023-2714059470-3458206924-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{10193AAA-D72D-4A1A-B8AD-A9D9221595E7}" = Intel(R) PROSet/Wireless WiFi Driver
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{64FBA03C-575C-D688-1C80-A5773CE471F9}" = ATI Catalyst Install Manager
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
    "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B85B1A3C-E404-44E5-A0E1-C4D0438A49C1}" = Adobe Photoshop Lightroom 2.5 64-bit
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Belkin Network USB Hub Control Center" = Belkin Network USB Hub Control Center
    "CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
    "CCleaner" = CCleaner
    "Creative OA008" = Integrated Webcam Driver (1.02.02.0106)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "ProInst" = Intel PROSet Wireless
    "SmartDraw PDF Export_is1" = SmartDraw PDF Export (novaPDF 6.4 printer)
    "SynTPDeinstKey" = Dell Touchpad
    "WhoCrashed_is1" = WhoCrashed 2.10

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
    "{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00
    "{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
    "{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4F820030-9084-49F8-B46F-04A11D27B7F8}" = Brother HL-2030
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
    "{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
    "{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
    "{6029C599-81E1-4C1C-8BD6-A7298CA88546}" = Mindjet MindManager Pro 7
    "{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
    "{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
    "{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
    "{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_WebDesigner_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 7.0 Professional Edition
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Driving Test Success - All Tests_is1" = Driving Test Success - All Tests 2011 Edition
    "Family Tree Builder" = MyHeritage Family Tree Builder
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
    "Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
    "PDF-XChange 3_is1" = PDF-XChange 3
    "Spotify" = Spotify
    "SyncBackSE_is1" = SyncBackSE
    "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
    "VISPRO" = Microsoft Office Visio Professional 2007
    "VMware_Player" = VMware Player
    "WebDesigner" = Microsoft Expression Web
    "WinLiveSuite" = Windows Live Essentials
    "winscp3_is1" = WinSCP 4.2.4 beta

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2941439023-2714059470-3458206924-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle For PC" = Amazon Kindle For PC v1.1
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 28-Nov-2011 19:33:51 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 209416

    Error - 28-Nov-2011 19:33:51 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 209416

    Error - 28-Nov-2011 19:34:01 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 28-Nov-2011 19:34:01 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 219400

    Error - 28-Nov-2011 19:34:01 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 219400

    Error - 28-Nov-2011 19:34:09 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 28-Nov-2011 19:34:09 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 226873

    Error - 28-Nov-2011 19:34:09 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 226873

    Error - 01-Dec-2011 03:30:15 | Computer Name = LordPeterWimsey | Source = Microsoft-Windows-CertificateServicesClient | ID = 1001
    Description = Certificate Services Client failed to load Provider pautoenr.dll.
    Error code 19.

    Error - 01-Dec-2011 03:30:15 | Computer Name = LordPeterWimsey | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
    Description = Certificate Services Client failed to invoke the Providers in response
    to event 256. Error code 2147942419.

    [ OSession Events ]
    Error - 06-Aug-2010 14:09:44 | Computer Name = LordPeterWimsey | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
    12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9705
    seconds with 4080 seconds of active time. This session ended with a crash.

    Error - 06-Aug-2010 14:10:33 | Computer Name = LordPeterWimsey | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
    12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 35
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 29-Nov-2011 02:56:18 | Computer Name = LordPeterWimsey | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 29-Nov-2011 02:56:18 | Computer Name = LordPeterWimsey | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 29-Nov-2011 02:56:28 | Computer Name = LordPeterWimsey | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 29-Nov-2011 02:56:28 | Computer Name = LordPeterWimsey | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 29-Nov-2011 06:13:15 | Computer Name = LordPeterWimsey | Source = DCOM | ID = 10010
    Description =

    Error - 29-Nov-2011 06:30:22 | Computer Name = LordPeterWimsey | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 01-Dec-2011 03:44:39 | Computer Name = LordPeterWimsey | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 02-Dec-2011 02:21:46 | Computer Name = LordPeterWimsey | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 02-Dec-2011 02:36:01 | Computer Name = LordPeterWimsey | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 02-Dec-2011 02:40:13 | Computer Name = LordPeterWimsey | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
    =====
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Which browser is getting redirected?

    See if you can run aswMBR now.
     
  16. tonylindek

    tonylindek TS Rookie Topic Starter Posts: 20

    Hi Broni. The only one I tried was firefox. Searched for "rkill cnet", first result was the cnet download for rkill, clicked that and status bar flagged loads of addresses but ended up at what seemed a spoof ebay site.

    aswMBR still won't run.

    Cheers,
    Tony.
     
  17. tonylindek

    tonylindek TS Rookie Topic Starter Posts: 20

    More...

    IE 'seemed' to go to right page (but via couple of other pages) but Chrome went to h___://www.get-answers-fast.com/jump2/?affiliate=itcg&subid=20342&terms=rkill%20cnet

    t.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    What about Firefox?
     
  19. tonylindek

    tonylindek TS Rookie Topic Starter Posts: 20

    FF reply was one before last...

    So, Firefox & Chrome (not sure about IE) being redirected. aswMBR still not able to run.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
  21. tonylindek

    tonylindek TS Rookie Topic Starter Posts: 20

    Cheers, Broni.

    After double clicking FixTDSS, lots of flickering, no Start button. Computer restarted and dialog with "Infected MBR detected" and Repair button. Clicked that.

    Dialog stated 'Repair was successful'; clicked OK.

    Ran boot_cleaner.exe: that also came up clean.

    Redirect seems to be gone for FF, IE & Chrome.

    Have not yet restarted computer.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Very well :)
    Restart, give me fresh Bootkit Remover log.

    Also....

    1. See if aswMBR will run now
    2. Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  23. tonylindek

    tonylindek TS Rookie Topic Starter Posts: 20

    Thanks, Broni.

    =====
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`abf38a00
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
    =====

    TDSSKiller reported no infected or suspicious files (nor did it need a reboot). Report follows:

    =====
    21:51:02.0648 4580 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
    21:51:02.0978 4580 ============================================================
    21:51:02.0978 4580 Current date / time: 2011/12/03 21:51:02.0978
    21:51:02.0978 4580 SystemInfo:
    21:51:02.0978 4580
    21:51:02.0978 4580 OS Version: 6.1.7601 ServicePack: 1.0
    21:51:02.0978 4580 Product type: Workstation
    21:51:02.0978 4580 ComputerName: LORDPETERWIMSEY
    21:51:02.0978 4580 UserName: vc
    21:51:02.0978 4580 Windows directory: C:\Windows
    21:51:02.0978 4580 System windows directory: C:\Windows
    21:51:02.0978 4580 Running under WOW64
    21:51:02.0978 4580 Processor architecture: Intel x64
    21:51:02.0978 4580 Number of processors: 2
    21:51:02.0978 4580 Page size: 0x1000
    21:51:02.0978 4580 Boot type: Normal boot
    21:51:02.0978 4580 ============================================================
    21:51:04.0828 4580 Initialize success
    21:51:20.0219 5108 ============================================================
    21:51:20.0219 5108 Scan started
    21:51:20.0219 5108 Mode: Manual;
    21:51:20.0219 5108 ============================================================
    21:51:21.0259 5108 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    21:51:21.0259 5108 1394ohci - ok
    21:51:21.0319 5108 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    21:51:21.0319 5108 ACPI - ok
    21:51:21.0349 5108 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    21:51:21.0349 5108 AcpiPmi - ok
    21:51:21.0399 5108 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
    21:51:21.0399 5108 adfs - ok
    21:51:21.0459 5108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    21:51:21.0459 5108 adp94xx - ok
    21:51:21.0489 5108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    21:51:21.0499 5108 adpahci - ok
    21:51:21.0519 5108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    21:51:21.0529 5108 adpu320 - ok
    21:51:21.0609 5108 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    21:51:21.0619 5108 AFD - ok
    21:51:21.0659 5108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    21:51:21.0659 5108 agp440 - ok
    21:51:21.0689 5108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    21:51:21.0699 5108 aliide - ok
    21:51:21.0719 5108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    21:51:21.0719 5108 amdide - ok
    21:51:21.0749 5108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    21:51:21.0749 5108 AmdK8 - ok
    21:51:21.0769 5108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    21:51:21.0769 5108 AmdPPM - ok
    21:51:21.0819 5108 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    21:51:21.0819 5108 amdsata - ok
    21:51:21.0849 5108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    21:51:21.0859 5108 amdsbs - ok
    21:51:21.0879 5108 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    21:51:21.0879 5108 amdxata - ok
    21:51:21.0919 5108 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    21:51:21.0919 5108 AppID - ok
    21:51:21.0989 5108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    21:51:21.0989 5108 arc - ok
    21:51:21.0999 5108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    21:51:21.0999 5108 arcsas - ok
    21:51:22.0029 5108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:51:22.0029 5108 AsyncMac - ok
    21:51:22.0059 5108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    21:51:22.0059 5108 atapi - ok
    21:51:22.0099 5108 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
    21:51:22.0099 5108 AtiHdmiService - ok
    21:51:22.0279 5108 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:51:22.0399 5108 atikmdag - ok
    21:51:22.0551 5108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    21:51:22.0561 5108 b06bdrv - ok
    21:51:22.0591 5108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:51:22.0601 5108 b57nd60a - ok
    21:51:22.0641 5108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    21:51:22.0641 5108 Beep - ok
    21:51:22.0681 5108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    21:51:22.0681 5108 blbdrive - ok
    21:51:22.0831 5108 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    21:51:22.0831 5108 bowser - ok
    21:51:22.0871 5108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:51:22.0881 5108 BrFiltLo - ok
    21:51:22.0891 5108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:51:22.0891 5108 BrFiltUp - ok
    21:51:22.0921 5108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    21:51:22.0921 5108 Brserid - ok
    21:51:22.0941 5108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    21:51:22.0941 5108 BrSerWdm - ok
    21:51:22.0961 5108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:51:22.0961 5108 BrUsbMdm - ok
    21:51:22.0971 5108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    21:51:22.0971 5108 BrUsbSer - ok
    21:51:22.0981 5108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    21:51:22.0991 5108 BTHMODEM - ok
    21:51:23.0141 5108 catchme - ok
    21:51:23.0331 5108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:51:23.0331 5108 cdfs - ok
    21:51:23.0471 5108 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    21:51:23.0471 5108 cdrom - ok
    21:51:23.0521 5108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    21:51:23.0521 5108 circlass - ok
    21:51:23.0561 5108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    21:51:23.0561 5108 CLFS - ok
    21:51:23.0641 5108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:51:23.0641 5108 CmBatt - ok
    21:51:23.0661 5108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    21:51:23.0671 5108 cmdide - ok
    21:51:23.0701 5108 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    21:51:23.0711 5108 CNG - ok
    21:51:23.0741 5108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    21:51:23.0741 5108 Compbatt - ok
    21:51:23.0771 5108 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    21:51:23.0781 5108 CompositeBus - ok
    21:51:23.0791 5108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    21:51:23.0801 5108 crcdisk - ok
    21:51:23.0861 5108 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    21:51:23.0861 5108 DfsC - ok
    21:51:23.0901 5108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    21:51:23.0901 5108 discache - ok
    21:51:23.0931 5108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    21:51:23.0931 5108 Disk - ok
    21:51:23.0991 5108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    21:51:23.0991 5108 drmkaud - ok
    21:51:24.0041 5108 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    21:51:24.0041 5108 DXGKrnl - ok
    21:51:24.0131 5108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    21:51:24.0201 5108 ebdrv - ok
    21:51:24.0321 5108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    21:51:24.0321 5108 elxstor - ok
    21:51:24.0381 5108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    21:51:24.0381 5108 ErrDev - ok
    21:51:24.0411 5108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    21:51:24.0411 5108 exfat - ok
    21:51:24.0431 5108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    21:51:24.0431 5108 fastfat - ok
    21:51:24.0461 5108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    21:51:24.0461 5108 fdc - ok
    21:51:24.0491 5108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    21:51:24.0491 5108 FileInfo - ok
    21:51:24.0501 5108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    21:51:24.0511 5108 Filetrace - ok
    21:51:24.0551 5108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:51:24.0551 5108 flpydisk - ok
    21:51:24.0581 5108 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    21:51:24.0581 5108 FltMgr - ok
    21:51:24.0611 5108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    21:51:24.0611 5108 FsDepends - ok
    21:51:24.0621 5108 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    21:51:24.0621 5108 Fs_Rec - ok
    21:51:24.0661 5108 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    21:51:24.0661 5108 fvevol - ok
    21:51:24.0691 5108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:51:24.0691 5108 gagp30kx - ok
    21:51:24.0731 5108 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:51:24.0731 5108 GEARAspiWDM - ok
    21:51:24.0771 5108 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
    21:51:24.0771 5108 hcmon - ok
    21:51:24.0791 5108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    21:51:24.0791 5108 hcw85cir - ok
    21:51:24.0841 5108 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    21:51:24.0841 5108 HdAudAddService - ok
    21:51:24.0881 5108 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    21:51:24.0881 5108 HDAudBus - ok
    21:51:24.0911 5108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    21:51:24.0911 5108 HidBatt - ok
    21:51:24.0931 5108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    21:51:24.0931 5108 HidBth - ok
    21:51:24.0951 5108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    21:51:24.0951 5108 HidIr - ok
    21:51:25.0001 5108 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    21:51:25.0001 5108 HidUsb - ok
    21:51:25.0051 5108 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    21:51:25.0051 5108 HpSAMD - ok
    21:51:25.0121 5108 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    21:51:25.0131 5108 HTTP - ok
    21:51:25.0161 5108 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    21:51:25.0161 5108 hwpolicy - ok
    21:51:25.0201 5108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    21:51:25.0201 5108 i8042prt - ok
    21:51:25.0251 5108 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    21:51:25.0251 5108 iaStorV - ok
    21:51:25.0281 5108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    21:51:25.0281 5108 iirsp - ok
    21:51:25.0321 5108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    21:51:25.0321 5108 intelide - ok
    21:51:25.0351 5108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    21:51:25.0351 5108 intelppm - ok
    21:51:25.0381 5108 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:51:25.0381 5108 IpFilterDriver - ok
    21:51:25.0421 5108 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    21:51:25.0421 5108 IPMIDRV - ok
    21:51:25.0451 5108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    21:51:25.0451 5108 IPNAT - ok
    21:51:25.0551 5108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    21:51:25.0551 5108 IRENUM - ok
    21:51:25.0591 5108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    21:51:25.0591 5108 isapnp - ok
    21:51:25.0641 5108 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    21:51:25.0641 5108 iScsiPrt - ok
    21:51:25.0681 5108 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
    21:51:25.0681 5108 k57nd60a - ok
    21:51:25.0731 5108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    21:51:25.0741 5108 kbdclass - ok
    21:51:25.0801 5108 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    21:51:25.0801 5108 kbdhid - ok
    21:51:25.0851 5108 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    21:51:25.0851 5108 KSecDD - ok
    21:51:25.0881 5108 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    21:51:25.0881 5108 KSecPkg - ok
    21:51:25.0911 5108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    21:51:25.0911 5108 ksthunk - ok
    21:51:25.0961 5108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    21:51:25.0961 5108 lltdio - ok
    21:51:26.0001 5108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:51:26.0001 5108 LSI_FC - ok
    21:51:26.0021 5108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:51:26.0021 5108 LSI_SAS - ok
    21:51:26.0041 5108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:51:26.0041 5108 LSI_SAS2 - ok
    21:51:26.0051 5108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:51:26.0061 5108 LSI_SCSI - ok
    21:51:26.0071 5108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    21:51:26.0071 5108 luafv - ok
    21:51:26.0101 5108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    21:51:26.0101 5108 megasas - ok
    21:51:26.0121 5108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    21:51:26.0121 5108 MegaSR - ok
    21:51:26.0181 5108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    21:51:26.0181 5108 Modem - ok
    21:51:26.0201 5108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    21:51:26.0201 5108 monitor - ok
    21:51:26.0251 5108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    21:51:26.0251 5108 mouclass - ok
    21:51:26.0271 5108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    21:51:26.0271 5108 mouhid - ok
    21:51:26.0311 5108 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    21:51:26.0311 5108 mountmgr - ok
    21:51:26.0381 5108 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
    21:51:26.0381 5108 MpFilter - ok
    21:51:26.0461 5108 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    21:51:26.0461 5108 mpio - ok
    21:51:26.0591 5108 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
    21:51:26.0591 5108 MpNWMon - ok
    21:51:26.0661 5108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    21:51:26.0661 5108 mpsdrv - ok
    21:51:26.0711 5108 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    21:51:26.0711 5108 MRxDAV - ok
    21:51:26.0751 5108 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:51:26.0751 5108 mrxsmb - ok
    21:51:26.0791 5108 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:51:26.0791 5108 mrxsmb10 - ok
    21:51:26.0821 5108 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:51:26.0821 5108 mrxsmb20 - ok
    21:51:26.0861 5108 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    21:51:26.0861 5108 msahci - ok
    21:51:26.0901 5108 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    21:51:26.0901 5108 msdsm - ok
    21:51:26.0941 5108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    21:51:26.0941 5108 Msfs - ok
    21:51:26.0971 5108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    21:51:26.0971 5108 mshidkmdf - ok
    21:51:26.0991 5108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    21:51:26.0991 5108 msisadrv - ok
    21:51:27.0031 5108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    21:51:27.0031 5108 MSKSSRV - ok
    21:51:27.0091 5108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:51:27.0091 5108 MSPCLOCK - ok
    21:51:27.0111 5108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    21:51:27.0111 5108 MSPQM - ok
    21:51:27.0151 5108 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    21:51:27.0151 5108 MsRPC - ok
    21:51:27.0181 5108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    21:51:27.0181 5108 mssmbios - ok
    21:51:27.0201 5108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    21:51:27.0201 5108 MSTEE - ok
    21:51:27.0221 5108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    21:51:27.0221 5108 MTConfig - ok
    21:51:27.0251 5108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    21:51:27.0251 5108 Mup - ok
    21:51:27.0291 5108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    21:51:27.0301 5108 NativeWifiP - ok
    21:51:27.0341 5108 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    21:51:27.0371 5108 NDIS - ok
    21:51:27.0381 5108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    21:51:27.0391 5108 NdisCap - ok
    21:51:27.0411 5108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:51:27.0411 5108 NdisTapi - ok
    21:51:27.0441 5108 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:51:27.0441 5108 Ndisuio - ok
    21:51:27.0471 5108 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:51:27.0481 5108 NdisWan - ok
    21:51:27.0521 5108 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    21:51:27.0521 5108 NDProxy - ok
    21:51:27.0571 5108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    21:51:27.0571 5108 NetBIOS - ok
    21:51:27.0631 5108 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    21:51:27.0641 5108 NetBT - ok
    21:51:27.0791 5108 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
    21:51:27.0901 5108 netw5v64 - ok
    21:51:27.0951 5108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    21:51:27.0951 5108 nfrd960 - ok
    21:51:28.0001 5108 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    21:51:28.0001 5108 NisDrv - ok
    21:51:28.0071 5108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    21:51:28.0071 5108 Npfs - ok
    21:51:28.0081 5108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    21:51:28.0091 5108 nsiproxy - ok
    21:51:28.0151 5108 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    21:51:28.0191 5108 Ntfs - ok
    21:51:28.0201 5108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    21:51:28.0201 5108 Null - ok
    21:51:28.0261 5108 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    21:51:28.0261 5108 nvraid - ok
    21:51:28.0311 5108 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    21:51:28.0311 5108 nvstor - ok
    21:51:28.0351 5108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    21:51:28.0351 5108 nv_agp - ok
    21:51:28.0411 5108 OA008Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA008Ufd.sys
    21:51:28.0421 5108 OA008Ufd - ok
    21:51:28.0451 5108 OA008Vid (60fd277cfd34f680a1668ac123b324ae) C:\Windows\system32\DRIVERS\OA008Vid.sys
    21:51:28.0451 5108 OA008Vid - ok
    21:51:28.0501 5108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    21:51:28.0501 5108 ohci1394 - ok
    21:51:28.0591 5108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    21:51:28.0591 5108 Parport - ok
    21:51:28.0621 5108 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    21:51:28.0621 5108 partmgr - ok
    21:51:28.0801 5108 PCD5SRVC{048DBD20-445E8C82-05040104} (58c1cd52347c4835dc3606cd4723f426) C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms
    21:51:28.0841 5108 PCD5SRVC{048DBD20-445E8C82-05040104} - ok
    21:51:28.0971 5108 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    21:51:28.0981 5108 pci - ok
    21:51:29.0021 5108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    21:51:29.0021 5108 pciide - ok
    21:51:29.0061 5108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:51:29.0061 5108 pcmcia - ok
    21:51:29.0081 5108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    21:51:29.0081 5108 pcw - ok
    21:51:29.0121 5108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    21:51:29.0141 5108 PEAUTH - ok
    21:51:29.0211 5108 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    21:51:29.0211 5108 PptpMiniport - ok
    21:51:29.0241 5108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    21:51:29.0241 5108 Processor - ok
    21:51:29.0291 5108 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    21:51:29.0291 5108 Psched - ok
    21:51:29.0341 5108 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
    21:51:29.0341 5108 PxHlpa64 - ok
    21:51:29.0411 5108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    21:51:29.0441 5108 ql2300 - ok
    21:51:29.0471 5108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    21:51:29.0471 5108 ql40xx - ok
    21:51:29.0491 5108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    21:51:29.0491 5108 QWAVEdrv - ok
    21:51:29.0501 5108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    21:51:29.0501 5108 RasAcd - ok
    21:51:29.0551 5108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:51:29.0551 5108 RasAgileVpn - ok
    21:51:29.0591 5108 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:51:29.0591 5108 Rasl2tp - ok
    21:51:29.0621 5108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:51:29.0621 5108 RasPppoe - ok
    21:51:29.0641 5108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    21:51:29.0651 5108 RasSstp - ok
    21:51:29.0681 5108 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    21:51:29.0691 5108 rdbss - ok
    21:51:29.0701 5108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    21:51:29.0711 5108 rdpbus - ok
    21:51:29.0731 5108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:51:29.0731 5108 RDPCDD - ok
    21:51:29.0771 5108 RDPDISPM (f56aed34ea2a292e92a3a09736c3648e) C:\Windows\system32\DRIVERS\rdpdispm.sys
    21:51:29.0771 5108 RDPDISPM - ok
    21:51:29.0791 5108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    21:51:29.0791 5108 RDPENCDD - ok
    21:51:29.0811 5108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    21:51:29.0811 5108 RDPREFMP - ok
    21:51:29.0851 5108 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    21:51:29.0861 5108 RDPWD - ok
    21:51:29.0931 5108 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    21:51:29.0931 5108 rdyboost - ok
    21:51:29.0971 5108 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
    21:51:29.0971 5108 rimmptsk - ok
    21:51:30.0021 5108 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
    21:51:30.0021 5108 rimsptsk - ok
    21:51:30.0051 5108 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
    21:51:30.0051 5108 rismxdp - ok
    21:51:30.0091 5108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    21:51:30.0091 5108 rspndr - ok
    21:51:30.0121 5108 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    21:51:30.0121 5108 sbp2port - ok
    21:51:30.0151 5108 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    21:51:30.0161 5108 scfilter - ok
    21:51:30.0211 5108 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    21:51:30.0211 5108 sdbus - ok
    21:51:30.0261 5108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    21:51:30.0261 5108 secdrv - ok
    21:51:30.0291 5108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    21:51:30.0291 5108 Serenum - ok
    21:51:30.0331 5108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    21:51:30.0331 5108 Serial - ok
    21:51:30.0381 5108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    21:51:30.0381 5108 sermouse - ok
    21:51:30.0421 5108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    21:51:30.0421 5108 sffdisk - ok
    21:51:30.0451 5108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    21:51:30.0451 5108 sffp_mmc - ok
    21:51:30.0461 5108 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    21:51:30.0471 5108 sffp_sd - ok
    21:51:30.0491 5108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    21:51:30.0501 5108 sfloppy - ok
    21:51:30.0541 5108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:51:30.0551 5108 SiSRaid2 - ok
    21:51:30.0571 5108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    21:51:30.0571 5108 SiSRaid4 - ok
    21:51:30.0601 5108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    21:51:30.0601 5108 Smb - ok
    21:51:30.0641 5108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    21:51:30.0641 5108 spldr - ok
    21:51:30.0701 5108 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    21:51:30.0701 5108 srv - ok
    21:51:30.0731 5108 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    21:51:30.0731 5108 srv2 - ok
    21:51:30.0751 5108 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    21:51:30.0751 5108 srvnet - ok
    21:51:30.0801 5108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    21:51:30.0801 5108 stexstor - ok
    21:51:30.0841 5108 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
    21:51:30.0851 5108 STHDA - ok
    21:51:30.0891 5108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    21:51:30.0891 5108 swenum - ok
    21:51:30.0941 5108 sxuptp (e4154c5ce666b713de9398c053d8fb7e) C:\Windows\system32\DRIVERS\sxuptp.sys
    21:51:30.0941 5108 sxuptp - ok
    21:51:30.0991 5108 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
    21:51:30.0991 5108 SynTP - ok
    21:51:31.0091 5108 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    21:51:31.0131 5108 Tcpip - ok
    21:51:31.0181 5108 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    21:51:31.0191 5108 TCPIP6 - ok
    21:51:31.0231 5108 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    21:51:31.0231 5108 tcpipreg - ok
    21:51:31.0281 5108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    21:51:31.0281 5108 TDPIPE - ok
    21:51:31.0291 5108 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    21:51:31.0291 5108 TDTCP - ok
    21:51:31.0341 5108 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    21:51:31.0341 5108 tdx - ok
    21:51:31.0381 5108 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    21:51:31.0381 5108 TermDD - ok
    21:51:31.0441 5108 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:51:31.0441 5108 tssecsrv - ok
    21:51:31.0491 5108 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    21:51:31.0491 5108 TsUsbFlt - ok
    21:51:31.0531 5108 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    21:51:31.0531 5108 tunnel - ok
    21:51:31.0561 5108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    21:51:31.0561 5108 uagp35 - ok
    21:51:31.0611 5108 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    21:51:31.0611 5108 udfs - ok
    21:51:31.0681 5108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    21:51:31.0681 5108 uliagpkx - ok
    21:51:31.0721 5108 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    21:51:31.0721 5108 umbus - ok
    21:51:31.0771 5108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    21:51:31.0771 5108 UmPass - ok
    21:51:31.0811 5108 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    21:51:31.0811 5108 USBAAPL64 - ok
    21:51:31.0871 5108 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
    21:51:31.0871 5108 usbbus - ok
    21:51:31.0901 5108 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:51:31.0911 5108 usbccgp - ok
    21:51:31.0941 5108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    21:51:31.0941 5108 usbcir - ok
    21:51:31.0981 5108 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
    21:51:31.0991 5108 UsbDiag - ok
    21:51:32.0001 5108 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:51:32.0001 5108 usbehci - ok
    21:51:32.0051 5108 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    21:51:32.0061 5108 usbhub - ok
    21:51:32.0111 5108 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
    21:51:32.0111 5108 USBModem - ok
    21:51:32.0151 5108 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    21:51:32.0151 5108 usbohci - ok
    21:51:32.0191 5108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    21:51:32.0191 5108 usbprint - ok
    21:51:32.0221 5108 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    21:51:32.0221 5108 usbscan - ok
    21:51:32.0281 5108 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    21:51:32.0281 5108 USBSTOR - ok
    21:51:32.0321 5108 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:51:32.0321 5108 usbuhci - ok
    21:51:32.0371 5108 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    21:51:32.0371 5108 usbvideo - ok
    21:51:32.0401 5108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    21:51:32.0401 5108 vdrvroot - ok
    21:51:32.0431 5108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:51:32.0431 5108 vga - ok
    21:51:32.0461 5108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    21:51:32.0461 5108 VgaSave - ok
    21:51:32.0501 5108 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    21:51:32.0501 5108 vhdmp - ok
    21:51:32.0561 5108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    21:51:32.0561 5108 viaide - ok
    21:51:32.0601 5108 vmci (4c8a14dbd410b510a88f77cb645f2c2a) C:\Windows\system32\drivers\vmci.sys
    21:51:32.0601 5108 vmci - ok
    21:51:32.0631 5108 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
    21:51:32.0631 5108 vmkbd - ok
    21:51:32.0691 5108 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
    21:51:32.0691 5108 VMnetAdapter - ok
    21:51:32.0741 5108 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
    21:51:32.0741 5108 VMnetBridge - ok
    21:51:32.0771 5108 VMnetuserif (d0b809f6a9fb437c2b880c3ca8c10780) C:\Windows\system32\drivers\vmnetuserif.sys
    21:51:32.0771 5108 VMnetuserif - ok
    21:51:32.0831 5108 vmx86 (541a6d6536710fd0602ec3aa24a81756) C:\Windows\system32\drivers\vmx86.sys
    21:51:32.0831 5108 vmx86 - ok
    21:51:32.0871 5108 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    21:51:32.0871 5108 volmgr - ok
    21:51:32.0931 5108 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    21:51:32.0941 5108 volmgrx - ok
    21:51:32.0981 5108 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    21:51:32.0981 5108 volsnap - ok
    21:51:33.0041 5108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    21:51:33.0041 5108 vsmraid - ok
    21:51:33.0151 5108 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
    21:51:33.0151 5108 vstor2-ws60 - ok
    21:51:33.0311 5108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    21:51:33.0321 5108 vwifibus - ok
    21:51:33.0421 5108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    21:51:33.0421 5108 WacomPen - ok
    21:51:33.0471 5108 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:51:33.0471 5108 WANARP - ok
    21:51:33.0481 5108 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:51:33.0491 5108 Wanarpv6 - ok
    21:51:33.0561 5108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    21:51:33.0561 5108 Wd - ok
    21:51:33.0621 5108 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam.sys
    21:51:33.0621 5108 WDC_SAM - ok
    21:51:33.0651 5108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    21:51:33.0661 5108 Wdf01000 - ok
    21:51:33.0711 5108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    21:51:33.0711 5108 WfpLwf - ok
    21:51:33.0731 5108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    21:51:33.0731 5108 WIMMount - ok
    21:51:33.0811 5108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    21:51:33.0811 5108 WmiAcpi - ok
    21:51:33.0871 5108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    21:51:33.0871 5108 ws2ifsl - ok
    21:51:33.0921 5108 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    21:51:33.0921 5108 WudfPf - ok
    21:51:33.0951 5108 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:51:33.0951 5108 WUDFRd - ok
    21:51:33.0991 5108 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    21:51:34.0011 5108 \Device\Harddisk0\DR0 - ok
    21:51:34.0021 5108 Boot (0x1200) (2f26d8cdf6992bb9c4ed8bb8ce2e2149) \Device\Harddisk0\DR0\Partition0
    21:51:34.0031 5108 \Device\Harddisk0\DR0\Partition0 - ok
    21:51:34.0031 5108 Boot (0x1200) (b6e6cfd70d2070d406e4ffa0dbb79a75) \Device\Harddisk0\DR0\Partition1
    21:51:34.0031 5108 \Device\Harddisk0\DR0\Partition1 - ok
    21:51:34.0031 5108 ============================================================
    21:51:34.0031 5108 Scan finished
    21:51:34.0031 5108 ============================================================
    21:51:34.0161 5096 Detected object count: 0
    21:51:34.0161 5096 Actual detected object count: 0
    =====
     
  24. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good job :)

    What about aswMBR?
     
  25. tonylindek

    tonylindek TS Rookie Topic Starter Posts: 20

    Yay. aswMBR finally able to run. Log file:

    ====
    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-03 22:10:25
    -----------------------------
    22:10:25.915 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:10:25.915 Number of processors: 2 586 0x170A
    22:10:25.915 ComputerName: LORDPETERWIMSEY UserName: vc
    22:10:27.115 Initialize success
    22:11:48.339 AVAST engine defs: 11120302
    22:12:24.112 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    22:12:24.112 Disk 0 Vendor: WDC_WD5000BEVT-75ZAT0 01.01A01 Size: 476940MB BusType: 11
    22:12:26.142 Disk 0 MBR read successfully
    22:12:26.142 Disk 0 MBR scan
    22:12:26.142 Disk 0 Windows 7 default MBR code
    22:12:26.142 Service scanning
    22:12:26.732 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    22:12:27.332 Modules scanning
    22:12:27.332 Disk 0 trace - called modules:
    22:12:27.332 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    22:12:27.342 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c252f0]
    22:12:27.342 3 CLASSPNP.SYS[fffff880019bc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046ae0d0]
    22:12:28.592 AVAST engine scan C:\Windows
    22:12:31.852 AVAST engine scan C:\Windows\system32
    22:13:51.214 AVAST engine scan C:\Windows\system32\drivers
    22:14:00.255 AVAST engine scan C:\Users\vc
    22:22:32.559 Disk 0 MBR has been saved successfully to "C:\Users\vc\Desktop\MBR.dat"
    22:22:32.559 The log file has been saved successfully to "C:\Users\vc\Desktop\aswMBR.txt"
    =====
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...