Solved Nobbled with Google redirect

tonylindek

Posts: 20   +0
My daughter's laptop has caught some variant of the Google redirect virus. I've followed the instructions in the sticky note and logs follow.

Tony.
======================================
MBAM
====
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8236

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

28-Nov-2011 20:49:32
mbam-log-2011-11-28 (20-49-32).txt

Scan type: Quick scan
Objects scanned: 190945
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER
====
empty

DDS
===
dds.txt
-------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by vc at 21:36:12 on 2011-11-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2197 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [AdobeBridge]
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{BCDF04DB-B757-47B9-AA2D-8FF45DC03030} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{BCDF04DB-B757-47B9-AA2D-8FF45DC03030}\C496675626F687D264633383 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BCDF04DB-B757-47B9-AA2D-8FF45DC03030}\F4A77596275633027457563747 : DhcpNameServer = 172.16.42.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: AutorunsDisabled - No File
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\vc\AppData\Roaming\Mozilla\Firefox\Profiles\g2aa1na6.default\
FF - prefs.js: browser.startup.homepage - hxxp://pinterest.com/|https://accounts.google.com/Service...//hootsuite.com/dashboard|http://twitter.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\vc\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-5-31 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA008Ufd.sys --> C:\Windows\system32\DRIVERS\OA008Ufd.sys [?]
R3 OA008Vid;Creative Camera OA008 Function Driver;C:\Windows\system32\DRIVERS\OA008Vid.sys --> C:\Windows\system32\DRIVERS\OA008Vid.sys [?]
R3 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-7 1038088]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-4 28152]
S3 RDPDISPM;RDPDISPM;C:\Windows\system32\DRIVERS\rdpdispm.sys --> C:\Windows\system32\DRIVERS\rdpdispm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys --> C:\Windows\system32\DRIVERS\wdcsam.sys [?]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-28 16:41:44 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06AD7913-9090-416D-831B-91427F1745B3}\offreg.dll
2011-11-28 16:41:40 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06AD7913-9090-416D-831B-91427F1745B3}\mpengine.dll
2011-11-25 16:18:17 -------- d-----w- C:\Program Files\CCleaner
2011-11-25 16:16:32 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-25 11:58:46 -------- d-----w- C:\Users\vc\AppData\Roaming\Malwarebytes
2011-11-25 11:58:35 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-25 11:58:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-09 13:15:34 636728 ----a-w- C:\Program Files (x86)\autoruns.exe
2011-11-09 11:15:23 -------- d-----w- C:\Program Files\iPod
2011-11-09 11:15:22 -------- d-----w- C:\Program Files\iTunes
2011-11-09 11:15:22 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-09 11:12:22 -------- d-----w- C:\Program Files\Bonjour
2011-11-09 11:12:22 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-09 10:11:22 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 10:11:22 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 10:11:21 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 10:11:19 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-11-28 16:37:11 4845856 ----a-w- C:\Program Files (x86)\procexp.exe
2011-11-09 11:05:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-30 23:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-30 23:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-30 23:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-30 23:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-30 23:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-30 23:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-30 23:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-30 23:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 21:43:59.94 ===============


attach.txt
----------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 06-Nov-2009 18:36:53
System Uptime: 28-Nov-2011 16:30:35 (5 hours ago)
.
Motherboard: Dell Inc. | | 0C234M
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | U2E1 | 2401/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 272.095 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 8.207 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP573: 12-Nov-2011 09:53:52 - Windows Update
RP574: 16-Nov-2011 09:30:16 - Windows Update
RP575: 19-Nov-2011 13:58:39 - Windows Update
RP576: 22-Nov-2011 19:39:30 - Windows Update
RP577: 26-Nov-2011 12:52:32 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 7.0 Professional Edition
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.4.6
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Amazon Kindle For PC v1.1
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Software Update
Brother HL-2030
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Connect
D3DX10
Dell Driver Download Manager
Dell Support Center (Support Software)
Driving Test Success - All Tests 2011 Edition
Google Chrome
Google Earth
Google Update Helper
IDT Audio
Java Auto Updater
Java(TM) 6 Update 26
kuler
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mindjet MindManager Pro 7
Mozilla Firefox (3.6)
Mozilla Firefox 8.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyHeritage Family Tree Builder
PDF-XChange 3
PDF Settings CS4
Photoshop Camera Raw
QuickTime
RICOH Media Driver ver.2.07.01.00
Roxio Burn
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Skype Click to Call
Skype™ 5.5
Spelling Dictionaries Support For Adobe Reader 9
Spotify
Suite Shared Configuration CS4
SyncBackSE
TweetDeck
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
VMware Player
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinSCP 4.2.4 beta
.
==== Event Viewer Messages From Past Week ========
.
28-Nov-2011 16:30:48, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
28-Nov-2011 16:29:53, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
28-Nov-2011 16:26:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
28-Nov-2011 16:26:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
28-Nov-2011 16:26:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
28-Nov-2011 16:26:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
28-Nov-2011 16:26:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
28-Nov-2011 16:26:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
28-Nov-2011 16:26:05, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
28-Nov-2011 16:26:03, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
28-Nov-2011 14:21:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
25-Nov-2011 16:19:55, Error: Service Control Manager [7034] - The Spybot S&D 2 Live Protection Service service terminated unexpectedly. It has done this 1 time(s).
25-Nov-2011 11:46:49, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
24-Nov-2011 17:39:09, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
24-Nov-2011 17:37:40, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
24-Nov-2011 17:32:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
24-Nov-2011 17:16:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==========================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thanks for the reply, Broni. Unfortunately, aswMBR will not run. I tried disabling real-time protection in MSE and also running in safe mode. Neither time would anything happen after I double-clicked the icon. I did not go on to run combofix - should I?

Thanks,
Tony.
 
Run this instead...

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
That one worked, Broni. Screen contents are:

=====
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`abf38a00

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
=====

T.
 
We need to reset your MBR.

Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

exit

Restart computer.

Post new Bootkit Remover log.
 
Thanks, Broni. That didn't seem to work. Log:

=====
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`abf38a00

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
=====

Should I just reinstall Windows?

Thanks,
Tony.
 
No.
It looks like you may be infected with the newest TDL rootkit.
Let's check.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

  • Double click on downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log (FRST.txt) on your desktop.
  • Please copy and paste it to your reply.
 
Thanks again, Broni. Log is as follows:

=====
Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by vc at 2011-12-02 05:24:29
Running from C:\Users\vc\Desktop
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry (Whitelisted) =============

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x x] ()

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-02 05:24 - 2011-12-02 05:24 - 0000000 ____D C:\FRST
2011-12-02 05:23 - 2011-12-02 05:24 - 1377555 ____A C:\Users\vc\Desktop\FRST64.exe
2011-12-01 07:47 - 2011-12-01 07:47 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{01d9ffa1-172a-11e0-83fe-002219ef65b4}.TxR.blf
2011-11-30 07:09 - 2011-12-01 07:55 - 0053372 ____A C:\Users\vc\Desktop\bootkit_remover_debug_log.txt
2011-11-30 07:07 - 2011-11-30 07:07 - 0044607 ____A C:\Users\vc\Downloads\bootkit_remover.zip
2011-11-29 06:54 - 2011-12-01 07:55 - 0000508 ____A C:\Users\vc\Desktop\Virus and Malware Removal - TechSpot OpenBoards.website
2011-11-29 06:42 - 2011-11-29 06:42 - 1916416 ____A (AVAST Software) C:\Users\vc\Desktop\aswMBR.exe
2011-11-29 06:41 - 2011-11-29 06:41 - 0067168 ____A C:\Users\vc\Desktop\reply 1.docx
2011-11-29 06:41 - 2011-11-29 06:41 - 0000162 ___AH C:\Users\vc\Desktop\~$eply 1.docx
2011-11-28 21:00 - 2011-11-28 21:00 - 0000000 ____A C:\Users\vc\Desktop\20111128-2100.log
2011-11-28 20:45 - 2011-11-28 21:46 - 0030812 ____A C:\Users\vc\Desktop\scanlogs.txt
2011-11-28 20:41 - 2011-11-28 20:41 - 0607260 ____R (Swearware) C:\Users\vc\Desktop\dds.scr
2011-11-28 20:40 - 2011-11-28 20:40 - 0302592 ____A C:\Users\vc\Desktop\n5mk7iv8.exe
2011-11-28 17:36 - 2011-11-28 17:36 - 2525216 ____A C:\Users\vc\Documents\AutoRuns.arn
2011-11-28 16:40 - 2011-11-28 16:40 - 0577930 ____A C:\Users\vc\Downloads\Autoruns.zip
2011-11-28 16:35 - 2011-11-28 16:37 - 0068084 ____A C:\Users\vc\Downloads\ProcessExplorer.zip
2011-11-28 15:57 - 2011-11-28 15:57 - 1566512 ____A (Kaspersky Lab ZAO) C:\Users\vc\Downloads\tdsskiller.exe
2011-11-28 15:56 - 2011-11-28 15:56 - 1241136 ____A (Soluto Inc) C:\Users\vc\Downloads\solutoinstaller.exe
2011-11-25 16:18 - 2011-11-25 16:18 - 0000000 ____D C:\Program Files\CCleaner
2011-11-25 16:16 - 2011-11-25 16:18 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-11-25 16:16 - 2011-11-25 16:18 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-11-25 16:08 - 2011-11-25 16:08 - 0141120 ____A (GridinSoft) C:\Users\vc\Downloads\unhider.exe
2011-11-25 12:03 - 2011-11-25 12:04 - 3511776 ____A (Piriform Ltd) C:\Users\vc\Downloads\ccsetup312.exe
2011-11-25 12:02 - 2011-11-25 12:05 - 47360456 ____A (Safer-Networking Ltd. ) C:\Users\vc\Downloads\spybotsd-2.0.6-beta4.exe
2011-11-25 11:58 - 2011-11-25 11:58 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\Users\vc\AppData\Roaming\Malwarebytes
2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-25 11:56 - 2011-11-25 11:57 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\vc\Downloads\mbam-setup-1.51.2.1300.exe
2011-11-25 11:54 - 2011-11-25 11:55 - 0000361 ____A C:\rkill.log
2011-11-25 11:52 - 2011-11-25 11:52 - 1008114 ____A C:\Users\vc\Downloads\rkill.exe
2011-11-25 10:51 - 2011-11-25 10:51 - 0000692 ____A C:\Users\vc\Desktop\Libraries - Shortcut.lnk
2011-11-24 18:58 - 2009-07-14 04:54 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
2011-11-24 18:16 - 2011-11-24 18:17 - 14580096 ____A (Mozilla) C:\Users\vc\Downloads\Firefox Setup 8.0.1.exe
2011-11-24 18:16 - 2011-11-24 18:16 - 0743811 ____A C:\Users\vc\Documents\bookmarks-2011-11-24.json
2011-11-24 18:15 - 2011-11-24 18:15 - 1651479 ____A C:\Users\vc\Documents\bookmarks.html
2011-11-24 18:06 - 2011-11-24 18:06 - 0001500 ____A C:\Users\vc\Desktop\Skype.lnk
2011-11-24 17:24 - 2011-11-29 06:56 - 0591440 ____A C:\Windows\ntbtlog.txt
2011-11-24 17:11 - 2011-11-24 17:11 - 0000649 ____A C:\Users\vc\Desktop\System Fix.lnk
2011-11-13 10:29 - 2011-11-13 10:29 - 0095459 ____A C:\Users\vc\Downloads\oct 2011 338.jpg
2011-11-13 09:11 - 2011-11-13 09:11 - 0874218 ____A C:\Users\vc\Downloads\nextgen-gallery.zip
2011-11-11 16:20 - 2011-11-11 16:20 - 0076836 ____A C:\Users\vc\Downloads\drawing 2010a 006.jpg
2011-11-09 13:15 - 2011-11-28 16:40 - 0636728 ____A (Sysinternals - www.sysinternals.com) C:\Program Files (x86)\autoruns.exe
2011-11-09 11:15 - 2011-11-09 11:17 - 0000000 ____D C:\Program Files\iTunes
2011-11-09 11:15 - 2011-11-09 11:16 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-11-09 11:15 - 2011-11-09 11:15 - 0000000 ____D C:\Program Files\iPod
2011-11-09 11:12 - 2011-11-09 11:12 - 0000000 ____D C:\Program Files\Bonjour
2011-11-09 11:12 - 2011-11-09 11:12 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-11-09 10:11 - 2011-09-29 16:29 - 1923952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-11-09 10:11 - 2011-09-29 04:03 - 3144704 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-05 12:52 - 2011-11-28 16:40 - 0049648 ____A C:\Program Files (x86)\autoruns.chm
2011-11-03 17:06 - 2011-11-03 17:06 - 0000053 ____A C:\Users\vc\Downloads\googled8a0bdcb8fb56c79.html

============ 3 Months Modified Files and Folders =============

2011-12-02 05:24 - 2011-12-02 05:23 - 1377555 ____A C:\Users\vc\Desktop\FRST64.exe
2011-12-02 05:22 - 2009-11-06 18:32 - 1056706 ____A C:\Windows\WindowsUpdate.log
2011-12-02 05:22 - 2009-07-14 04:51 - 0305295 ____A C:\Windows\setupact.log
2011-12-01 07:55 - 2011-11-30 07:09 - 0053372 ____A C:\Users\vc\Desktop\bootkit_remover_debug_log.txt
2011-12-01 07:55 - 2011-11-29 06:54 - 0000508 ____A C:\Users\vc\Desktop\Virus and Malware Removal - TechSpot OpenBoards.website
2011-12-01 07:51 - 2009-07-14 04:45 - 0013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-12-01 07:51 - 2009-07-14 04:45 - 0013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-12-01 07:50 - 2009-07-14 05:13 - 0733964 ____A C:\Windows\System32\PerfStringBackup.INI
2011-12-01 07:47 - 2011-12-01 07:47 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{01d9ffa1-172a-11e0-83fe-002219ef65b4}.TxR.blf
2011-12-01 07:44 - 2011-09-03 13:09 - 0000000 ____D C:\Users\All Users\VMware
2011-12-01 07:44 - 2011-09-03 13:09 - 0000000 ____D C:\ProgramData\VMware
2011-12-01 07:44 - 2009-11-06 18:29 - 3193565184 __ASH C:\hiberfil.sys
2011-12-01 07:44 - 2009-07-14 05:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-11-30 07:08 - 2011-09-20 03:02 - 0083968 ____A (Esage Lab) C:\Users\vc\Desktop\boot_cleaner.exe
2011-11-30 07:07 - 2011-11-30 07:07 - 0044607 ____A C:\Users\vc\Downloads\bootkit_remover.zip
2011-11-29 06:56 - 2011-11-24 17:24 - 0591440 ____A C:\Windows\ntbtlog.txt
2011-11-29 06:42 - 2011-11-29 06:42 - 1916416 ____A (AVAST Software) C:\Users\vc\Desktop\aswMBR.exe
2011-11-29 06:41 - 2011-11-29 06:41 - 0067168 ____A C:\Users\vc\Desktop\reply 1.docx
2011-11-29 06:41 - 2011-11-29 06:41 - 0000162 ___AH C:\Users\vc\Desktop\~$eply 1.docx
2011-11-28 21:46 - 2011-11-28 20:45 - 0030812 ____A C:\Users\vc\Desktop\scanlogs.txt
2011-11-28 21:00 - 2011-11-28 21:00 - 0000000 ____A C:\Users\vc\Desktop\20111128-2100.log
2011-11-28 20:41 - 2011-11-28 20:41 - 0607260 ____R (Swearware) C:\Users\vc\Desktop\dds.scr
2011-11-28 20:40 - 2011-11-28 20:40 - 0302592 ____A C:\Users\vc\Desktop\n5mk7iv8.exe
2011-11-28 17:36 - 2011-11-28 17:36 - 2525216 ____A C:\Users\vc\Documents\AutoRuns.arn
2011-11-28 16:40 - 2011-11-28 16:40 - 0577930 ____A C:\Users\vc\Downloads\Autoruns.zip
2011-11-28 16:40 - 2011-11-09 13:15 - 0636728 ____A (Sysinternals - www.sysinternals.com) C:\Program Files (x86)\autoruns.exe
2011-11-28 16:40 - 2011-11-05 12:52 - 0049648 ____A C:\Program Files (x86)\autoruns.chm
2011-11-28 16:37 - 2011-11-28 16:35 - 0068084 ____A C:\Users\vc\Downloads\ProcessExplorer.zip
2011-11-28 16:37 - 2011-09-19 10:36 - 4845856 ____A (Sysinternals - www.sysinternals.com) C:\Program Files (x86)\procexp.exe
2011-11-28 16:29 - 2009-11-18 13:18 - 0000000 ____D C:\Users\vc\AppData\Local\ElevatedDiagnostics
2011-11-28 15:57 - 2011-11-28 15:57 - 1566512 ____A (Kaspersky Lab ZAO) C:\Users\vc\Downloads\tdsskiller.exe
2011-11-28 15:56 - 2011-11-28 15:56 - 1241136 ____A (Soluto Inc) C:\Users\vc\Downloads\solutoinstaller.exe
2011-11-27 19:47 - 2011-09-04 17:12 - 0000000 ____D C:\Users\vc\Documents\Jackdaw 19
2011-11-26 15:49 - 2010-01-13 16:41 - 0016860 ____A C:\Users\vc\Documents\DVD list.2.docx
2011-11-25 16:18 - 2011-11-25 16:18 - 0000000 ____D C:\Program Files\CCleaner
2011-11-25 16:18 - 2011-11-25 16:16 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-11-25 16:18 - 2011-11-25 16:16 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-11-25 16:08 - 2011-11-25 16:08 - 0141120 ____A (GridinSoft) C:\Users\vc\Downloads\unhider.exe
2011-11-25 12:05 - 2011-11-25 12:02 - 47360456 ____A (Safer-Networking Ltd. ) C:\Users\vc\Downloads\spybotsd-2.0.6-beta4.exe
2011-11-25 12:04 - 2011-11-25 12:03 - 3511776 ____A (Piriform Ltd) C:\Users\vc\Downloads\ccsetup312.exe
2011-11-25 11:58 - 2011-11-25 11:58 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\Users\vc\AppData\Roaming\Malwarebytes
2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-11-25 11:58 - 2011-11-25 11:58 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-25 11:57 - 2011-11-25 11:56 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\vc\Downloads\mbam-setup-1.51.2.1300.exe
2011-11-25 11:55 - 2011-11-25 11:54 - 0000361 ____A C:\rkill.log
2011-11-25 11:52 - 2011-11-25 11:52 - 1008114 ____A C:\Users\vc\Downloads\rkill.exe
2011-11-25 10:51 - 2011-11-25 10:51 - 0000692 ____A C:\Users\vc\Desktop\Libraries - Shortcut.lnk
2011-11-25 08:59 - 2009-12-08 18:54 - 0000000 ____D C:\Users\All Users\Mozilla Firefox 3.6 Beta 4
2011-11-25 08:59 - 2009-12-08 18:54 - 0000000 ____D C:\ProgramData\Mozilla Firefox 3.6 Beta 4
2011-11-25 08:50 - 2009-11-07 09:37 - 0000000 ____D C:\Users\vc\Downloads\_old
2011-11-24 18:32 - 2009-11-07 11:15 - 0000000 ____D C:\Users\vc\AppData\Roaming\Skype
2011-11-24 18:17 - 2011-11-24 18:16 - 14580096 ____A (Mozilla) C:\Users\vc\Downloads\Firefox Setup 8.0.1.exe
2011-11-24 18:16 - 2011-11-24 18:16 - 0743811 ____A C:\Users\vc\Documents\bookmarks-2011-11-24.json
2011-11-24 18:15 - 2011-11-24 18:15 - 1651479 ____A C:\Users\vc\Documents\bookmarks.html
2011-11-24 18:06 - 2011-11-24 18:06 - 0001500 ____A C:\Users\vc\Desktop\Skype.lnk
2011-11-24 17:15 - 2009-11-07 10:04 - 0037760 ____A C:\Windows\PFRO.log
2011-11-24 17:14 - 2010-06-22 09:04 - 0000307 ____A C:\Windows\Brownie.ini
2011-11-24 17:11 - 2011-11-24 17:11 - 0000649 ____A C:\Users\vc\Desktop\System Fix.lnk
2011-11-19 20:00 - 2010-06-07 15:26 - 0000000 ____D C:\Users\vc\AppData\Roaming\Spotify
2011-11-19 19:26 - 2010-06-07 15:26 - 0000000 ____D C:\Users\vc\AppData\Local\Spotify
2011-11-19 14:02 - 2009-11-07 09:29 - 0000000 ____D C:\Users\vc\Documents\Pics
2011-11-19 09:17 - 2009-11-07 10:13 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-11-18 23:59 - 2011-07-04 14:29 - 0002393 ____A C:\Users\vc\Desktop\Google Chrome.lnk
2011-11-18 23:28 - 2011-09-03 14:24 - 0000000 ____D C:\Users\vc\AppData\Local\VMware
2011-11-17 10:49 - 2010-11-19 15:16 - 0000000 ____D C:\Program Files (x86)\Google
2011-11-13 18:10 - 2011-09-03 14:24 - 0000000 ____D C:\Users\vc\AppData\Roaming\VMware
2011-11-13 15:05 - 2010-06-25 16:27 - 0000426 ____A C:\Windows\BRWMARK.INI
2011-11-13 15:03 - 2010-06-22 09:04 - 0000054 ____A C:\Windows\SysWOW64\bd2030.dat
2011-11-13 14:45 - 2009-11-07 09:42 - 0000000 ___RD C:\Users\vc\Documents\Writing
2011-11-13 10:29 - 2011-11-13 10:29 - 0095459 ____A C:\Users\vc\Downloads\oct 2011 338.jpg
2011-11-13 09:11 - 2011-11-13 09:11 - 0874218 ____A C:\Users\vc\Downloads\nextgen-gallery.zip
2011-11-11 16:20 - 2011-11-11 16:20 - 0076836 ____A C:\Users\vc\Downloads\drawing 2010a 006.jpg
2011-11-10 19:49 - 2011-10-08 17:21 - 0000000 ____D C:\Users\vc\Documents\WordPress
2011-11-09 11:17 - 2011-11-09 11:15 - 0000000 ____D C:\Program Files\iTunes
2011-11-09 11:16 - 2011-11-09 11:15 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-11-09 11:15 - 2011-11-09 11:15 - 0000000 ____D C:\Program Files\iPod
2011-11-09 11:12 - 2011-11-09 11:12 - 0000000 ____D C:\Program Files\Bonjour
2011-11-09 11:12 - 2011-11-09 11:12 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-11-09 11:05 - 2011-05-20 16:49 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-11-09 11:03 - 2009-07-14 04:45 - 3018296 ____A C:\Windows\System32\FNTCACHE.DAT
2011-11-09 11:02 - 2009-07-14 03:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-09 10:46 - 2009-11-07 18:03 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-11-09 10:46 - 2009-11-07 18:03 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-11-09 10:42 - 2009-11-06 19:00 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-11-05 14:59 - 2009-11-07 11:14 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-11-05 14:59 - 2009-11-07 11:14 - 0000000 ____D C:\Users\All Users\Skype
2011-11-05 14:59 - 2009-11-07 11:14 - 0000000 ____D C:\ProgramData\Skype
2011-11-03 17:30 - 2009-11-20 11:13 - 0000600 ____A C:\Users\vc\AppData\Roaming\winscp.rnd
2011-11-03 17:06 - 2011-11-03 17:06 - 0000053 ____A C:\Users\vc\Downloads\googled8a0bdcb8fb56c79.html
2011-10-25 15:21 - 2009-11-07 10:50 - 0000000 ____D C:\Users\vc\AppData\Roaming\Adobe
2011-10-23 14:11 - 2011-10-23 14:11 - 0000178 ____A C:\Users\vc\Desktop\Wall Workout for Your Belly, Butt & Thighs - Prevention.com.URL
2011-10-20 18:19 - 2011-10-20 18:19 - 0027053 ____A C:\Users\vc\Downloads\MormonEntertainment.JPG
2011-10-19 08:28 - 2011-10-19 08:24 - 56176640 ____A C:\Users\vc\Downloads\f5l009v140.exe
2011-10-15 17:29 - 2010-08-04 11:45 - 0000000 ____D C:\Users\vc\Documents\Jewellery
2011-10-14 10:25 - 2011-10-14 10:25 - 1149904 ____A C:\Windows\Minidump\101411-17004-01.dmp
2011-10-14 10:25 - 2011-06-20 17:15 - 0000000 ____D C:\Windows\Minidump
2011-10-14 10:25 - 2011-06-20 17:14 - 483135118 ____A C:\Windows\MEMORY.DMP
2011-10-14 08:06 - 2009-11-07 18:25 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-13 16:41 - 2010-06-07 15:26 - 0000000 ____D C:\Program Files (x86)\Spotify
2011-10-08 13:40 - 2011-10-08 13:40 - 1336579 ____A C:\Users\vc\Downloads\VCblog-10-08-2011.xml
2011-10-08 13:25 - 2011-10-08 13:25 - 3981530 ____A C:\Users\vc\Downloads\wordpress-3.2.1.zip
2011-10-08 09:50 - 2011-10-08 09:50 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-10-06 22:00 - 2011-10-06 22:00 - 0000081 ____A C:\Users\vc\Desktop\Playscript Competition - Amateur Stage Magazine.URL
2011-09-29 16:29 - 2011-11-09 10:11 - 1923952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-09-29 04:03 - 2011-11-09 10:11 - 3144704 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-09-20 23:23 - 2011-09-20 23:23 - 0000077 ____A C:\Users\vc\Desktop\The Elms Hotel, United Kingdom - Boutique & Luxury Hotels.URL
2011-09-19 14:36 - 2011-07-26 18:40 - 0016496 ____A C:\Users\vc\Documents\Personal Assistant Services.docx
2011-09-17 19:27 - 2011-09-03 14:25 - 0000000 ____D C:\Users\vc\My VMs
2011-09-10 07:40 - 2011-09-10 07:40 - 0031363 ____A C:\Users\vc\Documents\print2.docx
2011-09-10 07:34 - 2011-09-10 07:34 - 0032675 ____A C:\Users\vc\Documents\Print1.docx
2011-09-04 23:05 - 2011-09-04 09:18 - 0013840 ____A C:\Users\vc\Documents\Pricing.docx


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 40%
Total physical RAM: 4060.83 MB
Available physical RAM: 2396.65 MB
Total Pagefile: 8119.86 MB
Available Pagefile: 6235.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:451.07 GB) (Free:270.11 GB) NTFS ==>[System with boot components]
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.21 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 39 MB
Partition 3 Primary 451 GB 14 GB

Disk: 0
Partition 3
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 451 GB Healthy System

==========================================================

Last Boot: 2011-11-21 11:56

======================= End Of Log ==========================
 
Thanks, as always, Broni. Combofix log file follows. (bootcleaner still shows the rootkit in place)

=====
ComboFix 11-12-01.03 - vc 2-Dec-2011 6:04.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2526 [GMT 0:00]
Running from: c:\users\vc\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\vc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\vc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\vc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\vc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\vc\Desktop\System Fix.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-12-02 06:38 . 2011-12-02 06:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-02 05:53 . 2011-12-02 05:53 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8A42711-6A38-474E-8BAE-07263E042ED7}\offreg.dll
2011-12-02 05:53 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8A42711-6A38-474E-8BAE-07263E042ED7}\mpengine.dll
2011-12-02 05:24 . 2011-12-02 05:25 -------- d-----w- C:\FRST
2011-11-25 16:18 . 2011-11-25 16:18 -------- d-----w- c:\program files\CCleaner
2011-11-25 16:16 . 2011-11-25 16:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-25 11:58 . 2011-11-25 11:58 -------- d-----w- c:\users\vc\AppData\Roaming\Malwarebytes
2011-11-25 11:58 . 2011-11-25 11:58 -------- d-----w- c:\programdata\Malwarebytes
2011-11-25 11:58 . 2011-11-25 11:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-09 13:15 . 2011-11-28 16:40 636728 ----a-w- c:\program files (x86)\autoruns.exe
2011-11-09 11:15 . 2011-11-09 11:15 -------- d-----w- c:\program files\iPod
2011-11-09 11:15 . 2011-11-09 11:17 -------- d-----w- c:\program files\iTunes
2011-11-09 11:15 . 2011-11-09 11:16 -------- d-----w- c:\program files (x86)\iTunes
2011-11-09 11:12 . 2011-11-09 11:12 -------- d-----w- c:\program files\Bonjour
2011-11-09 11:12 . 2011-11-09 11:12 -------- d-----w- c:\program files (x86)\Bonjour
2011-11-09 10:11 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 10:11 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 10:11 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 10:11 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 16:37 . 2011-09-19 10:36 4845856 ----a-w- c:\program files (x86)\procexp.exe
2011-11-09 11:05 . 2011-05-20 16:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 07:07 . 2011-10-11 07:08 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBD09F0D-1225-447C-9513-A7ED85BDCD73}\gapaengine.dll
2011-10-07 04:16 . 2009-12-10 23:00 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-11-09 611712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-25 64112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-07 1038088]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-04 28152]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [x]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [x]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\vc\AppData\Roaming\Mozilla\Firefox\Profiles\g2aa1na6.default\
FF - prefs.js: browser.startup.homepage - hxxp://pinterest.com/|https://accounts.google.com/Service...//hootsuite.com/dashboard|http://twitter.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-02 07:01:29
ComboFix-quarantined-files.txt 2011-12-02 07:01
.
Pre-Run: 294,470,684,672 bytes free
Post-Run: 295,315,513,344 bytes free
.
- - End Of File - - 133CD3A34CB769369CCACE928EE1473E
=====
 
Looks good now.

How is redirection?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Redirect is still active, Broni. Logs follow in two (or more parts):

=====
OTL.txt

OTL logfile created on: 03-Dec-2011 06:17:22 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\vc\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd-MMM-yyyy

3.97 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.39% Memory free
7.93 Gb Paging File | 6.14 Gb Available in Paging File | 77.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 275.10 Gb Free Space | 60.99% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.21 Gb Free Space | 56.03% Space Free | Partition Type: NTFS

Computer Name: LORDPETERWIMSEY | User Name: vc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-12-03 06:11:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\vc\Desktop\OTL.exe
PRC - [2011-03-25 22:26:58 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2011-03-25 22:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011-03-25 22:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011-03-25 22:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011-03-25 21:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe


========== Modules (No Company Name) ==========

MOD - [2011-09-27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-09-27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011-03-25 22:26:48 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2011-03-25 22:26:18 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-04-27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011-04-27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010-01-21 03:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009-11-07 16:18:25 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009-07-14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-06-25 18:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-03-03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2011-03-25 22:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011-03-25 22:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011-03-25 22:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011-03-25 21:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010-08-19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-11-07 16:16:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-06-10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-01-30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-05-10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-04-27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011-03-25 22:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011-03-25 22:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011-03-25 22:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011-03-25 22:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011-03-25 21:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011-03-25 19:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011-03-25 19:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011-03-11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-06-09 23:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010-01-21 03:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010-01-21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010-01-21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010-01-21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009-11-09 15:07:30 | 000,010,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2009-11-09 10:36:45 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2009-08-24 10:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009-07-14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-25 19:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009-06-25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009-06-25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009-06-25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009-06-10 20:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009-06-10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-05 05:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009-05-18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-05-14 08:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009-01-06 01:02:00 | 000,310,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2008-11-26 14:02:18 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008-04-16 07:39:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam.sys -- (WDC_SAM)
DRV:64bit: - [2007-10-02 23:42:00 | 000,078,952 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV - [2010-08-19 12:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009-11-09 10:36:45 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2009-07-14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008-11-04 23:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2941439023-2714059470-3458206924-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-2941439023-2714059470-3458206924-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 87 26 AB D0 AA CC 01 [binary data]
IE - HKU\S-1-5-21-2941439023-2714059470-3458206924-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2941439023-2714059470-3458206924-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://pinterest.com/|https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&ss=1&scc=1&ltmpl=default&ltmplcache=2#inbox|http://www.facebook.com/|http://vclinde.wordpress.com/|http://hootsuite.com/dashboard|http://twitter.com/"
FF - prefs.js..extensions.enabledItems: compatibility@addons.mozilla.org:0.8.3
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:1.2.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vc\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vc\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\ProgramData\Mozilla Firefox 3.6 Beta 4\components [2011-10-08 09:50:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\ProgramData\Mozilla Firefox 3.6 Beta 4\plugins [2011-11-09 11:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-11-19 09:17:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-11-09 11:06:12 | 000,000,000 | ---D | M]

[2009-11-07 10:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vc\AppData\Roaming\Mozilla\Extensions
[2011-11-25 10:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vc\AppData\Roaming\Mozilla\Firefox\Profiles\g2aa1na6.default\extensions
[2011-11-24 18:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vc\AppData\Roaming\Mozilla\Firefox\Profiles\g2aa1na6.default\extensions\compatibility@addons.mozilla.org
[2011-11-17 20:38:03 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\vc\AppData\Roaming\Mozilla\Firefox\Profiles\g2aa1na6.default\extensions\https-everywhere@eff.org
[2011-11-24 18:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vc\AppData\Roaming\Mozilla\Firefox\Profiles\g2aa1na6.default\extensions\isreaditlater@ideashower.com
[2011-06-28 08:40:48 | 000,000,993 | ---- | M] () -- C:\Users\vc\AppData\Roaming\Mozilla\Firefox\Profiles\g2aa1na6.default\searchplugins\Orange%20search.xml
[2011-11-19 09:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-11-05 14:59:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\VC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2AA1NA6.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2011-11-19 09:17:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-05-04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011-05-07 08:41:31 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011-05-07 08:41:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-05-07 08:41:31 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011-05-07 08:41:31 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009-12-06 18:23:09 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\MyHeritage.xml
[2011-05-07 08:41:31 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\vc\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\vc\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\vc\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\vc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\vc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2011-12-02 06:39:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-2941439023-2714059470-3458206924-1001\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2941439023-2714059470-3458206924-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2941439023-2714059470-3458206924-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCDF04DB-B757-47B9-AA2D-8FF45DC03030}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011-12-03 06:11:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\vc\Desktop\OTL.exe
[2011-12-02 05:56:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011-12-02 05:56:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011-12-02 05:56:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011-12-02 05:55:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-12-02 05:55:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011-12-02 05:52:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-12-02 05:49:44 | 004,324,789 | R--- | C] (Swearware) -- C:\Users\vc\Desktop\ComboFix.exe
[2011-12-02 05:24:21 | 000,000,000 | ---D | C] -- C:\FRST
[2011-11-29 06:42:39 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\vc\Desktop\aswMBR.exe
[2011-11-28 20:41:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\vc\Desktop\dds.scr
[2011-11-25 16:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-11-25 16:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011-11-25 11:58:46 | 000,000,000 | ---D | C] -- C:\Users\vc\AppData\Roaming\Malwarebytes
[2011-11-25 11:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-11-25 11:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-11-25 11:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-11-17 10:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011-11-09 13:15:34 | 000,636,728 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files (x86)\autoruns.exe
[2011-11-09 11:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011-11-09 11:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-11-09 11:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-11-09 11:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011-11-09 11:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011-11-09 11:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011-11-09 11:05:51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011-11-05 14:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011-09-19 10:36:22 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files (x86)\procexp.exe
[1 C:\Users\vc\Desktop\*.tmp files -> C:\Users\vc\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-12-03 06:11:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\vc\Desktop\OTL.exe
[2011-12-03 06:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-12-02 07:02:19 | 000,000,508 | ---- | M] () -- C:\Users\vc\Desktop\Virus and Malware Removal - TechSpot OpenBoards.website
[2011-12-02 06:39:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011-12-02 05:49:49 | 004,324,789 | R--- | M] (Swearware) -- C:\Users\vc\Desktop\ComboFix.exe
[2011-12-02 05:24:11 | 001,377,555 | ---- | M] () -- C:\Users\vc\Desktop\FRST64.exe
[2011-12-01 07:51:39 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-12-01 07:51:39 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-12-01 07:50:35 | 000,733,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-12-01 07:50:35 | 000,633,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-12-01 07:50:35 | 000,113,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-12-01 07:44:19 | 3193,565,184 | -HS- | M] () -- C:\hiberfil.sys
[2011-11-30 07:08:53 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\vc\Desktop\boot_cleaner.exe
[2011-11-29 06:42:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\vc\Desktop\aswMBR.exe
[2011-11-28 20:41:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\vc\Desktop\dds.scr
[2011-11-28 20:40:42 | 000,302,592 | ---- | M] () -- C:\Users\vc\Desktop\n5mk7iv8.exe
[2011-11-28 17:36:32 | 002,525,216 | ---- | M] () -- C:\Users\vc\Documents\AutoRuns.arn
[2011-11-28 16:40:39 | 000,636,728 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files (x86)\autoruns.exe
[2011-11-28 16:40:35 | 000,049,648 | ---- | M] () -- C:\Program Files (x86)\autoruns.chm
[2011-11-28 16:37:11 | 004,845,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files (x86)\procexp.exe
[2011-11-25 11:58:36 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-11-25 10:51:39 | 000,000,692 | ---- | M] () -- C:\Users\vc\Desktop\Libraries - Shortcut.lnk
[2011-11-24 18:16:01 | 000,743,811 | ---- | M] () -- C:\Users\vc\Documents\bookmarks-2011-11-24.json
[2011-11-24 18:15:44 | 001,651,479 | ---- | M] () -- C:\Users\vc\Documents\bookmarks.html
[2011-11-24 18:06:00 | 000,001,500 | ---- | M] () -- C:\Users\vc\Desktop\Skype.lnk
[2011-11-24 17:14:26 | 000,000,307 | ---- | M] () -- C:\Windows\Brownie.ini
[2011-11-19 09:18:47 | 000,002,052 | ---- | M] () -- C:\Users\vc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-11-18 23:59:01 | 000,002,393 | ---- | M] () -- C:\Users\vc\Desktop\Google Chrome.lnk
[2011-11-17 10:49:11 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011-11-13 15:05:57 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011-11-13 15:03:57 | 000,000,054 | ---- | M] () -- C:\Windows\SysWow64\bd2030.dat
[2011-11-09 11:17:03 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-11-09 11:06:13 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011-11-09 11:03:59 | 003,018,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-11-05 14:59:19 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-11-03 17:30:26 | 000,000,600 | ---- | M] () -- C:\Users\vc\AppData\Roaming\winscp.rnd
[1 C:\Users\vc\Desktop\*.tmp files -> C:\Users\vc\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-12-02 06:21:22 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2011-12-02 06:21:21 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2011-12-02 06:21:20 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-12-02 06:21:19 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011-12-02 06:21:18 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-12-02 06:21:17 | 000,002,785 | ---- | C] () -- C:\Users\Public\Desktop\MindMan.lnk
[2011-12-02 06:21:16 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom.lnk
[2011-12-02 06:21:15 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-12-02 06:21:14 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011-12-02 06:21:13 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011-12-02 05:56:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011-12-02 05:56:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011-12-02 05:56:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011-12-02 05:56:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011-12-02 05:56:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011-12-02 05:23:14 | 001,377,555 | ---- | C] () -- C:\Users\vc\Desktop\FRST64.exe
[2011-11-29 06:54:11 | 000,000,508 | ---- | C] () -- C:\Users\vc\Desktop\Virus and Malware Removal - TechSpot OpenBoards.website
[2011-11-28 20:40:42 | 000,302,592 | ---- | C] () -- C:\Users\vc\Desktop\n5mk7iv8.exe
[2011-11-28 17:36:31 | 002,525,216 | ---- | C] () -- C:\Users\vc\Documents\AutoRuns.arn
[2011-11-25 11:58:36 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-11-25 10:51:39 | 000,000,692 | ---- | C] () -- C:\Users\vc\Desktop\Libraries - Shortcut.lnk
[2011-11-24 18:58:18 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011-11-24 18:58:18 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011-11-24 18:58:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011-11-24 18:58:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011-11-24 18:58:17 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 2.5 64-bit.lnk
[2011-11-24 18:58:17 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011-11-24 18:58:17 | 000,001,436 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
[2011-11-24 18:58:17 | 000,001,407 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011-11-24 18:58:17 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011-11-24 18:58:17 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011-11-24 18:58:17 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011-11-24 18:58:17 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011-11-24 18:58:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011-11-24 18:58:17 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011-11-24 18:58:17 | 000,001,283 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2011-11-24 18:58:17 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011-11-24 18:58:17 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4 (64 Bit).lnk
[2011-11-24 18:58:17 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-11-24 18:58:17 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
[2011-11-24 18:58:17 | 000,000,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweetDeck.lnk
[2011-11-24 18:58:16 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
[2011-11-24 18:58:16 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[2011-11-24 18:16:00 | 000,743,811 | ---- | C] () -- C:\Users\vc\Documents\bookmarks-2011-11-24.json
[2011-11-24 18:15:38 | 001,651,479 | ---- | C] () -- C:\Users\vc\Documents\bookmarks.html
[2011-11-24 18:06:00 | 000,001,500 | ---- | C] () -- C:\Users\vc\Desktop\Skype.lnk
[2011-11-05 12:52:32 | 000,049,648 | ---- | C] () -- C:\Program Files (x86)\autoruns.chm
[2011-04-17 18:06:11 | 000,738,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-12-10 22:21:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010-12-10 13:59:12 | 000,001,037 | ---- | C] () -- C:\Users\vc\AppData\Local\Account.atomsvc
[2010-08-19 16:17:39 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010-06-25 16:27:21 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010-06-22 09:05:31 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010-06-22 09:05:30 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010-06-22 09:05:30 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010-06-22 09:05:29 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI
[2010-06-22 09:04:55 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat
[2010-06-22 09:04:42 | 000,000,307 | ---- | C] () -- C:\Windows\Brownie.ini
[2010-05-31 16:47:53 | 000,003,235 | ---- | C] () -- C:\Users\vc\AppData\Local\Temp11.html
[2010-05-31 16:47:46 | 000,000,778 | ---- | C] () -- C:\Users\vc\AppData\Local\Temp1.html
[2009-12-06 18:23:04 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2009-11-23 18:44:44 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009-11-20 11:13:18 | 000,000,600 | ---- | C] () -- C:\Users\vc\AppData\Roaming\winscp.rnd
[2009-11-06 18:30:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009-07-14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010-04-16 19:01:11 | 000,000,000 | ---D | M] -- C:\Users\vc\AppData\Roaming\6C512E380BF01C8A7C4ED37BDCFFC3C9
[2009-12-21 23:50:04 | 000,000,000 | ---D | M] -- C:\Users\vc\AppData\Roaming\Amazon
[2009-12-06 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\vc\AppData\Roaming\MyHeritage
[2010-08-17 20:02:20 | 000,000,000 | ---D | M] -- C:\Users\vc\AppData\Roaming\SmartDraw
[2011-11-19 20:00:54 | 000,000,000 | ---D | M] -- C:\Users\vc\AppData\Roaming\Spotify
[2009-12-06 18:23:04 | 000,000,000 | ---D | M] -- C:\Users\vc\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010-09-21 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\vc\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011-04-19 18:00:42 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========
 
========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011-09-03 13:10:38 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010-11-20 12:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2009-11-07 02:28:36 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011-12-02 07:01:43 | 000,011,284 | ---- | M] () -- C:\ComboFix.txt
[2011-12-01 07:44:19 | 3193,565,184 | -HS- | M] () -- C:\hiberfil.sys
[2009-11-18 12:56:52 | 000,020,206 | ---- | M] () -- C:\M1319.log
[2006-12-01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011-12-01 07:44:21 | 4258,091,008 | -HS- | M] () -- C:\pagefile.sys
[2011-11-25 11:55:48 | 000,000,361 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2009-07-14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009-07-14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009-07-14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009-07-14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009-06-10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010-11-10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011-11-28 16:40:35 | 000,049,648 | ---- | M] () -- C:\Program Files (x86)\autoruns.chm
[2011-11-28 16:40:39 | 000,636,728 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files (x86)\autoruns.exe
[2009-07-14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2011-11-28 16:37:11 | 004,845,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files (x86)\procexp.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011-07-27 18:25:15 | 000,000,221 | -HS- | M] () -- C:\Users\vc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011-11-29 06:42:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\vc\Desktop\aswMBR.exe
[2011-11-30 07:08:53 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\vc\Desktop\boot_cleaner.exe
[2011-12-02 05:49:49 | 004,324,789 | R--- | M] (Swearware) -- C:\Users\vc\Desktop\ComboFix.exe
[2010-07-19 12:09:26 | 004,780,600 | ---- | M] (DivX, Inc.) -- C:\Users\vc\Desktop\DivXWebPlayerInstallerv15.exe
[2010-11-28 22:56:12 | 098,427,240 | ---- | M] (Sony Corporation ) -- C:\Users\vc\Desktop\DVESetup_EN_3301.exe
[2011-12-02 05:24:11 | 001,377,555 | ---- | M] () -- C:\Users\vc\Desktop\FRST64.exe
[2010-12-10 15:42:51 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\vc\Desktop\install_flash_player.exe
[2011-11-28 20:40:42 | 000,302,592 | ---- | M] () -- C:\Users\vc\Desktop\n5mk7iv8.exe
[2011-12-03 06:11:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\vc\Desktop\OTL.exe
[1 C:\Users\vc\Desktop\*.tmp files -> C:\Users\vc\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009-06-10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011-07-27 18:25:14 | 000,000,402 | -HS- | M] () -- C:\Users\vc\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Files - Unicode (All) ==========
[2009-11-07 09:51:16 | 000,000,000 | ---D | M](C:\Users\vc\Favorites\??sorted Bookmarks) -- C:\Users\vc\Favorites\褈Ɠsorted Bookmarks

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
=====
Extras.txt

OTL Extras logfile created on: 03-Dec-2011 06:17:22 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\vc\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd-MMM-yyyy

3.97 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.39% Memory free
7.93 Gb Paging File | 6.14 Gb Available in Paging File | 77.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 275.10 Gb Free Space | 60.99% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.21 Gb Free Space | 56.03% Space Free | Partition Type: NTFS

Computer Name: LORDPETERWIMSEY | User Name: vc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2941439023-2714059470-3458206924-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10193AAA-D72D-4A1A-B8AD-A9D9221595E7}" = Intel(R) PROSet/Wireless WiFi Driver
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{64FBA03C-575C-D688-1C80-A5773CE471F9}" = ATI Catalyst Install Manager
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B85B1A3C-E404-44E5-A0E1-C4D0438A49C1}" = Adobe Photoshop Lightroom 2.5 64-bit
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Belkin Network USB Hub Control Center" = Belkin Network USB Hub Control Center
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"Creative OA008" = Integrated Webcam Driver (1.02.02.0106)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"SmartDraw PDF Export_is1" = SmartDraw PDF Export (novaPDF 6.4 printer)
"SynTPDeinstKey" = Dell Touchpad
"WhoCrashed_is1" = WhoCrashed 2.10

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F820030-9084-49F8-B46F-04A11D27B7F8}" = Brother HL-2030
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{6029C599-81E1-4C1C-8BD6-A7298CA88546}" = Mindjet MindManager Pro 7
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_WebDesigner_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 7.0 Professional Edition
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests 2011 Edition
"Family Tree Builder" = MyHeritage Family Tree Builder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
"PDF-XChange 3_is1" = PDF-XChange 3
"Spotify" = Spotify
"SyncBackSE_is1" = SyncBackSE
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"VISPRO" = Microsoft Office Visio Professional 2007
"VMware_Player" = VMware Player
"WebDesigner" = Microsoft Expression Web
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.4 beta

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2941439023-2714059470-3458206924-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28-Nov-2011 19:33:51 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 209416

Error - 28-Nov-2011 19:33:51 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 209416

Error - 28-Nov-2011 19:34:01 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28-Nov-2011 19:34:01 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 219400

Error - 28-Nov-2011 19:34:01 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 219400

Error - 28-Nov-2011 19:34:09 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28-Nov-2011 19:34:09 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 226873

Error - 28-Nov-2011 19:34:09 | Computer Name = LordPeterWimsey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 226873

Error - 01-Dec-2011 03:30:15 | Computer Name = LordPeterWimsey | Source = Microsoft-Windows-CertificateServicesClient | ID = 1001
Description = Certificate Services Client failed to load Provider pautoenr.dll.
Error code 19.

Error - 01-Dec-2011 03:30:15 | Computer Name = LordPeterWimsey | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
Description = Certificate Services Client failed to invoke the Providers in response
to event 256. Error code 2147942419.

[ OSession Events ]
Error - 06-Aug-2010 14:09:44 | Computer Name = LordPeterWimsey | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9705
seconds with 4080 seconds of active time. This session ended with a crash.

Error - 06-Aug-2010 14:10:33 | Computer Name = LordPeterWimsey | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 35
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 29-Nov-2011 02:56:18 | Computer Name = LordPeterWimsey | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 29-Nov-2011 02:56:18 | Computer Name = LordPeterWimsey | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 29-Nov-2011 02:56:28 | Computer Name = LordPeterWimsey | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 29-Nov-2011 02:56:28 | Computer Name = LordPeterWimsey | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 29-Nov-2011 06:13:15 | Computer Name = LordPeterWimsey | Source = DCOM | ID = 10010
Description =

Error - 29-Nov-2011 06:30:22 | Computer Name = LordPeterWimsey | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 01-Dec-2011 03:44:39 | Computer Name = LordPeterWimsey | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 02-Dec-2011 02:21:46 | Computer Name = LordPeterWimsey | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 02-Dec-2011 02:36:01 | Computer Name = LordPeterWimsey | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 02-Dec-2011 02:40:13 | Computer Name = LordPeterWimsey | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
=====
 
Hi Broni. The only one I tried was firefox. Searched for "rkill cnet", first result was the cnet download for rkill, clicked that and status bar flagged loads of addresses but ended up at what seemed a spoof ebay site.

aswMBR still won't run.

Cheers,
Tony.
 
More...

IE 'seemed' to go to right page (but via couple of other pages) but Chrome went to h___://www.get-answers-fast.com/jump2/?affiliate=itcg&subid=20342&terms=rkill%20cnet

t.
 
FF reply was one before last...

Hi Broni. The only one I tried was firefox. Searched for "rkill cnet", first result was the cnet download for rkill, clicked that and status bar flagged loads of addresses but ended up at what seemed a spoof ebay site.

aswMBR still won't run.

So, Firefox & Chrome (not sure about IE) being redirected. aswMBR still not able to run.
 
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
Cheers, Broni.

After double clicking FixTDSS, lots of flickering, no Start button. Computer restarted and dialog with "Infected MBR detected" and Repair button. Clicked that.

Dialog stated 'Repair was successful'; clicked OK.

Ran boot_cleaner.exe: that also came up clean.

Redirect seems to be gone for FF, IE & Chrome.

Have not yet restarted computer.
 
Very well :)
Restart, give me fresh Bootkit Remover log.

Also....

1. See if aswMBR will run now
2. Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Thanks, Broni.

=====
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`abf38a00
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
=====

TDSSKiller reported no infected or suspicious files (nor did it need a reboot). Report follows:

=====
21:51:02.0648 4580 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
21:51:02.0978 4580 ============================================================
21:51:02.0978 4580 Current date / time: 2011/12/03 21:51:02.0978
21:51:02.0978 4580 SystemInfo:
21:51:02.0978 4580
21:51:02.0978 4580 OS Version: 6.1.7601 ServicePack: 1.0
21:51:02.0978 4580 Product type: Workstation
21:51:02.0978 4580 ComputerName: LORDPETERWIMSEY
21:51:02.0978 4580 UserName: vc
21:51:02.0978 4580 Windows directory: C:\Windows
21:51:02.0978 4580 System windows directory: C:\Windows
21:51:02.0978 4580 Running under WOW64
21:51:02.0978 4580 Processor architecture: Intel x64
21:51:02.0978 4580 Number of processors: 2
21:51:02.0978 4580 Page size: 0x1000
21:51:02.0978 4580 Boot type: Normal boot
21:51:02.0978 4580 ============================================================
21:51:04.0828 4580 Initialize success
21:51:20.0219 5108 ============================================================
21:51:20.0219 5108 Scan started
21:51:20.0219 5108 Mode: Manual;
21:51:20.0219 5108 ============================================================
21:51:21.0259 5108 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:51:21.0259 5108 1394ohci - ok
21:51:21.0319 5108 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:51:21.0319 5108 ACPI - ok
21:51:21.0349 5108 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:51:21.0349 5108 AcpiPmi - ok
21:51:21.0399 5108 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
21:51:21.0399 5108 adfs - ok
21:51:21.0459 5108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:51:21.0459 5108 adp94xx - ok
21:51:21.0489 5108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:51:21.0499 5108 adpahci - ok
21:51:21.0519 5108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:51:21.0529 5108 adpu320 - ok
21:51:21.0609 5108 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:51:21.0619 5108 AFD - ok
21:51:21.0659 5108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:51:21.0659 5108 agp440 - ok
21:51:21.0689 5108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:51:21.0699 5108 aliide - ok
21:51:21.0719 5108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:51:21.0719 5108 amdide - ok
21:51:21.0749 5108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:51:21.0749 5108 AmdK8 - ok
21:51:21.0769 5108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:51:21.0769 5108 AmdPPM - ok
21:51:21.0819 5108 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:51:21.0819 5108 amdsata - ok
21:51:21.0849 5108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:51:21.0859 5108 amdsbs - ok
21:51:21.0879 5108 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:51:21.0879 5108 amdxata - ok
21:51:21.0919 5108 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:51:21.0919 5108 AppID - ok
21:51:21.0989 5108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:51:21.0989 5108 arc - ok
21:51:21.0999 5108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:51:21.0999 5108 arcsas - ok
21:51:22.0029 5108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:51:22.0029 5108 AsyncMac - ok
21:51:22.0059 5108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:51:22.0059 5108 atapi - ok
21:51:22.0099 5108 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
21:51:22.0099 5108 AtiHdmiService - ok
21:51:22.0279 5108 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
21:51:22.0399 5108 atikmdag - ok
21:51:22.0551 5108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:51:22.0561 5108 b06bdrv - ok
21:51:22.0591 5108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:51:22.0601 5108 b57nd60a - ok
21:51:22.0641 5108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:51:22.0641 5108 Beep - ok
21:51:22.0681 5108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:51:22.0681 5108 blbdrive - ok
21:51:22.0831 5108 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:51:22.0831 5108 bowser - ok
21:51:22.0871 5108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:51:22.0881 5108 BrFiltLo - ok
21:51:22.0891 5108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:51:22.0891 5108 BrFiltUp - ok
21:51:22.0921 5108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:51:22.0921 5108 Brserid - ok
21:51:22.0941 5108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:51:22.0941 5108 BrSerWdm - ok
21:51:22.0961 5108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:51:22.0961 5108 BrUsbMdm - ok
21:51:22.0971 5108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:51:22.0971 5108 BrUsbSer - ok
21:51:22.0981 5108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:51:22.0991 5108 BTHMODEM - ok
21:51:23.0141 5108 catchme - ok
21:51:23.0331 5108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:51:23.0331 5108 cdfs - ok
21:51:23.0471 5108 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:51:23.0471 5108 cdrom - ok
21:51:23.0521 5108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:51:23.0521 5108 circlass - ok
21:51:23.0561 5108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:51:23.0561 5108 CLFS - ok
21:51:23.0641 5108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:51:23.0641 5108 CmBatt - ok
21:51:23.0661 5108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:51:23.0671 5108 cmdide - ok
21:51:23.0701 5108 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:51:23.0711 5108 CNG - ok
21:51:23.0741 5108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:51:23.0741 5108 Compbatt - ok
21:51:23.0771 5108 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:51:23.0781 5108 CompositeBus - ok
21:51:23.0791 5108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:51:23.0801 5108 crcdisk - ok
21:51:23.0861 5108 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:51:23.0861 5108 DfsC - ok
21:51:23.0901 5108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:51:23.0901 5108 discache - ok
21:51:23.0931 5108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:51:23.0931 5108 Disk - ok
21:51:23.0991 5108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:51:23.0991 5108 drmkaud - ok
21:51:24.0041 5108 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:51:24.0041 5108 DXGKrnl - ok
21:51:24.0131 5108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:51:24.0201 5108 ebdrv - ok
21:51:24.0321 5108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:51:24.0321 5108 elxstor - ok
21:51:24.0381 5108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:51:24.0381 5108 ErrDev - ok
21:51:24.0411 5108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:51:24.0411 5108 exfat - ok
21:51:24.0431 5108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:51:24.0431 5108 fastfat - ok
21:51:24.0461 5108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:51:24.0461 5108 fdc - ok
21:51:24.0491 5108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:51:24.0491 5108 FileInfo - ok
21:51:24.0501 5108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:51:24.0511 5108 Filetrace - ok
21:51:24.0551 5108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:51:24.0551 5108 flpydisk - ok
21:51:24.0581 5108 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:51:24.0581 5108 FltMgr - ok
21:51:24.0611 5108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:51:24.0611 5108 FsDepends - ok
21:51:24.0621 5108 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:51:24.0621 5108 Fs_Rec - ok
21:51:24.0661 5108 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:51:24.0661 5108 fvevol - ok
21:51:24.0691 5108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:51:24.0691 5108 gagp30kx - ok
21:51:24.0731 5108 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:51:24.0731 5108 GEARAspiWDM - ok
21:51:24.0771 5108 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
21:51:24.0771 5108 hcmon - ok
21:51:24.0791 5108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:51:24.0791 5108 hcw85cir - ok
21:51:24.0841 5108 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:51:24.0841 5108 HdAudAddService - ok
21:51:24.0881 5108 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:51:24.0881 5108 HDAudBus - ok
21:51:24.0911 5108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:51:24.0911 5108 HidBatt - ok
21:51:24.0931 5108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:51:24.0931 5108 HidBth - ok
21:51:24.0951 5108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:51:24.0951 5108 HidIr - ok
21:51:25.0001 5108 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:51:25.0001 5108 HidUsb - ok
21:51:25.0051 5108 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:51:25.0051 5108 HpSAMD - ok
21:51:25.0121 5108 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:51:25.0131 5108 HTTP - ok
21:51:25.0161 5108 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:51:25.0161 5108 hwpolicy - ok
21:51:25.0201 5108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:51:25.0201 5108 i8042prt - ok
21:51:25.0251 5108 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:51:25.0251 5108 iaStorV - ok
21:51:25.0281 5108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:51:25.0281 5108 iirsp - ok
21:51:25.0321 5108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:51:25.0321 5108 intelide - ok
21:51:25.0351 5108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:51:25.0351 5108 intelppm - ok
21:51:25.0381 5108 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:51:25.0381 5108 IpFilterDriver - ok
21:51:25.0421 5108 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:51:25.0421 5108 IPMIDRV - ok
21:51:25.0451 5108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:51:25.0451 5108 IPNAT - ok
21:51:25.0551 5108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:51:25.0551 5108 IRENUM - ok
21:51:25.0591 5108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:51:25.0591 5108 isapnp - ok
21:51:25.0641 5108 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:51:25.0641 5108 iScsiPrt - ok
21:51:25.0681 5108 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:51:25.0681 5108 k57nd60a - ok
21:51:25.0731 5108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:51:25.0741 5108 kbdclass - ok
21:51:25.0801 5108 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:51:25.0801 5108 kbdhid - ok
21:51:25.0851 5108 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:51:25.0851 5108 KSecDD - ok
21:51:25.0881 5108 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:51:25.0881 5108 KSecPkg - ok
21:51:25.0911 5108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:51:25.0911 5108 ksthunk - ok
21:51:25.0961 5108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:51:25.0961 5108 lltdio - ok
21:51:26.0001 5108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:51:26.0001 5108 LSI_FC - ok
21:51:26.0021 5108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:51:26.0021 5108 LSI_SAS - ok
21:51:26.0041 5108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:51:26.0041 5108 LSI_SAS2 - ok
21:51:26.0051 5108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:51:26.0061 5108 LSI_SCSI - ok
21:51:26.0071 5108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:51:26.0071 5108 luafv - ok
21:51:26.0101 5108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:51:26.0101 5108 megasas - ok
21:51:26.0121 5108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:51:26.0121 5108 MegaSR - ok
21:51:26.0181 5108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:51:26.0181 5108 Modem - ok
21:51:26.0201 5108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:51:26.0201 5108 monitor - ok
21:51:26.0251 5108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:51:26.0251 5108 mouclass - ok
21:51:26.0271 5108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:51:26.0271 5108 mouhid - ok
21:51:26.0311 5108 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:51:26.0311 5108 mountmgr - ok
21:51:26.0381 5108 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
21:51:26.0381 5108 MpFilter - ok
21:51:26.0461 5108 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:51:26.0461 5108 mpio - ok
21:51:26.0591 5108 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:51:26.0591 5108 MpNWMon - ok
21:51:26.0661 5108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:51:26.0661 5108 mpsdrv - ok
21:51:26.0711 5108 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:51:26.0711 5108 MRxDAV - ok
21:51:26.0751 5108 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:51:26.0751 5108 mrxsmb - ok
21:51:26.0791 5108 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:51:26.0791 5108 mrxsmb10 - ok
21:51:26.0821 5108 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:51:26.0821 5108 mrxsmb20 - ok
21:51:26.0861 5108 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:51:26.0861 5108 msahci - ok
21:51:26.0901 5108 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:51:26.0901 5108 msdsm - ok
21:51:26.0941 5108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:51:26.0941 5108 Msfs - ok
21:51:26.0971 5108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:51:26.0971 5108 mshidkmdf - ok
21:51:26.0991 5108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:51:26.0991 5108 msisadrv - ok
21:51:27.0031 5108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:51:27.0031 5108 MSKSSRV - ok
21:51:27.0091 5108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:51:27.0091 5108 MSPCLOCK - ok
21:51:27.0111 5108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:51:27.0111 5108 MSPQM - ok
21:51:27.0151 5108 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:51:27.0151 5108 MsRPC - ok
21:51:27.0181 5108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:51:27.0181 5108 mssmbios - ok
21:51:27.0201 5108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:51:27.0201 5108 MSTEE - ok
21:51:27.0221 5108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:51:27.0221 5108 MTConfig - ok
21:51:27.0251 5108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:51:27.0251 5108 Mup - ok
21:51:27.0291 5108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:51:27.0301 5108 NativeWifiP - ok
21:51:27.0341 5108 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:51:27.0371 5108 NDIS - ok
21:51:27.0381 5108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:51:27.0391 5108 NdisCap - ok
21:51:27.0411 5108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:51:27.0411 5108 NdisTapi - ok
21:51:27.0441 5108 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:51:27.0441 5108 Ndisuio - ok
21:51:27.0471 5108 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:51:27.0481 5108 NdisWan - ok
21:51:27.0521 5108 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:51:27.0521 5108 NDProxy - ok
21:51:27.0571 5108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:51:27.0571 5108 NetBIOS - ok
21:51:27.0631 5108 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:51:27.0641 5108 NetBT - ok
21:51:27.0791 5108 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
21:51:27.0901 5108 netw5v64 - ok
21:51:27.0951 5108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:51:27.0951 5108 nfrd960 - ok
21:51:28.0001 5108 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:51:28.0001 5108 NisDrv - ok
21:51:28.0071 5108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:51:28.0071 5108 Npfs - ok
21:51:28.0081 5108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:51:28.0091 5108 nsiproxy - ok
21:51:28.0151 5108 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:51:28.0191 5108 Ntfs - ok
21:51:28.0201 5108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:51:28.0201 5108 Null - ok
21:51:28.0261 5108 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:51:28.0261 5108 nvraid - ok
21:51:28.0311 5108 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:51:28.0311 5108 nvstor - ok
21:51:28.0351 5108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:51:28.0351 5108 nv_agp - ok
21:51:28.0411 5108 OA008Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA008Ufd.sys
21:51:28.0421 5108 OA008Ufd - ok
21:51:28.0451 5108 OA008Vid (60fd277cfd34f680a1668ac123b324ae) C:\Windows\system32\DRIVERS\OA008Vid.sys
21:51:28.0451 5108 OA008Vid - ok
21:51:28.0501 5108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:51:28.0501 5108 ohci1394 - ok
21:51:28.0591 5108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:51:28.0591 5108 Parport - ok
21:51:28.0621 5108 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:51:28.0621 5108 partmgr - ok
21:51:28.0801 5108 PCD5SRVC{048DBD20-445E8C82-05040104} (58c1cd52347c4835dc3606cd4723f426) C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms
21:51:28.0841 5108 PCD5SRVC{048DBD20-445E8C82-05040104} - ok
21:51:28.0971 5108 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:51:28.0981 5108 pci - ok
21:51:29.0021 5108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:51:29.0021 5108 pciide - ok
21:51:29.0061 5108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:51:29.0061 5108 pcmcia - ok
21:51:29.0081 5108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:51:29.0081 5108 pcw - ok
21:51:29.0121 5108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:51:29.0141 5108 PEAUTH - ok
21:51:29.0211 5108 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:51:29.0211 5108 PptpMiniport - ok
21:51:29.0241 5108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:51:29.0241 5108 Processor - ok
21:51:29.0291 5108 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:51:29.0291 5108 Psched - ok
21:51:29.0341 5108 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:51:29.0341 5108 PxHlpa64 - ok
21:51:29.0411 5108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:51:29.0441 5108 ql2300 - ok
21:51:29.0471 5108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:51:29.0471 5108 ql40xx - ok
21:51:29.0491 5108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:51:29.0491 5108 QWAVEdrv - ok
21:51:29.0501 5108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:51:29.0501 5108 RasAcd - ok
21:51:29.0551 5108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:51:29.0551 5108 RasAgileVpn - ok
21:51:29.0591 5108 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:51:29.0591 5108 Rasl2tp - ok
21:51:29.0621 5108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:51:29.0621 5108 RasPppoe - ok
21:51:29.0641 5108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:51:29.0651 5108 RasSstp - ok
21:51:29.0681 5108 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:51:29.0691 5108 rdbss - ok
21:51:29.0701 5108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:51:29.0711 5108 rdpbus - ok
21:51:29.0731 5108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:51:29.0731 5108 RDPCDD - ok
21:51:29.0771 5108 RDPDISPM (f56aed34ea2a292e92a3a09736c3648e) C:\Windows\system32\DRIVERS\rdpdispm.sys
21:51:29.0771 5108 RDPDISPM - ok
21:51:29.0791 5108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:51:29.0791 5108 RDPENCDD - ok
21:51:29.0811 5108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:51:29.0811 5108 RDPREFMP - ok
21:51:29.0851 5108 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:51:29.0861 5108 RDPWD - ok
21:51:29.0931 5108 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:51:29.0931 5108 rdyboost - ok
21:51:29.0971 5108 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
21:51:29.0971 5108 rimmptsk - ok
21:51:30.0021 5108 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
21:51:30.0021 5108 rimsptsk - ok
21:51:30.0051 5108 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
21:51:30.0051 5108 rismxdp - ok
21:51:30.0091 5108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:51:30.0091 5108 rspndr - ok
21:51:30.0121 5108 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:51:30.0121 5108 sbp2port - ok
21:51:30.0151 5108 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:51:30.0161 5108 scfilter - ok
21:51:30.0211 5108 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:51:30.0211 5108 sdbus - ok
21:51:30.0261 5108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:51:30.0261 5108 secdrv - ok
21:51:30.0291 5108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:51:30.0291 5108 Serenum - ok
21:51:30.0331 5108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:51:30.0331 5108 Serial - ok
21:51:30.0381 5108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:51:30.0381 5108 sermouse - ok
21:51:30.0421 5108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:51:30.0421 5108 sffdisk - ok
21:51:30.0451 5108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:51:30.0451 5108 sffp_mmc - ok
21:51:30.0461 5108 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:51:30.0471 5108 sffp_sd - ok
21:51:30.0491 5108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:51:30.0501 5108 sfloppy - ok
21:51:30.0541 5108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:51:30.0551 5108 SiSRaid2 - ok
21:51:30.0571 5108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:51:30.0571 5108 SiSRaid4 - ok
21:51:30.0601 5108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:51:30.0601 5108 Smb - ok
21:51:30.0641 5108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:51:30.0641 5108 spldr - ok
21:51:30.0701 5108 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:51:30.0701 5108 srv - ok
21:51:30.0731 5108 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:51:30.0731 5108 srv2 - ok
21:51:30.0751 5108 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:51:30.0751 5108 srvnet - ok
21:51:30.0801 5108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:51:30.0801 5108 stexstor - ok
21:51:30.0841 5108 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
21:51:30.0851 5108 STHDA - ok
21:51:30.0891 5108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:51:30.0891 5108 swenum - ok
21:51:30.0941 5108 sxuptp (e4154c5ce666b713de9398c053d8fb7e) C:\Windows\system32\DRIVERS\sxuptp.sys
21:51:30.0941 5108 sxuptp - ok
21:51:30.0991 5108 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
21:51:30.0991 5108 SynTP - ok
21:51:31.0091 5108 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:51:31.0131 5108 Tcpip - ok
21:51:31.0181 5108 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:51:31.0191 5108 TCPIP6 - ok
21:51:31.0231 5108 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:51:31.0231 5108 tcpipreg - ok
21:51:31.0281 5108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:51:31.0281 5108 TDPIPE - ok
21:51:31.0291 5108 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:51:31.0291 5108 TDTCP - ok
21:51:31.0341 5108 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:51:31.0341 5108 tdx - ok
21:51:31.0381 5108 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:51:31.0381 5108 TermDD - ok
21:51:31.0441 5108 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:51:31.0441 5108 tssecsrv - ok
21:51:31.0491 5108 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:51:31.0491 5108 TsUsbFlt - ok
21:51:31.0531 5108 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:51:31.0531 5108 tunnel - ok
21:51:31.0561 5108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:51:31.0561 5108 uagp35 - ok
21:51:31.0611 5108 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:51:31.0611 5108 udfs - ok
21:51:31.0681 5108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:51:31.0681 5108 uliagpkx - ok
21:51:31.0721 5108 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:51:31.0721 5108 umbus - ok
21:51:31.0771 5108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:51:31.0771 5108 UmPass - ok
21:51:31.0811 5108 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:51:31.0811 5108 USBAAPL64 - ok
21:51:31.0871 5108 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
21:51:31.0871 5108 usbbus - ok
21:51:31.0901 5108 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:51:31.0911 5108 usbccgp - ok
21:51:31.0941 5108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:51:31.0941 5108 usbcir - ok
21:51:31.0981 5108 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
21:51:31.0991 5108 UsbDiag - ok
21:51:32.0001 5108 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:51:32.0001 5108 usbehci - ok
21:51:32.0051 5108 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:51:32.0061 5108 usbhub - ok
21:51:32.0111 5108 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
21:51:32.0111 5108 USBModem - ok
21:51:32.0151 5108 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:51:32.0151 5108 usbohci - ok
21:51:32.0191 5108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:51:32.0191 5108 usbprint - ok
21:51:32.0221 5108 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:51:32.0221 5108 usbscan - ok
21:51:32.0281 5108 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
21:51:32.0281 5108 USBSTOR - ok
21:51:32.0321 5108 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:51:32.0321 5108 usbuhci - ok
21:51:32.0371 5108 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:51:32.0371 5108 usbvideo - ok
21:51:32.0401 5108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:51:32.0401 5108 vdrvroot - ok
21:51:32.0431 5108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:51:32.0431 5108 vga - ok
21:51:32.0461 5108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:51:32.0461 5108 VgaSave - ok
21:51:32.0501 5108 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:51:32.0501 5108 vhdmp - ok
21:51:32.0561 5108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:51:32.0561 5108 viaide - ok
21:51:32.0601 5108 vmci (4c8a14dbd410b510a88f77cb645f2c2a) C:\Windows\system32\drivers\vmci.sys
21:51:32.0601 5108 vmci - ok
21:51:32.0631 5108 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
21:51:32.0631 5108 vmkbd - ok
21:51:32.0691 5108 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
21:51:32.0691 5108 VMnetAdapter - ok
21:51:32.0741 5108 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
21:51:32.0741 5108 VMnetBridge - ok
21:51:32.0771 5108 VMnetuserif (d0b809f6a9fb437c2b880c3ca8c10780) C:\Windows\system32\drivers\vmnetuserif.sys
21:51:32.0771 5108 VMnetuserif - ok
21:51:32.0831 5108 vmx86 (541a6d6536710fd0602ec3aa24a81756) C:\Windows\system32\drivers\vmx86.sys
21:51:32.0831 5108 vmx86 - ok
21:51:32.0871 5108 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:51:32.0871 5108 volmgr - ok
21:51:32.0931 5108 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:51:32.0941 5108 volmgrx - ok
21:51:32.0981 5108 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:51:32.0981 5108 volsnap - ok
21:51:33.0041 5108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:51:33.0041 5108 vsmraid - ok
21:51:33.0151 5108 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
21:51:33.0151 5108 vstor2-ws60 - ok
21:51:33.0311 5108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:51:33.0321 5108 vwifibus - ok
21:51:33.0421 5108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:51:33.0421 5108 WacomPen - ok
21:51:33.0471 5108 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:51:33.0471 5108 WANARP - ok
21:51:33.0481 5108 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:51:33.0491 5108 Wanarpv6 - ok
21:51:33.0561 5108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:51:33.0561 5108 Wd - ok
21:51:33.0621 5108 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam.sys
21:51:33.0621 5108 WDC_SAM - ok
21:51:33.0651 5108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:51:33.0661 5108 Wdf01000 - ok
21:51:33.0711 5108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:51:33.0711 5108 WfpLwf - ok
21:51:33.0731 5108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:51:33.0731 5108 WIMMount - ok
21:51:33.0811 5108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:51:33.0811 5108 WmiAcpi - ok
21:51:33.0871 5108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:51:33.0871 5108 ws2ifsl - ok
21:51:33.0921 5108 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:51:33.0921 5108 WudfPf - ok
21:51:33.0951 5108 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:51:33.0951 5108 WUDFRd - ok
21:51:33.0991 5108 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:51:34.0011 5108 \Device\Harddisk0\DR0 - ok
21:51:34.0021 5108 Boot (0x1200) (2f26d8cdf6992bb9c4ed8bb8ce2e2149) \Device\Harddisk0\DR0\Partition0
21:51:34.0031 5108 \Device\Harddisk0\DR0\Partition0 - ok
21:51:34.0031 5108 Boot (0x1200) (b6e6cfd70d2070d406e4ffa0dbb79a75) \Device\Harddisk0\DR0\Partition1
21:51:34.0031 5108 \Device\Harddisk0\DR0\Partition1 - ok
21:51:34.0031 5108 ============================================================
21:51:34.0031 5108 Scan finished
21:51:34.0031 5108 ============================================================
21:51:34.0161 5096 Detected object count: 0
21:51:34.0161 5096 Actual detected object count: 0
=====
 
Yay. aswMBR finally able to run. Log file:

====
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-03 22:10:25
-----------------------------
22:10:25.915 OS Version: Windows x64 6.1.7601 Service Pack 1
22:10:25.915 Number of processors: 2 586 0x170A
22:10:25.915 ComputerName: LORDPETERWIMSEY UserName: vc
22:10:27.115 Initialize success
22:11:48.339 AVAST engine defs: 11120302
22:12:24.112 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:12:24.112 Disk 0 Vendor: WDC_WD5000BEVT-75ZAT0 01.01A01 Size: 476940MB BusType: 11
22:12:26.142 Disk 0 MBR read successfully
22:12:26.142 Disk 0 MBR scan
22:12:26.142 Disk 0 Windows 7 default MBR code
22:12:26.142 Service scanning
22:12:26.732 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
22:12:27.332 Modules scanning
22:12:27.332 Disk 0 trace - called modules:
22:12:27.332 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:12:27.342 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c252f0]
22:12:27.342 3 CLASSPNP.SYS[fffff880019bc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046ae0d0]
22:12:28.592 AVAST engine scan C:\Windows
22:12:31.852 AVAST engine scan C:\Windows\system32
22:13:51.214 AVAST engine scan C:\Windows\system32\drivers
22:14:00.255 AVAST engine scan C:\Users\vc
22:22:32.559 Disk 0 MBR has been saved successfully to "C:\Users\vc\Desktop\MBR.dat"
22:22:32.559 The log file has been saved successfully to "C:\Users\vc\Desktop\aswMBR.txt"
=====
 
Back