TechSpot

Trojan Agent got me

Solved
By Grammy
Aug 13, 2012
  1. I need help with removal of trojan agent. Only symptoms of my computer is msn home page freezes briefly before letting me continue. Thank you.........

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.13.05

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 8.0.6001.18904
    Jan :: JAN-LAPTOP [administrator]

    8/13/2012 1:44:04 PM
    mbam-log-2012-08-13 (13-44-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 255323
    Time elapsed: 14 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
     
  2. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    GMER did NOT produce a log

    DDS log below:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_32
    Run by Jan at 15:56:37 on 2012-08-13
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4028.2479 [GMT -5:00]
    .
    AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    -netsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer provided by Dell
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    mRun: [FAStartup]
    mRun: [NWEReboot]
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Trusted Zone: intuit.com\ttlc
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    TCP: DhcpNameServer = 24.220.0.10 24.220.0.11
    TCP: Interfaces\{F1D317C7-4AD6-45B6-9F34-54A2F7991E53} : DhcpNameServer = 24.220.0.10 24.220.0.11
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    mRun-x64: [FAStartup]
    mRun-x64: [NWEReboot]
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\0m9zm53n.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
    FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
    FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
    FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
    FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
    FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-9-26 136360]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-9-26 269480]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
    R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
    S2 gupdate1c9f48684a6e73;Google Update Service (gupdate1c9f48684a6e73);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-23 133104]
    S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-5-27 89920]
    S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
    S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-23 133104]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120]
    S3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-4 28152]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 scsiscan;SCSI Scanner Driver;C:\Windows\system32\DRIVERS\scsiscan.sys --> C:\Windows\system32\DRIVERS\scsiscan.sys [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    SUnknown WPFFontCache_v0400;WPFFontCache_v0400; [x]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-08-13 19:03:43 20480 ----a-w- C:\Windows\svchost.exe
    2012-08-11 15:33:47 -------- d-----w- C:\Users\Jan\AppData\Roaming\SpeedyPC Software
    2012-08-11 15:33:47 -------- d-----w- C:\Users\Jan\AppData\Roaming\DriverCure
    2012-08-11 15:33:34 -------- d-----w- C:\ProgramData\SpeedyPC Software
    2012-08-10 14:23:21 -------- d-----w- C:\Users\Jan\AppData\Local\Macromedia
    .
    ==================== Find3M ====================
    .
    2012-08-10 14:06:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-10 14:06:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 20:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 20:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-05-20 04:16:56 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-05-20 04:16:55 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 15:57:15.67 ===============
     
  4. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    Did I forget to disable A/V when I did the DDS scan? Thank you so much for your help Broni
     
  5. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    I still need Attach.txt part of DDS.

    After posting that...

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  6. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    Attach.txt
    TDSSKiller to follow

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 2/14/2009 7:46:22 AM
    System Uptime: 8/13/2012 2:01:36 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0P173H
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | U2E1 | 2000/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 181.304 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 7.03 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: Consumer IR Devices
    Device ID: ROOT\SYSTEM\0001
    Manufacturer: Microsoft
    Name: Consumer IR Devices
    PNP Device ID: ROOT\SYSTEM\0001
    Service: circlass
    .
    ==== System Restore Points ===================
    .
    RP316: 5/23/2012 12:04:30 PM - Installed Family Tree Maker 2011
    RP317: 5/23/2012 5:02:08 PM - Removed Family Tree Maker 2011
    RP318: 5/23/2012 5:42:15 PM - Installed Family Tree Maker 2011
    RP319: 5/29/2012 3:58:21 PM - Scheduled Checkpoint
    RP320: 6/5/2012 9:22:17 PM - Windows Update
    RP321: 6/7/2012 7:04:41 PM - Scheduled Checkpoint
    RP322: 6/13/2012 5:02:15 PM - Windows Update
    RP323: 6/19/2012 5:56:02 PM - Scheduled Checkpoint
    RP324: 6/22/2012 8:17:47 AM - Windows Update
    RP325: 7/1/2012 6:49:47 PM - Scheduled Checkpoint
    RP326: 7/3/2012 8:07:07 AM - Scheduled Checkpoint
    RP327: 7/10/2012 4:51:44 PM - Windows Update
    RP328: 7/24/2012 6:56:02 PM - Scheduled Checkpoint
    RP329: 7/27/2012 1:44:08 PM - Scheduled Checkpoint
    RP330: 8/6/2012 4:37:44 PM - Scheduled Checkpoint
    RP331: 8/10/2012 12:21:44 PM - Scheduled Checkpoint
    RP332: 8/11/2012 3:31:36 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    4Free Video Converter 2
    Acrobat.com
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Elements 2.0
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.5
    Advanced Audio FX Engine
    Apple Application Support
    Apple Software Update
    Audacity 1.3.14 (Unicode)
    Auslogics Registry Cleaner
    AVerMedia HC82 Express-Card Hybrid Analog
    AVerMedia MCE Encoder x64 3.0.1.0
    Avira AntiVir Personal - Free Antivirus
    Canon DIGITAL CAMERA Solution Disk Software Guide
    CANON iMAGE GATEWAY MyCamera Download Plugin
    Canon MOV Decoder
    Canon PowerShot SX40 HS Camera User Guide
    Canon Utilities CameraWindow DC 8
    Canon Utilities CameraWindow Launcher
    Canon Utilities MyCamera
    Canon Utilities PhotoStitch
    Choice Guard
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Creative Memories StoryBook Creator Plus 3
    Dell Driver Download Manager
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Video Chat (remove only)
    Dell Webcam Central
    DELL0604
    Digital Line Detect
    EDocs
    Family Tree Maker 2011
    FrameSize
    Google Earth
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    IDT Audio
    Intel(R) Graphics Media Accelerator Driver
    ITECIR
    Java Auto Updater
    Java(TM) 6 Update 32
    Junk Mail filter update
    Live! Cam Avatar Creator
    Macromedia Dreamweaver 4
    Macromedia Extension Manager
    Malwarebytes Anti-Malware version 1.62.0.1300
    MediaDirect
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office XP Media Content
    Microsoft Office XP Small Business
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Modem Diagnostics Tool
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    muvee Plugin 1.0
    NetWaiting
    Picasa 3
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Windows Media Encoder (KB2447961)
    Skype Click to Call
    Skype™ 5.10
    System Requirements Lab for Intel
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wndiper
    TurboTax 2011 wrapper
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Encoder 9 Series
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/11/2012 12:57:51 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    8/10/2012 7:30:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/10/2012 7:30:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    8/10/2012 7:30:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/10/2012 7:30:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/10/2012 7:29:24 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
    .
    ==== End Of File ===========================
     
  7. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    16:30:19.0766 0972 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    16:30:20.0188 0972 ============================================================
    16:30:20.0188 0972 Current date / time: 2012/08/13 16:30:20.0188
    16:30:20.0188 0972 SystemInfo:
    16:30:20.0188 0972
    16:30:20.0188 0972 OS Version: 6.0.6002 ServicePack: 2.0
    16:30:20.0188 0972 Product type: Workstation
    16:30:20.0188 0972 ComputerName: JAN-LAPTOP
    16:30:20.0188 0972 UserName: Jan
    16:30:20.0188 0972 Windows directory: C:\Windows
    16:30:20.0188 0972 System windows directory: C:\Windows
    16:30:20.0188 0972 Running under WOW64
    16:30:20.0188 0972 Processor architecture: Intel x64
    16:30:20.0188 0972 Number of processors: 2
    16:30:20.0188 0972 Page size: 0x1000
    16:30:20.0188 0972 Boot type: Normal boot
    16:30:20.0188 0972 ============================================================
    16:30:21.0467 0972 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:30:21.0482 0972 ============================================================
    16:30:21.0482 0972 \Device\Harddisk0\DR0:
    16:30:21.0482 0972 MBR partitions:
    16:30:21.0482 0972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
    16:30:21.0482 0972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x236CE8EB
    16:30:21.0482 0972 ============================================================
    16:30:21.0514 0972 C: <-> \Device\Harddisk0\DR0\Partition1
    16:30:21.0545 0972 D: <-> \Device\Harddisk0\DR0\Partition0
    16:30:21.0545 0972 ============================================================
    16:30:21.0545 0972 Initialize success
    16:30:21.0545 0972 ============================================================
    16:30:24.0212 3108 ============================================================
    16:30:24.0212 3108 Scan started
    16:30:24.0212 3108 Mode: Manual;
    16:30:24.0212 3108 ============================================================
    16:30:25.0117 3108 !SASCORE (a0709b82fa3b5afad1467e565b8b3ba0) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    16:30:25.0133 3108 !SASCORE - ok
    16:30:25.0367 3108 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
    16:30:25.0382 3108 ACPI - ok
    16:30:25.0445 3108 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    16:30:25.0460 3108 AdobeARMservice - ok
    16:30:25.0554 3108 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
    16:30:25.0570 3108 adp94xx - ok
    16:30:25.0632 3108 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
    16:30:25.0648 3108 adpahci - ok
    16:30:25.0694 3108 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
    16:30:25.0694 3108 adpu160m - ok
    16:30:25.0741 3108 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
    16:30:25.0757 3108 adpu320 - ok
    16:30:25.0788 3108 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
    16:30:25.0804 3108 AeLookupSvc - ok
    16:30:25.0913 3108 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
    16:30:25.0913 3108 AESTFilters - ok
    16:30:26.0022 3108 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
    16:30:26.0038 3108 AFD - ok
    16:30:26.0069 3108 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
    16:30:26.0084 3108 agp440 - ok
    16:30:26.0131 3108 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
    16:30:26.0131 3108 aic78xx - ok
    16:30:26.0162 3108 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
    16:30:26.0162 3108 ALG - ok
    16:30:26.0209 3108 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
    16:30:26.0209 3108 aliide - ok
    16:30:26.0256 3108 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
    16:30:26.0256 3108 amdide - ok
    16:30:26.0318 3108 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
    16:30:26.0318 3108 AmdK8 - ok
    16:30:26.0428 3108 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    16:30:26.0443 3108 AntiVirSchedulerService - ok
    16:30:26.0490 3108 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    16:30:26.0490 3108 AntiVirService - ok
    16:30:26.0537 3108 ApfiltrService (3cc4531f11648a6081a7ba3aa4924d04) C:\Windows\system32\DRIVERS\Apfiltr.sys
    16:30:26.0552 3108 ApfiltrService - ok
    16:30:26.0599 3108 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
    16:30:26.0615 3108 Appinfo - ok
    16:30:26.0708 3108 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:30:26.0708 3108 Apple Mobile Device - ok
    16:30:26.0755 3108 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
    16:30:26.0771 3108 arc - ok
    16:30:26.0818 3108 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
    16:30:26.0833 3108 arcsas - ok
    16:30:26.0896 3108 aspnet_state - ok
    16:30:26.0942 3108 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
    16:30:26.0942 3108 AsyncMac - ok
    16:30:26.0989 3108 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
    16:30:26.0989 3108 atapi - ok
    16:30:27.0067 3108 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
    16:30:27.0083 3108 AudioEndpointBuilder - ok
    16:30:27.0083 3108 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
    16:30:27.0083 3108 AudioSrv - ok
    16:30:27.0098 3108 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
    16:30:27.0114 3108 avgntflt - ok
    16:30:27.0145 3108 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
    16:30:27.0161 3108 avipbb - ok
    16:30:27.0192 3108 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
    16:30:27.0192 3108 BCM42RLY - ok
    16:30:27.0410 3108 BCM43XX (d32f962b71fee6bdaaee630bb2c17280) C:\Windows\system32\DRIVERS\bcmwl664.sys
    16:30:27.0442 3108 BCM43XX - ok
    16:30:27.0629 3108 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
    16:30:27.0660 3108 BFE - ok
    16:30:27.0832 3108 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
    16:30:27.0863 3108 BITS - ok
    16:30:27.0910 3108 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
    16:30:27.0910 3108 blbdrive - ok
    16:30:28.0034 3108 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    16:30:28.0050 3108 Bonjour Service - ok
    16:30:28.0081 3108 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
    16:30:28.0097 3108 bowser - ok
    16:30:28.0144 3108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
    16:30:28.0144 3108 BrFiltLo - ok
    16:30:28.0175 3108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
    16:30:28.0175 3108 BrFiltUp - ok
    16:30:28.0222 3108 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
    16:30:28.0237 3108 Browser - ok
    16:30:28.0284 3108 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
    16:30:28.0284 3108 Brserid - ok
    16:30:28.0346 3108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
    16:30:28.0346 3108 BrSerWdm - ok
    16:30:28.0362 3108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
    16:30:28.0378 3108 BrUsbMdm - ok
    16:30:28.0409 3108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
    16:30:28.0409 3108 BrUsbSer - ok
    16:30:28.0424 3108 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
    16:30:28.0440 3108 BTHMODEM - ok
    16:30:28.0487 3108 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
    16:30:28.0487 3108 cdfs - ok
    16:30:28.0534 3108 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
    16:30:28.0549 3108 cdrom - ok
    16:30:28.0658 3108 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
    16:30:28.0658 3108 CertPropSvc - ok
    16:30:28.0736 3108 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
    16:30:28.0736 3108 circlass - ok
    16:30:28.0799 3108 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
    16:30:28.0814 3108 CLFS - ok
    16:30:28.0892 3108 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:30:28.0908 3108 clr_optimization_v2.0.50727_32 - ok
    16:30:28.0955 3108 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:30:28.0955 3108 clr_optimization_v2.0.50727_64 - ok
    16:30:29.0002 3108 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
    16:30:29.0002 3108 CmBatt - ok
    16:30:29.0048 3108 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
    16:30:29.0048 3108 cmdide - ok
    16:30:29.0080 3108 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
    16:30:29.0080 3108 Compbatt - ok
    16:30:29.0080 3108 COMSysApp - ok
    16:30:29.0158 3108 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
    16:30:29.0173 3108 cpudrv64 - ok
    16:30:29.0173 3108 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
    16:30:29.0189 3108 crcdisk - ok
    16:30:29.0236 3108 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
    16:30:29.0236 3108 CryptSvc - ok
    16:30:29.0392 3108 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
    16:30:29.0407 3108 DcomLaunch - ok
    16:30:29.0438 3108 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
    16:30:29.0454 3108 DfsC - ok
    16:30:29.0532 3108 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
    16:30:29.0532 3108 Dhcp - ok
    16:30:29.0563 3108 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
    16:30:29.0579 3108 disk - ok
    16:30:29.0626 3108 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
    16:30:29.0626 3108 Dnscache - ok
    16:30:29.0750 3108 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
    16:30:29.0766 3108 DockLoginService - ok
    16:30:29.0828 3108 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
    16:30:29.0828 3108 dot3svc - ok
    16:30:29.0891 3108 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
    16:30:29.0891 3108 Dot4 - ok
    16:30:29.0938 3108 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    16:30:29.0953 3108 Dot4Print - ok
    16:30:29.0984 3108 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
    16:30:30.0000 3108 dot4usb - ok
    16:30:30.0062 3108 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
    16:30:30.0062 3108 DPS - ok
    16:30:30.0109 3108 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
    16:30:30.0125 3108 drmkaud - ok
    16:30:30.0265 3108 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
    16:30:30.0296 3108 DXGKrnl - ok
    16:30:30.0406 3108 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
    16:30:30.0421 3108 e1express - ok
    16:30:30.0484 3108 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
    16:30:30.0499 3108 E1G60 - ok
    16:30:30.0546 3108 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
    16:30:30.0546 3108 EapHost - ok
    16:30:30.0608 3108 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
    16:30:30.0608 3108 Ecache - ok
    16:30:30.0702 3108 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
    16:30:30.0718 3108 ehRecvr - ok
    16:30:30.0749 3108 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
    16:30:30.0764 3108 ehSched - ok
    16:30:30.0764 3108 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
    16:30:30.0780 3108 ehstart - ok
    16:30:30.0842 3108 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
    16:30:30.0858 3108 elxstor - ok
    16:30:30.0936 3108 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
    16:30:30.0952 3108 EMDMgmt - ok
    16:30:30.0983 3108 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
    16:30:30.0983 3108 ErrDev - ok
    16:30:31.0061 3108 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
    16:30:31.0076 3108 EventSystem - ok
    16:30:31.0123 3108 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
    16:30:31.0139 3108 exfat - ok
    16:30:31.0217 3108 FACAP (e7f412035b832013fa32f412246c5bff) C:\Windows\system32\DRIVERS\facap.sys
    16:30:31.0232 3108 FACAP - ok
    16:30:31.0279 3108 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
    16:30:31.0279 3108 fastfat - ok
    16:30:31.0326 3108 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
    16:30:31.0342 3108 fdc - ok
    16:30:31.0373 3108 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
    16:30:31.0373 3108 fdPHost - ok
    16:30:31.0388 3108 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
    16:30:31.0388 3108 FDResPub - ok
    16:30:31.0435 3108 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
    16:30:31.0435 3108 FileInfo - ok
    16:30:31.0466 3108 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
    16:30:31.0466 3108 Filetrace - ok
    16:30:31.0482 3108 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    16:30:31.0498 3108 flpydisk - ok
    16:30:31.0560 3108 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
    16:30:31.0560 3108 FltMgr - ok
    16:30:31.0763 3108 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
    16:30:31.0778 3108 FontCache - ok
    16:30:31.0888 3108 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:30:31.0903 3108 FontCache3.0.0.0 - ok
    16:30:31.0950 3108 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
    16:30:31.0950 3108 Fs_Rec - ok
    16:30:31.0997 3108 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
    16:30:31.0997 3108 gagp30kx - ok
    16:30:32.0044 3108 GEARAspiWDM (d279181e1cf2d85d31cdcffd56b16795) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:30:32.0059 3108 GEARAspiWDM - ok
    16:30:32.0168 3108 getPlusHelper (fd7e9aba274df75e08320420b8e9a1d5) C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
    16:30:32.0168 3108 getPlusHelper - ok
    16:30:32.0293 3108 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
    16:30:32.0309 3108 gpsvc - ok
    16:30:32.0402 3108 gupdate1c9f48684a6e73 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:30:32.0418 3108 gupdate1c9f48684a6e73 - ok
    16:30:32.0465 3108 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:30:32.0465 3108 gupdatem - ok
    16:30:32.0527 3108 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    16:30:32.0543 3108 gusvc - ok
    16:30:32.0621 3108 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
    16:30:32.0636 3108 HdAudAddService - ok
    16:30:32.0761 3108 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
    16:30:32.0792 3108 HDAudBus - ok
    16:30:32.0839 3108 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
    16:30:32.0839 3108 HidBth - ok
    16:30:32.0886 3108 HidIr (1d4e03e5c5ba4c3679c38cb6b4c60d5f) C:\Windows\system32\DRIVERS\hidir.sys
    16:30:32.0886 3108 HidIr - ok
    16:30:32.0933 3108 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
    16:30:32.0948 3108 hidserv - ok
    16:30:32.0964 3108 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys
    16:30:32.0964 3108 HidUsb - ok
    16:30:32.0995 3108 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
    16:30:33.0011 3108 hkmsvc - ok
    16:30:33.0058 3108 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
    16:30:33.0058 3108 HpCISSs - ok
    16:30:33.0136 3108 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
    16:30:33.0151 3108 HTTP - ok
    16:30:33.0167 3108 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
    16:30:33.0182 3108 i2omp - ok
    16:30:33.0214 3108 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
    16:30:33.0229 3108 i8042prt - ok
    16:30:33.0276 3108 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
    16:30:33.0292 3108 iaStorV - ok
    16:30:33.0463 3108 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:30:33.0479 3108 idsvc - ok
    16:30:34.0789 3108 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
    16:30:35.0054 3108 igfx - ok
    16:30:35.0210 3108 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
    16:30:35.0210 3108 iirsp - ok
    16:30:35.0288 3108 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
    16:30:35.0304 3108 IKEEXT - ok
    16:30:35.0366 3108 IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\Windows\system32\drivers\IntcHdmi.sys
    16:30:35.0366 3108 IntcHdmiAddService - ok
    16:30:35.0413 3108 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
    16:30:35.0413 3108 intelide - ok
    16:30:35.0460 3108 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
    16:30:35.0460 3108 intelppm - ok
    16:30:35.0569 3108 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    16:30:35.0569 3108 IntuitUpdateServiceV4 - ok
    16:30:35.0616 3108 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
    16:30:35.0616 3108 IPBusEnum - ok
    16:30:35.0647 3108 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:30:35.0663 3108 IpFilterDriver - ok
    16:30:35.0710 3108 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
    16:30:35.0725 3108 iphlpsvc - ok
    16:30:35.0741 3108 IpInIp - ok
    16:30:35.0772 3108 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
    16:30:35.0788 3108 IPMIDRV - ok
    16:30:35.0803 3108 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
    16:30:35.0819 3108 IPNAT - ok
    16:30:35.0850 3108 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
    16:30:35.0850 3108 IRENUM - ok
    16:30:35.0897 3108 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
    16:30:35.0897 3108 isapnp - ok
    16:30:35.0975 3108 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
    16:30:35.0990 3108 iScsiPrt - ok
    16:30:36.0006 3108 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
    16:30:36.0022 3108 iteatapi - ok
    16:30:36.0053 3108 itecir (e157d6b89d87a1b467ecdd66d280a1c2) C:\Windows\system32\DRIVERS\itecir.sys
    16:30:36.0068 3108 itecir - ok
    16:30:36.0100 3108 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
    16:30:36.0100 3108 iteraid - ok
    16:30:36.0162 3108 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
    16:30:36.0178 3108 k57nd60a - ok
    16:30:36.0209 3108 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
    16:30:36.0209 3108 kbdclass - ok
    16:30:36.0224 3108 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
    16:30:36.0240 3108 kbdhid - ok
    16:30:36.0271 3108 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    16:30:36.0271 3108 KeyIso - ok
    16:30:36.0380 3108 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
    16:30:36.0396 3108 KSecDD - ok
    16:30:36.0443 3108 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
    16:30:36.0443 3108 ksthunk - ok
    16:30:36.0521 3108 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
    16:30:36.0552 3108 KtmRm - ok
    16:30:36.0614 3108 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
    16:30:36.0630 3108 LanmanServer - ok
    16:30:36.0692 3108 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
    16:30:36.0708 3108 LanmanWorkstation - ok
    16:30:36.0739 3108 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
    16:30:36.0755 3108 lltdio - ok
    16:30:36.0817 3108 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
    16:30:36.0833 3108 lltdsvc - ok
    16:30:36.0864 3108 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
    16:30:36.0864 3108 lmhosts - ok
    16:30:36.0911 3108 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
    16:30:36.0926 3108 LSI_FC - ok
    16:30:36.0973 3108 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
    16:30:36.0973 3108 LSI_SAS - ok
    16:30:37.0036 3108 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
    16:30:37.0036 3108 LSI_SCSI - ok
    16:30:37.0082 3108 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
    16:30:37.0082 3108 luafv - ok
    16:30:37.0129 3108 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
    16:30:37.0145 3108 Mcx2Svc - ok
    16:30:37.0207 3108 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
    16:30:37.0223 3108 megasas - ok
    16:30:37.0301 3108 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
    16:30:37.0316 3108 MegaSR - ok
    16:30:37.0332 3108 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
    16:30:37.0332 3108 MMCSS - ok
    16:30:37.0379 3108 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
    16:30:37.0379 3108 Modem - ok
    16:30:37.0426 3108 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
    16:30:37.0426 3108 monitor - ok
    16:30:37.0472 3108 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
    16:30:37.0488 3108 mouclass - ok
    16:30:37.0519 3108 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
    16:30:37.0519 3108 mouhid - ok
    16:30:37.0535 3108 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
    16:30:37.0535 3108 MountMgr - ok
    16:30:37.0660 3108 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    16:30:37.0675 3108 MozillaMaintenance - ok
    16:30:37.0706 3108 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
    16:30:37.0722 3108 mpio - ok
    16:30:37.0769 3108 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
    16:30:37.0769 3108 mpsdrv - ok
    16:30:37.0878 3108 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
    16:30:37.0894 3108 MpsSvc - ok
    16:30:37.0909 3108 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
    16:30:37.0925 3108 Mraid35x - ok
    16:30:38.0003 3108 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
    16:30:38.0018 3108 MRxDAV - ok
    16:30:38.0065 3108 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:30:38.0081 3108 mrxsmb - ok
    16:30:38.0143 3108 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:30:38.0159 3108 mrxsmb10 - ok
    16:30:38.0174 3108 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:30:38.0174 3108 mrxsmb20 - ok
    16:30:38.0221 3108 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
    16:30:38.0237 3108 msahci - ok
    16:30:38.0284 3108 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
    16:30:38.0299 3108 msdsm - ok
    16:30:38.0346 3108 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
    16:30:38.0362 3108 MSDTC - ok
    16:30:38.0377 3108 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
    16:30:38.0393 3108 Msfs - ok
    16:30:38.0408 3108 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
    16:30:38.0424 3108 msisadrv - ok
    16:30:38.0486 3108 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
    16:30:38.0502 3108 MSiSCSI - ok
    16:30:38.0502 3108 MSIServer - ok
    16:30:38.0518 3108 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
    16:30:38.0533 3108 MSKSSRV - ok
    16:30:38.0549 3108 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
    16:30:38.0549 3108 MSPCLOCK - ok
    16:30:38.0596 3108 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
    16:30:38.0596 3108 MSPQM - ok
    16:30:38.0658 3108 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
    16:30:38.0674 3108 MsRPC - ok
    16:30:38.0689 3108 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
    16:30:38.0705 3108 mssmbios - ok
    16:30:38.0720 3108 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
    16:30:38.0720 3108 MSTEE - ok
    16:30:38.0736 3108 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
    16:30:38.0752 3108 Mup - ok
    16:30:38.0830 3108 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
    16:30:38.0845 3108 napagent - ok
    16:30:38.0908 3108 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
    16:30:38.0923 3108 NativeWifiP - ok
    16:30:39.0032 3108 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
    16:30:39.0048 3108 NDIS - ok
    16:30:39.0079 3108 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
    16:30:39.0079 3108 NdisTapi - ok
    16:30:39.0095 3108 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
    16:30:39.0095 3108 Ndisuio - ok
    16:30:39.0157 3108 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
    16:30:39.0157 3108 NdisWan - ok
    16:30:39.0173 3108 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
    16:30:39.0188 3108 NDProxy - ok
    16:30:39.0204 3108 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
    16:30:39.0220 3108 NetBIOS - ok
    16:30:39.0266 3108 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
    16:30:39.0282 3108 netbt - ok
    16:30:39.0313 3108 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    16:30:39.0313 3108 Netlogon - ok
    16:30:39.0376 3108 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
    16:30:39.0391 3108 Netman - ok
    16:30:39.0438 3108 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
    16:30:39.0454 3108 netprofm - ok
    16:30:39.0532 3108 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    16:30:39.0547 3108 NetTcpPortSharing - ok
    16:30:39.0594 3108 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
    16:30:39.0594 3108 nfrd960 - ok
    16:30:39.0656 3108 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
    16:30:39.0672 3108 NlaSvc - ok
    16:30:39.0703 3108 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
    16:30:39.0703 3108 Npfs - ok
    16:30:39.0734 3108 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
    16:30:39.0750 3108 nsi - ok
    16:30:39.0750 3108 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
    16:30:39.0766 3108 nsiproxy - ok
    16:30:39.0968 3108 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
    16:30:40.0000 3108 Ntfs - ok
    16:30:40.0156 3108 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
    16:30:40.0156 3108 Null - ok
    16:30:40.0202 3108 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
    16:30:40.0202 3108 nvraid - ok
    16:30:40.0249 3108 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
    16:30:40.0249 3108 nvstor - ok
    16:30:40.0280 3108 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
    16:30:40.0296 3108 nv_agp - ok
    16:30:40.0296 3108 NwlnkFlt - ok
    16:30:40.0296 3108 NwlnkFwd - ok
    16:30:40.0358 3108 OA001Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA001Ufd.sys
    16:30:40.0374 3108 OA001Ufd - ok
    16:30:40.0436 3108 OA001Vid (4b69d156db42b26425ab3b172fa50d92) C:\Windows\system32\DRIVERS\OA001Vid.sys
    16:30:40.0436 3108 OA001Vid - ok
    16:30:40.0499 3108 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
    16:30:40.0514 3108 ohci1394 - ok
    16:30:40.0639 3108 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    16:30:40.0670 3108 p2pimsvc - ok
    16:30:40.0686 3108 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    16:30:40.0702 3108 p2psvc - ok
    16:30:40.0748 3108 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
    16:30:40.0748 3108 Parport - ok
    16:30:40.0795 3108 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
    16:30:40.0795 3108 partmgr - ok
    16:30:40.0826 3108 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
    16:30:40.0842 3108 PcaSvc - ok
    16:30:41.0029 3108 PCD5SRVC{048DBD20-445E8C82-05040104} (58c1cd52347c4835dc3606cd4723f426) C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms
    16:30:41.0029 3108 PCD5SRVC{048DBD20-445E8C82-05040104} - ok
    16:30:41.0076 3108 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
    16:30:41.0092 3108 pci - ok
    16:30:41.0107 3108 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
    16:30:41.0123 3108 pciide - ok
    16:30:41.0170 3108 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
    16:30:41.0185 3108 pcmcia - ok
    16:30:41.0279 3108 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
    16:30:41.0294 3108 PEAUTH - ok
    16:30:41.0404 3108 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
    16:30:41.0404 3108 PerfHost - ok
    16:30:41.0591 3108 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
    16:30:41.0622 3108 pla - ok
    16:30:41.0684 3108 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
    16:30:41.0700 3108 PlugPlay - ok
    16:30:41.0794 3108 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    16:30:41.0794 3108 PNRPAutoReg - ok
    16:30:41.0809 3108 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    16:30:41.0809 3108 PNRPsvc - ok
    16:30:41.0903 3108 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
    16:30:41.0918 3108 PolicyAgent - ok
    16:30:41.0965 3108 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
    16:30:41.0981 3108 PptpMiniport - ok
    16:30:42.0028 3108 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
    16:30:42.0028 3108 Processor - ok
    16:30:42.0074 3108 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
    16:30:42.0074 3108 ProfSvc - ok
    16:30:42.0121 3108 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    16:30:42.0121 3108 ProtectedStorage - ok
    16:30:42.0152 3108 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
    16:30:42.0168 3108 PSched - ok
    16:30:42.0184 3108 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
    16:30:42.0184 3108 PxHlpa64 - ok
    16:30:42.0340 3108 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
    16:30:42.0371 3108 ql2300 - ok
    16:30:42.0402 3108 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
    16:30:42.0402 3108 ql40xx - ok
    16:30:42.0464 3108 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
    16:30:42.0480 3108 QWAVE - ok
    16:30:42.0527 3108 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
    16:30:42.0527 3108 QWAVEdrv - ok
    16:30:42.0870 3108 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
    16:30:42.0932 3108 R300 - ok
    16:30:43.0166 3108 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
    16:30:43.0182 3108 RasAcd - ok
    16:30:43.0213 3108 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
    16:30:43.0213 3108 RasAuto - ok
    16:30:43.0276 3108 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:30:43.0276 3108 Rasl2tp - ok
    16:30:43.0338 3108 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
    16:30:43.0354 3108 RasMan - ok
    16:30:43.0385 3108 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
    16:30:43.0385 3108 RasPppoe - ok
    16:30:43.0416 3108 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
    16:30:43.0416 3108 RasSstp - ok
    16:30:43.0494 3108 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
    16:30:43.0494 3108 rdbss - ok
    16:30:43.0541 3108 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:30:43.0541 3108 RDPCDD - ok
    16:30:43.0603 3108 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
    16:30:43.0619 3108 rdpdr - ok
    16:30:43.0619 3108 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
    16:30:43.0619 3108 RDPENCDD - ok
    16:30:43.0681 3108 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
    16:30:43.0697 3108 RDPWD - ok
    16:30:43.0728 3108 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
    16:30:43.0744 3108 RemoteAccess - ok
    16:30:43.0806 3108 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
    16:30:43.0806 3108 RemoteRegistry - ok
    16:30:43.0837 3108 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
    16:30:43.0853 3108 rimmptsk - ok
    16:30:43.0868 3108 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
    16:30:43.0884 3108 rimsptsk - ok
    16:30:43.0900 3108 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
    16:30:43.0900 3108 rismxdp - ok
    16:30:43.0915 3108 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
    16:30:43.0931 3108 RpcLocator - ok
    16:30:44.0056 3108 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
    16:30:44.0071 3108 RpcSs - ok
    16:30:44.0102 3108 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
    16:30:44.0102 3108 rspndr - ok
    16:30:44.0134 3108 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    16:30:44.0134 3108 SamSs - ok
    16:30:44.0212 3108 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware
     
  8. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    \SASDIFSV64.SYS
    16:30:44.0212 3108 SASDIFSV - ok
    16:30:44.0227 3108 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    16:30:44.0243 3108 SASKUTIL - ok
    16:30:44.0258 3108 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
    16:30:44.0274 3108 sbp2port - ok
    16:30:44.0321 3108 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
    16:30:44.0336 3108 SCardSvr - ok
    16:30:44.0461 3108 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
    16:30:44.0492 3108 Schedule - ok
    16:30:44.0524 3108 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
    16:30:44.0539 3108 SCPolicySvc - ok
    16:30:44.0586 3108 scsiscan (2ab10a2646469bd41bb19d5b94768745) C:\Windows\system32\DRIVERS\scsiscan.sys
    16:30:44.0586 3108 scsiscan - ok
    16:30:44.0633 3108 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
    16:30:44.0648 3108 sdbus - ok
    16:30:44.0711 3108 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
    16:30:44.0726 3108 SDRSVC - ok
    16:30:44.0804 3108 SeaPort - ok
    16:30:44.0836 3108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    16:30:44.0851 3108 secdrv - ok
    16:30:44.0867 3108 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
    16:30:44.0882 3108 seclogon - ok
    16:30:44.0898 3108 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
    16:30:44.0914 3108 SENS - ok
    16:30:44.0929 3108 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
    16:30:44.0929 3108 Serenum - ok
    16:30:44.0976 3108 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
    16:30:44.0992 3108 Serial - ok
    16:30:45.0007 3108 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
    16:30:45.0007 3108 sermouse - ok
    16:30:45.0054 3108 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
    16:30:45.0070 3108 SessionEnv - ok
    16:30:45.0101 3108 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
    16:30:45.0101 3108 sffdisk - ok
    16:30:45.0116 3108 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
    16:30:45.0132 3108 sffp_mmc - ok
    16:30:45.0148 3108 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
    16:30:45.0148 3108 sffp_sd - ok
    16:30:45.0179 3108 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
    16:30:45.0179 3108 sfloppy - ok
    16:30:45.0257 3108 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
    16:30:45.0272 3108 SharedAccess - ok
    16:30:45.0319 3108 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
    16:30:45.0350 3108 ShellHWDetection - ok
    16:30:45.0366 3108 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
    16:30:45.0366 3108 SiSRaid2 - ok
    16:30:45.0397 3108 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
    16:30:45.0413 3108 SiSRaid4 - ok
    16:30:45.0475 3108 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
    16:30:45.0553 3108 SkypeUpdate - ok
    16:30:45.0850 3108 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
    16:30:45.0912 3108 slsvc - ok
    16:30:46.0021 3108 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
    16:30:46.0037 3108 SLUINotify - ok
    16:30:46.0099 3108 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
    16:30:46.0099 3108 Smb - ok
    16:30:46.0115 3108 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
    16:30:46.0130 3108 SNMPTRAP - ok
    16:30:46.0162 3108 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
    16:30:46.0162 3108 spldr - ok
    16:30:46.0208 3108 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
    16:30:46.0224 3108 Spooler - ok
    16:30:46.0302 3108 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    16:30:46.0318 3108 sprtsvc_DellSupportCenter - ok
    16:30:46.0380 3108 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
    16:30:46.0380 3108 srv - ok
    16:30:46.0411 3108 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
    16:30:46.0427 3108 srv2 - ok
    16:30:46.0458 3108 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
    16:30:46.0458 3108 srvnet - ok
    16:30:46.0505 3108 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
    16:30:46.0520 3108 SSDPSRV - ok
    16:30:46.0583 3108 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
    16:30:46.0583 3108 SstpSvc - ok
    16:30:46.0676 3108 STacSV (c5df63ae2693c9b6b01b4a2e6c1c64ac) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
    16:30:46.0692 3108 STacSV - ok
    16:30:46.0801 3108 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
    16:30:46.0817 3108 STHDA - ok
    16:30:46.0895 3108 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
    16:30:46.0926 3108 stisvc - ok
    16:30:47.0035 3108 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    16:30:47.0051 3108 stllssvr - ok
    16:30:47.0113 3108 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
    16:30:47.0113 3108 swenum - ok
    16:30:47.0222 3108 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
    16:30:47.0254 3108 swprv - ok
    16:30:47.0269 3108 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
    16:30:47.0285 3108 Symc8xx - ok
    16:30:47.0300 3108 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
    16:30:47.0316 3108 Sym_hi - ok
    16:30:47.0332 3108 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
    16:30:47.0347 3108 Sym_u3 - ok
    16:30:47.0472 3108 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
    16:30:47.0503 3108 SysMain - ok
    16:30:47.0534 3108 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
    16:30:47.0550 3108 TabletInputService - ok
    16:30:47.0612 3108 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
    16:30:47.0628 3108 TapiSrv - ok
    16:30:47.0659 3108 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
    16:30:47.0675 3108 TBS - ok
    16:30:47.0893 3108 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
    16:30:47.0940 3108 Tcpip - ok
    16:30:47.0956 3108 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
    16:30:47.0971 3108 Tcpip6 - ok
    16:30:48.0002 3108 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
    16:30:48.0018 3108 tcpipreg - ok
    16:30:48.0034 3108 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
    16:30:48.0049 3108 TDPIPE - ok
    16:30:48.0080 3108 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
    16:30:48.0080 3108 TDTCP - ok
    16:30:48.0127 3108 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
    16:30:48.0127 3108 tdx - ok
    16:30:48.0158 3108 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
    16:30:48.0174 3108 TermDD - ok
    16:30:48.0268 3108 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
    16:30:48.0299 3108 TermService - ok
    16:30:48.0346 3108 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
    16:30:48.0361 3108 Themes - ok
    16:30:48.0392 3108 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
    16:30:48.0392 3108 THREADORDER - ok
    16:30:48.0439 3108 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
    16:30:48.0455 3108 TrkWks - ok
    16:30:48.0502 3108 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
    16:30:48.0502 3108 TrustedInstaller - ok
    16:30:48.0548 3108 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:30:48.0548 3108 tssecsrv - ok
    16:30:48.0611 3108 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
    16:30:48.0611 3108 tunmp - ok
    16:30:48.0642 3108 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
    16:30:48.0658 3108 tunnel - ok
    16:30:48.0689 3108 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
    16:30:48.0689 3108 uagp35 - ok
    16:30:48.0767 3108 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
    16:30:48.0782 3108 udfs - ok
    16:30:48.0829 3108 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
    16:30:48.0829 3108 UI0Detect - ok
    16:30:48.0876 3108 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
    16:30:48.0876 3108 uliagpkx - ok
    16:30:48.0938 3108 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
    16:30:48.0954 3108 uliahci - ok
    16:30:49.0001 3108 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
    16:30:49.0016 3108 UlSata - ok
    16:30:49.0063 3108 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
    16:30:49.0079 3108 ulsata2 - ok
    16:30:49.0079 3108 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
    16:30:49.0094 3108 umbus - ok
    16:30:49.0141 3108 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
    16:30:49.0157 3108 upnphost - ok
    16:30:49.0219 3108 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
    16:30:49.0219 3108 usbccgp - ok
    16:30:49.0266 3108 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
    16:30:49.0266 3108 usbcir - ok
    16:30:49.0313 3108 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
    16:30:49.0313 3108 usbehci - ok
    16:30:49.0360 3108 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
    16:30:49.0360 3108 usbhub - ok
    16:30:49.0391 3108 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
    16:30:49.0391 3108 usbohci - ok
    16:30:49.0422 3108 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
    16:30:49.0438 3108 usbprint - ok
    16:30:49.0469 3108 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
    16:30:49.0484 3108 usbscan - ok
    16:30:49.0547 3108 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:30:49.0547 3108 USBSTOR - ok
    16:30:49.0578 3108 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
    16:30:49.0594 3108 usbuhci - ok
    16:30:49.0656 3108 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
    16:30:49.0672 3108 usbvideo - ok
    16:30:49.0703 3108 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
    16:30:49.0703 3108 UxSms - ok
    16:30:49.0781 3108 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
    16:30:49.0812 3108 vds - ok
    16:30:49.0859 3108 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
    16:30:49.0859 3108 vga - ok
    16:30:49.0874 3108 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
    16:30:49.0890 3108 VgaSave - ok
    16:30:49.0906 3108 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
    16:30:49.0906 3108 viaide - ok
    16:30:49.0937 3108 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
    16:30:49.0952 3108 volmgr - ok
    16:30:50.0015 3108 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
    16:30:50.0030 3108 volmgrx - ok
    16:30:50.0623 3108 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
    16:30:50.0639 3108 volsnap - ok
    16:30:50.0686 3108 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
    16:30:50.0701 3108 vsmraid - ok
    16:30:50.0920 3108 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
    16:30:50.0951 3108 VSS - ok
    16:30:51.0029 3108 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
    16:30:51.0044 3108 W32Time - ok
    16:30:51.0107 3108 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
    16:30:51.0122 3108 WacomPen - ok
    16:30:51.0169 3108 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    16:30:51.0185 3108 Wanarp - ok
    16:30:51.0185 3108 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    16:30:51.0185 3108 Wanarpv6 - ok
    16:30:51.0294 3108 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
    16:30:51.0310 3108 wcncsvc - ok
    16:30:51.0341 3108 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
    16:30:51.0356 3108 WcsPlugInService - ok
    16:30:51.0388 3108 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
    16:30:51.0403 3108 Wd - ok
    16:30:51.0450 3108 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    16:30:51.0450 3108 WDC_SAM - ok
    16:30:51.0575 3108 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
    16:30:51.0606 3108 Wdf01000 - ok
    16:30:51.0637 3108 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
    16:30:51.0637 3108 WdiServiceHost - ok
    16:30:51.0637 3108 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
    16:30:51.0637 3108 WdiSystemHost - ok
    16:30:51.0700 3108 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
    16:30:51.0715 3108 WebClient - ok
    16:30:51.0762 3108 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
    16:30:51.0778 3108 Wecsvc - ok
    16:30:51.0824 3108 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
    16:30:51.0824 3108 wercplsupport - ok
    16:30:51.0871 3108 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
    16:30:51.0887 3108 WerSvc - ok
    16:30:51.0934 3108 WinDefend - ok
    16:30:51.0949 3108 WinHttpAutoProxySvc - ok
    16:30:52.0027 3108 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
    16:30:52.0043 3108 Winmgmt - ok
    16:30:52.0324 3108 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
    16:30:52.0370 3108 WinRM - ok
    16:30:52.0573 3108 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
    16:30:52.0589 3108 Wlansvc - ok
    16:30:52.0636 3108 wltrysvc - ok
    16:30:52.0714 3108 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
    16:30:52.0729 3108 WmiAcpi - ok
    16:30:52.0807 3108 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
    16:30:52.0823 3108 wmiApSrv - ok
    16:30:52.0901 3108 WMPNetworkSvc - ok
    16:30:52.0948 3108 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
    16:30:52.0963 3108 WPCSvc - ok
    16:30:53.0010 3108 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
    16:30:53.0026 3108 WPDBusEnum - ok
    16:30:53.0072 3108 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
    16:30:53.0072 3108 WpdUsb - ok
    16:30:53.0182 3108 WPFFontCache_v0400 - ok
    16:30:53.0228 3108 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
    16:30:53.0228 3108 ws2ifsl - ok
    16:30:53.0306 3108 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
    16:30:53.0306 3108 wscsvc - ok
    16:30:53.0322 3108 WSearch - ok
    16:30:53.0634 3108 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    16:30:53.0681 3108 wuauserv - ok
    16:30:53.0852 3108 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:30:53.0852 3108 WUDFRd - ok
    16:30:53.0899 3108 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
    16:30:53.0915 3108 wudfsvc - ok
    16:30:53.0946 3108 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
    16:30:54.0008 3108 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    16:30:54.0008 3108 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    16:30:54.0024 3108 Boot (0x1200) (ed1a8e255bfe1981415f7322f9be41f0) \Device\Harddisk0\DR0\Partition0
    16:30:54.0024 3108 \Device\Harddisk0\DR0\Partition0 - ok
    16:30:54.0024 3108 Boot (0x1200) (a59f46a86d38d795ea09f7f83d9a29de) \Device\Harddisk0\DR0\Partition1
    16:30:54.0024 3108 \Device\Harddisk0\DR0\Partition1 - ok
    16:30:54.0024 3108 ============================================================
    16:30:54.0024 3108 Scan finished
    16:30:54.0024 3108 ============================================================
    16:30:54.0055 2584 Detected object count: 1
    16:30:54.0055 2584 Actual detected object count: 1
    16:32:32.0850 2584 \Device\Harddisk0\DR0\# - copied to quarantine
    16:32:32.0850 2584 \Device\Harddisk0\DR0 - copied to quarantine
    16:32:32.0912 2584 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    16:32:32.0912 2584 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    16:32:32.0928 2584 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    16:32:33.0053 2584 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    16:32:33.0084 2584 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    16:32:33.0100 2584 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    16:32:33.0100 2584 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    16:32:33.0100 2584 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    16:32:33.0100 2584 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    16:32:33.0115 2584 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    16:32:33.0115 2584 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    16:32:33.0115 2584 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    16:32:33.0115 2584 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    16:32:33.0256 2584 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    16:32:33.0302 2584 \Device\Harddisk0\DR0 - ok
    16:32:33.0318 2584 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    16:34:58.0315 2428 Deinitialize success
     
  9. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Good :)

    Re-run MBAM, post new log.
     
  10. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.13.06

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 8.0.6001.18904
    Jan :: JAN-LAPTOP [administrator]

    8/13/2012 5:02:19 PM
    mbam-log-2012-08-13 (17-02-19).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 255438
    Time elapsed: 14 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  11. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    I'll check back tonight and tomorrow........
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Looks good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    http://download.bleepingcomputer.com/grinler/beta/rkill.exe
    http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    Please post BOTH logs, rKill.txt and Combofix.txt.
     
  13. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    Combo fix log:

    ComboFix 12-08-14.05 - Jan 08/14/2012 22:53:32.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4028.2644 [GMT -5:00]
    Running from: c:\users\Jan\Desktop\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Jan\AppData\Local\assembly\tmp
    c:\users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\cookies.sqlite
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-15 04:01 . 2012-08-15 04:09 -------- d-----w- c:\users\Jan\AppData\Local\temp
    2012-08-15 04:01 . 2012-08-15 04:01 -------- d-----w- c:\users\Pat\AppData\Local\temp
    2012-08-15 04:01 . 2012-08-15 04:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-14 21:19 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
    2012-08-14 21:15 . 2012-06-16 07:02 610816 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-14 21:15 . 2012-06-16 11:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-08-14 21:15 . 2012-06-16 06:58 818176 ----a-w- c:\windows\system32\jscript.dll
    2012-08-14 21:15 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
    2012-08-14 21:15 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
    2012-08-14 21:15 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
    2012-08-13 21:32 . 2012-08-13 21:32 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-11 15:33 . 2012-08-11 15:33 -------- d-----w- c:\users\Jan\AppData\Roaming\SpeedyPC Software
    2012-08-11 15:33 . 2012-08-11 15:33 -------- d-----w- c:\users\Jan\AppData\Roaming\DriverCure
    2012-08-11 15:33 . 2012-08-11 15:45 -------- d-----w- c:\programdata\SpeedyPC Software
    2012-08-10 14:23 . 2012-08-10 14:23 -------- d-----w- c:\users\Jan\AppData\Local\Macromedia
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-14 21:16 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
    2012-08-10 14:06 . 2012-04-04 13:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-10 14:06 . 2011-06-26 13:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-03 18:46 . 2009-10-23 04:33 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-08 17:59 . 2012-07-10 21:51 12899840 ----a-w- c:\windows\system32\shell32.dll
    2012-06-05 16:47 . 2012-07-10 21:51 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-05 16:47 . 2012-07-10 21:51 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-05 16:22 . 2012-07-10 21:51 1797120 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 16:22 . 2012-07-10 21:51 1869824 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 15:29 . 2012-07-10 21:51 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 22:19 . 2012-06-22 13:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 13:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 13:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 13:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 13:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
    2012-06-02 22:19 . 2012-06-22 13:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-22 13:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 13:19 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 13:19 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 22:12 . 2012-06-22 13:19 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
    2012-06-02 20:19 . 2012-06-22 13:18 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:19 . 2012-06-22 13:18 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2012-06-02 20:15 . 2012-06-22 13:18 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 20:12 . 2012-06-22 13:18 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
    2012-06-02 00:22 . 2012-07-10 21:51 347136 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 00:22 . 2012-07-10 21:51 254464 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 00:05 . 2012-07-10 21:51 77312 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 00:04 . 2012-07-10 21:51 278528 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 00:03 . 2012-07-10 21:51 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-05-20 04:16 . 2012-05-20 04:17 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-05-20 04:16 . 2010-08-10 16:33 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-03-17 89600]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-24 04:41]
    .
    2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-24 04:41]
    .
    2012-08-15 c:\windows\Tasks\User_Feed_Synchronization-{BD9BF0DD-1EA4-41C1-9F3F-C29183ACF325}.job
    - c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-10 309760]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 4119552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 24.220.0.10 24.220.0.11
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\0m9zm53n.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-FAStartup - (no file)
    Wow6432Node-HKLM-Run-NWEReboot - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
    "ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Dell\DellDock\DockLogin.exe
    c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-14 23:15:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-15 04:15
    .
    Pre-Run: 194,286,731,264 bytes free
    Post-Run: 195,055,845,376 bytes free
    .
    - - End Of File - - DDC6196D08CCB42BB7D5DBC0A40BF56A
     
  14. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Looks good :)

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    OTL logfile created on: 8/14/2012 11:40:12 PM - Run 1
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Jan\Desktop\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18904)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.93 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 67.77% Memory free
    8.09 Gb Paging File | 6.63 Gb Available in Paging File | 81.94% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 181.05 Gb Free Space | 63.88% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 7.03 Gb Free Space | 47.99% Space Free | Partition Type: NTFS

    Computer Name: JAN-LAPTOP | User Name: Jan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/14 23:39:30 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\Desktop\OTL.exe
    PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/06/28 15:13:37 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/04/28 18:04:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/11/06 16:04:43 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2009/03/16 19:59:20 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
    SRV:64bit: - [2009/03/16 19:59:18 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2008/11/17 07:29:18 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/20 23:26:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2011/06/28 15:13:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/04/28 18:04:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
    SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/06/28 15:13:39 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
    DRV:64bit: - [2011/06/28 15:13:39 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/15 21:15:28 | 000,145,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV:64bit: - [2010/03/08 10:03:36 | 000,067,104 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
    DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/03/25 02:28:56 | 000,230,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2009/03/19 16:34:18 | 000,029,544 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/03/16 19:59:22 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/03/08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
    DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
    DRV:64bit: - [2008/11/17 07:29:18 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
    DRV:64bit: - [2008/11/17 07:29:14 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
    DRV:64bit: - [2008/08/19 03:37:58 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2008/08/19 00:39:36 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2008/08/19 00:39:34 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2008/08/19 00:39:32 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2008/08/02 17:36:16 | 000,243,840 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2008/01/20 21:47:25 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\scsiscan.sys -- (scsiscan)
    DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
    DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
    DRV - [2009/12/18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
    DRV - [2008/11/04 18:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B40AF085-400A-4364-B6F6-F52C6FE87E53}
    IE:64bit: - HKLM\..\SearchScopes\{B40AF085-400A-4364-B6F6-F52C6FE87E53}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
    IE - HKCU\..\SearchScopes,DefaultScope = {B40AF085-400A-4364-B6F6-F52C6FE87E53}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{B40AF085-400A-4364-B6F6-F52C6FE87E53}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src=IE-SearchBox
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
    FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/14 11:03:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 23:26:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/20 14:13:36 | 000,000,000 | ---D | M]

    [2009/03/24 11:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\Mozilla\Extensions
    [2012/06/09 23:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\0m9zm53n.default\extensions
    [2009/05/02 22:25:09 | 000,002,207 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\0m9zm53n.default\searchplugins\askcom.xml
    [2012/06/08 22:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/04/20 13:10:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/07/20 23:26:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/02/12 00:30:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/02/12 00:30:34 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/08/14 23:09:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16:64bit: - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x64/client/muweb_site.cab?1256057941838 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1D317C7-4AD6-45B6-9F34-54A2F7991E53}: DhcpNameServer = 24.220.0.10 24.220.0.11
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/14 23:15:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/14 23:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\temp
    [2012/08/14 23:09:27 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/08/14 22:50:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/14 22:50:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/14 22:50:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/14 22:49:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/14 22:49:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/14 20:10:20 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Desktop
    [2012/08/13 18:05:37 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\AVAYAH and TAYAH August 2012
    [2012/08/13 16:32:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/11 10:33:47 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\SpeedyPC Software
    [2012/08/11 10:33:47 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\DriverCure
    [2012/08/11 10:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2012/08/10 14:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/10 09:23:21 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Macromedia
    [2012/08/09 16:30:13 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\DANNY L
    [2012/08/05 23:04:33 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Rice Lake Aug 2012
    [2012/08/05 23:03:48 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Tweeds and Hadley
    [2012/07/28 15:49:07 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Linz hair Ry's scar
    [2012/07/27 13:08:27 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\FB FUN
    [2012/07/27 12:58:16 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\AIRPLANE 7-27-2012
    [2012/07/23 19:30:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\O'Malley
    [7 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/14 23:45:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BD9BF0DD-1EA4-41C1-9F3F-C29183ACF325}.job
    [2012/08/14 23:15:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/14 23:09:33 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/14 23:09:32 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/14 23:09:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/14 23:09:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/14 23:08:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/14 17:24:16 | 000,385,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/13 16:28:43 | 002,117,108 | ---- | M] () -- C:\Users\Jan\Desktop\tdsskiller.zip
    [2012/08/13 14:35:32 | 000,302,592 | ---- | M] () -- C:\Users\Jan\Desktop\j6d2ev8b.exe
    [2012/08/10 19:32:57 | 000,106,496 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/07/29 08:21:20 | 002,094,186 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_3777.JPG
    [2012/07/28 18:58:49 | 000,066,111 | ---- | M] () -- C:\Users\Jan\Desktop\2012 July Alicia Justin Josh.jpg
    [2012/07/28 18:58:29 | 000,059,037 | ---- | M] () -- C:\Users\Jan\Desktop\July 2012 Justin Alicia Josh.jpg
    [2012/07/25 08:50:46 | 000,028,083 | ---- | M] () -- C:\Users\Jan\Desktop\ellie grace myhre justin michael myhre third child.jpg
    [2012/07/16 09:20:17 | 000,002,553 | ---- | M] () -- C:\Users\Jan\Desktop\FrameSize.lnk
    [7 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/14 22:50:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/14 22:50:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/14 22:50:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/14 22:50:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/14 22:50:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/13 16:28:41 | 002,117,108 | ---- | C] () -- C:\Users\Jan\Desktop\tdsskiller.zip
    [2012/08/13 14:35:32 | 000,302,592 | ---- | C] () -- C:\Users\Jan\Desktop\j6d2ev8b.exe
    [2012/07/29 07:54:51 | 002,094,186 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_3777.JPG
    [2012/07/28 18:58:48 | 000,066,111 | ---- | C] () -- C:\Users\Jan\Desktop\2012 July Alicia Justin Josh.jpg
    [2012/07/28 18:58:28 | 000,059,037 | ---- | C] () -- C:\Users\Jan\Desktop\July 2012 Justin Alicia Josh.jpg
    [2012/07/25 08:50:44 | 000,028,083 | ---- | C] () -- C:\Users\Jan\Desktop\ellie grace myhre justin michael myhre third child.jpg
    [2012/02/01 13:33:31 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2009/09/19 15:34:09 | 000,000,047 | ---- | C] () -- C:\Users\Jan\.jupload.properties
    [2009/04/10 21:12:04 | 000,006,756 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps.dat
    [2009/03/22 20:56:51 | 000,106,496 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/03/22 16:34:27 | 000,000,120 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\wklnhst.dat

    ========== LOP Check ==========

    [2012/05/07 22:31:28 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\4Free
    [2012/04/24 22:28:10 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\AnvSoft
    [2012/03/19 22:11:02 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Audacity
    [2012/03/25 15:12:42 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Auslogics
    [2012/08/11 10:33:47 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DriverCure
    [2012/04/18 00:02:16 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\FrameSize Options
    [2011/04/29 17:53:11 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\FTW
    [2009/08/15 10:34:43 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Netscape
    [2009/04/17 18:10:49 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PeerNetworking
    [2010/12/20 16:57:46 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\RedEyePilot
    [2012/08/11 10:33:47 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\SpeedyPC Software
    [2010/08/14 20:14:36 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\SystemRequirementsLab
    [2010/12/15 10:18:48 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Template
    [2010/08/14 20:31:45 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Uniblue
    [2009/08/05 21:01:19 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Wal-Mart
    [2012/05/07 09:00:28 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Wondershare Video Converter Ultimate
    [2012/08/14 23:06:55 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/08/14 23:45:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BD9BF0DD-1EA4-41C1-9F3F-C29183ACF325}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:07BF512B
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5D432CE3

    < End of report >
     
  16. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    OTL Extras logfile created on: 8/14/2012 11:40:12 PM - Run 1
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Jan\Desktop\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18904)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.93 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 67.77% Memory free
    8.09 Gb Paging File | 6.63 Gb Available in Paging File | 81.94% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 181.05 Gb Free Space | 63.88% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 7.03 Gb Free Space | 47.99% Space Free | Partition Type: NTFS

    Computer Name: JAN-LAPTOP | User Name: Jan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp[@ = hlpfile] -- Reg Error: Key error. File not found
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 1
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 77 34 74 3E 1A DF C9 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4168539853-1542520666-1858037403-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 2

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4168539853-1542520666-1858037403-1001]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{081B8C96-98B9-4861-88C2-89505A3876CF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{0D945038-B771-4CB1-87A4-EB2C6F8DED01}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{15B7013F-EFC2-4D3E-A0E8-533A9F109E72}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{218EEB7B-3A0D-4C53-980F-A7DE9BC11155}" = lport=5357 | protocol=6 | dir=in | app=system |
    "{21E140FF-CFD0-434D-B72D-73BB902E4E3F}" = rport=138 | protocol=17 | dir=out | app=system |
    "{2D5B17B5-37F4-49A6-82AF-08E161E90C6E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
    "{2DF001B7-F342-496E-9B15-4146A1AFA9C0}" = rport=5357 | protocol=6 | dir=out | app=system |
    "{36B49010-C38E-4B38-8D69-5756D6F5BF82}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{5F4658E5-D1AA-4A79-B50E-ED5C9FF4775C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{62FBBFBE-94AC-4C4A-9442-9871C831CD8F}" = lport=139 | protocol=6 | dir=in | app=system |
    "{632F11FF-8989-4E1B-8C80-86A5D932472B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{69AF6A35-5D51-4AB7-A807-919E6D3464E8}" = lport=137 | protocol=17 | dir=in | app=system |
    "{6BDBF9B0-396E-4572-B72E-9704E9813A10}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{6E80F746-3481-4E3C-A314-7D6E032A6DA1}" = lport=5358 | protocol=6 | dir=in | app=system |
    "{743170D2-F647-4AE6-8712-D5A761EC05C4}" = rport=139 | protocol=6 | dir=out | app=system |
    "{74FE1B7E-8B87-4A5A-9233-77AC3A8A76C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{7697D638-E4E8-46B6-B33E-1ADB4FD88F61}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{79CE5487-6BE8-4842-A42E-B6C8F1DAB8E6}" = rport=5358 | protocol=6 | dir=out | app=system |
    "{7C6564EC-119A-4F53-8B9B-A9DDA6609F3B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{8382859C-D8F1-4C18-9FD7-68C44F59D63D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{9176F18C-9587-468A-839C-9E8F8A791FBE}" = lport=445 | protocol=6 | dir=in | app=system |
    "{985C722C-5E33-449A-89DB-FFC20C326C96}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{9C6D849D-0E07-48B3-B8A2-53D0CB7E7E61}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
    "{A19ABFBD-B808-4A0E-B09E-F0C7F022C71A}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
    "{BE6677F3-8BAB-4F60-BDC3-FF9973736EBE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{C2A1DCD8-DA67-44CB-B2C2-0518BD2D35A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C318F0D2-1471-4CD4-9255-EBB717442DBB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C8425100-CA40-43C8-9A65-69FEDD013AC3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C8B2ACF6-C4F6-4331-AACC-7353B9C4BE99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{C9FB58A7-F02F-441D-BDB2-3C6D3880D70E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{D129BA61-A179-4DFC-A380-68E5D2E6D41D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D39DDF3D-6FFE-4FB8-9873-949171B658F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DCB43A72-963F-4686-8C52-1D98F04F40FE}" = lport=138 | protocol=17 | dir=in | app=system |
    "{E4573693-A1D0-4E62-BCE0-82956A5DDAB6}" = rport=137 | protocol=17 | dir=out | app=system |
    "{E9FC11DA-4FB5-4B3E-AD47-ABD76FC6E577}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
    "{ED6E8080-2F1A-41E5-87CD-241E09070D86}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{F71AD106-1848-4887-B8D3-F35430FF8017}" = rport=445 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03CCE930-5C2A-430C-BE45-F6685EAA4DD3}" = dir=in | app=c:\program files (x86)\dell\mediadirect\pcmservice.exe |
    "{09A53ECE-97C7-4985-9F34-76D47F6F14ED}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
    "{154ABBCC-B839-4C9A-8BBF-BB27E5BD2737}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
    "{25DBE659-3664-46DE-8AB7-62E648EBA5F7}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
    "{2CC3E2DC-E27F-48F1-AAE5-E23E1667FF51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{51537788-76DF-44C4-9868-2D4452E2A69A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5619F99B-A36F-4C85-9D2B-567D32B600A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5E25B0E1-54B9-43BD-B10C-4C59C3447F55}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{66FBC4C3-C352-49CB-BA19-93C49FF8C694}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{6772B2C5-83E0-4DB0-AFF4-70AC3E116D97}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
    "{68FED341-1A43-4CE6-B25B-7569E31C4B73}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{6FEAB7E4-BEA9-4C46-BEF2-5C78D70FD6BF}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
    "{713BEB6C-C416-42B8-91BC-822B6871A491}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
    "{89BC6F2E-2B43-4C2A-9652-9932D87D60D4}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
    "{9054E965-A77C-436F-BBDF-9385B1B72987}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A3CB555A-E805-49D7-B9CA-2FD0D2F39393}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B227D646-5129-419A-85AA-8E20BB2791DA}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
    "{BF3E10D4-9644-499B-8D8C-946D6CB8B5E8}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
    "{C1B12D85-1ADC-454A-A5DA-15FB3C243C21}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C30B2EB4-F9B5-4C41-A949-187C3B89BDCD}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
    "{C595823B-0D1F-492C-8C3F-BCD38806D17A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C793ED6D-A9BF-42D9-940F-10E24ACA4F20}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{C84BE770-9857-477B-91E0-1FC589980A75}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{C8AE984F-E45E-4AC2-BC86-DDFE568F2518}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{CA2E623A-7422-4169-A1AD-55E9AAE1D6BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{CE9034C2-AA0B-43FF-81C4-034FD2D9521A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{CEBDEB88-6ED3-4BFC-94C4-B09F455B2945}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{D686926B-6B65-4ED8-BC11-C6E30088EC61}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{DF5C3FBB-0F0E-4DDB-9B4D-C993F64B206F}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
    "{ECA0AC6F-9F0E-4718-8EAC-63C0F01755B7}" = protocol=6 | dir=out | app=system |
    "{F4814A89-BDB1-4F63-B0E1-5CF928D20A1B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F7A529AB-C8C7-4EDF-B6F2-8F5481559AF5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{FC0858A7-26CB-4EB4-BDE6-1B6603DC3F92}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
    "TCP Query User{2A76099A-F388-447B-8C9A-8AE0F515FA6C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "TCP Query User{AC20D3EE-D628-4E86-AF7F-F3C6C46E2A5A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "TCP Query User{F574FD27-461D-4CEB-A382-604619E32E37}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "UDP Query User{24E8EB8B-37DA-435E-B67D-5839931DBD13}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "UDP Query User{E5660438-099E-4F92-9B44-2FBA3FAB1211}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "UDP Query User{EFC32E01-ADD7-4830-9F92-DF4D8C0C922D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
    "Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "VueScan" = VueScan

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0D96F965-9288-4894-8F33-7E92C4E938B9}" = FrameSize
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}" = Modem Diagnostics Tool
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
    "{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}" = Family Tree Maker 2011
    "{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{63661EBF-B4DC-4993-AF40-9F81178A3404}" = TurboTax 2011 wndiper
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{7061301A-0D44-432F-859D-AF705DA2C81F}_is1" = 4Free Video Converter 2
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95ED1AC3-DF2A-4719-B029-909C0875CD8F}" = Creative Memories StoryBook Creator Plus 3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
    "AVerMedia MCE Encoder x64" = AVerMedia MCE Encoder x64 3.0.1.0
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "CameraUserGuide-PSSX40HS" = Canon PowerShot SX40 HS Camera User Guide
    "CameraWindowDC8" = Canon Utilities CameraWindow DC 8
    "CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
    "Canon MOV Decoder" = Canon MOV Decoder
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dell Video Chat" = Dell Video Chat (remove only)
    "Dell Webcam Central" = Dell Webcam Central
    "Family Tree Maker 2011" = Family Tree Maker 2011
    "InstallShield_{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MyCamera" = Canon Utilities MyCamera
    "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picasa 3" = Picasa 3
    "RealPlayer 12.0" = RealPlayer
    "Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
    "TurboTax 2011" = TurboTax 2011
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f031ef6ac137efc5" = Dell Driver Download Manager

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/14/2012 9:05:53 PM | Computer Name = Jan-Laptop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3409620

    Error - 8/14/2012 9:05:53 PM | Computer Name = Jan-Laptop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3409620

    Error - 8/14/2012 9:58:22 PM | Computer Name = Jan-Laptop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/14/2012 9:58:22 PM | Computer Name = Jan-Laptop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2612143

    Error - 8/14/2012 9:58:22 PM | Computer Name = Jan-Laptop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2612143

    Error - 8/14/2012 11:18:19 PM | Computer Name = Jan-Laptop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/14/2012 11:18:19 PM | Computer Name = Jan-Laptop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4448697

    Error - 8/14/2012 11:18:19 PM | Computer Name = Jan-Laptop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4448697

    Error - 8/14/2012 11:41:20 PM | Computer Name = Jan-Laptop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/14/2012 11:41:20 PM | Computer Name = Jan-Laptop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1048919

    Error - 8/14/2012 11:41:20 PM | Computer Name = Jan-Laptop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1048919

    [ Broadcom Wireless LAN Events ]
    Error - 7/19/2012 4:46:47 PM | Computer Name = Jan-Laptop | Source = WLAN-Tray | ID = 0
    Description = 15:46:47, Thu, Jul 19, 12 Error - Unable to gain access to user store


    [ Media Center Events ]
    Error - 9/30/2009 11:13:50 AM | Computer Name = Jan-Laptop | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 10/1/2009 7:28:35 PM | Computer Name = Jan-Laptop | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 10/1/2009 8:07:14 PM | Computer Name = Jan-Laptop | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 10/1/2009 9:53:43 PM | Computer Name = Jan-Laptop | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 10/1/2009 9:54:51 PM | Computer Name = Jan-Laptop | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 10/3/2009 1:04:37 PM | Computer Name = Jan-Laptop | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 10/10/2009 10:19:29 PM | Computer Name = Jan-Laptop | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 10/14/2009 3:49:52 PM | Computer Name = Jan-Laptop | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 10/14/2009 3:51:09 PM | Computer Name = Jan-Laptop | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 11/5/2009 8:05:15 PM | Computer Name = Jan-Laptop | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    [ System Events ]
    Error - 8/10/2012 7:48:31 PM | Computer Name = Jan-Laptop | Source = BROWSER | ID = 8032
    Description =

    Error - 8/10/2012 8:29:24 PM | Computer Name = Jan-Laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description =

    Error - 8/10/2012 8:30:09 PM | Computer Name = Jan-Laptop | Source = DCOM | ID = 10005
    Description =

    Error - 8/10/2012 8:30:18 PM | Computer Name = Jan-Laptop | Source = DCOM | ID = 10005
    Description =

    Error - 8/10/2012 8:30:25 PM | Computer Name = Jan-Laptop | Source = DCOM | ID = 10005
    Description =

    Error - 8/10/2012 8:30:38 PM | Computer Name = Jan-Laptop | Source = DCOM | ID = 10005
    Description =

    Error - 8/11/2012 1:57:51 PM | Computer Name = Jan-Laptop | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 8/14/2012 5:13:47 PM | Computer Name = Jan-Laptop | Source = BROWSER | ID = 8032
    Description =

    Error - 8/14/2012 7:53:08 PM | Computer Name = Jan-Laptop | Source = BROWSER | ID = 8032
    Description =

    Error - 8/15/2012 12:00:57 AM | Computer Name = Jan-Laptop | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.


    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
      O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      [2012/08/11 10:33:47 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\SpeedyPC Software
      @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:07BF512B
      @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5D432CE3
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ========================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    C:\Users\Jan\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
    C:\Users\Jan\AppData\Roaming\SpeedyPC Software folder moved successfully.
    ADS C:\ProgramData\TEMP:07BF512B deleted successfully.
    ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 41 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jan
    ->Temp folder emptied: 33878 bytes
    ->Temporary Internet Files folder emptied: 2008298 bytes
    ->Java cache emptied: 38522701 bytes
    ->FireFox cache emptied: 60249705 bytes
    ->Flash cache emptied: 2835896 bytes

    User: Pat
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 157915 bytes
    ->Java cache emptied: 1395613 bytes
    ->FireFox cache emptied: 51605922 bytes
    ->Flash cache emptied: 124910 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 294485 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52711 bytes
    RecycleBin emptied: 34031180 bytes

    Total Files Cleaned = 182.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Jan
    ->Java cache emptied: 0 bytes

    User: Pat
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jan
    ->Flash cache emptied: 0 bytes

    User: Pat
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.57.0 log created on 08152012_110943

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  19. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    Results of screen317's Security Check version 0.99.43
    Windows Vista Service Pack 2 x64 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AntiVir Desktop
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Auslogics Registry Cleaner
    Java(TM) 6 Update 32
    Java version out of Date!
    Adobe Flash Player 11.3.300.270
    Adobe Reader X (10.1.3)
    Mozilla Firefox (14.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
    ````````````````````End of Log``````````````````````
     
  20. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    Farbar Service Scanner Version: 06-08-2012
    Ran by Jan (administrator) on 15-08-2012 at 11:26:46
    Running from "C:\Users\Jan\Desktop\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcsvc.dll
    [2009-05-27 16:29] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

    C:\Windows\System32\drivers\afd.sys
    [2012-02-18 11:04] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-09 12:14] - [2012-03-30 07:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

    C:\Windows\System32\dnsrslvr.dll
    [2011-04-13 14:39] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

    C:\Windows\System32\mpssvc.dll
    [2009-05-27 16:29] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

    C:\Windows\System32\bfe.dll
    [2009-05-27 16:28] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe
    [2009-05-27 16:30] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

    C:\Windows\System32\wscsvc.dll
    [2009-05-27 16:28] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

    C:\Windows\System32\wbem\WMIsvc.dll
    [2009-05-27 16:29] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll
    [2009-05-27 16:30] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

    C:\Windows\System32\es.dll
    [2009-05-27 16:30] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

    C:\Windows\System32\cryptsvc.dll
    [2012-06-13 17:01] - [2012-04-23 11:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-05-27 16:30] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



    **** End of log ****
     
  21. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    I ran TFC and here is ESET online scanner results:

    C:\TDSSKiller_Quarantine\13.08.2012_16.30.20\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.08.2012_16.30.20\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.08.2012_16.30.20\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.08.2012_16.30.20\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.08.2012_16.30.20\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.08.2012_16.30.20\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.08.2012_16.30.20\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.08.2012_16.30.20\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
     
  22. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Uninstall Auslogics Registry Cleaner.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ========================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===========================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  23. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jan
    ->Temp folder emptied: 815078 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 38814560 bytes
    ->Flash cache emptied: 506 bytes

    User: Pat
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 38.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jan
    ->Flash cache emptied: 0 bytes

    User: Pat
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Jan
    ->Java cache emptied: 0 bytes

    User: Pat
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.57.0 log created on 08152012_142353

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  24. Grammy

    Grammy TS Rookie Topic Starter Posts: 17

    I followed the rest of your instructions and the computer is not stalling anymore when I use the browser. I changed passwords and will download PSI and TFC. Thank you so much...........I deleted the files/folders that were used during this process. Is there anything else I need to do?
     
  25. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Way to go!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.