TechSpot

Windows 7 Antivirus 2012 Removed - Now no internet or firewall!

Inactive
By efre2
Jan 14, 2012
Topic Status:
Not open for further replies.
  1. I was infected with the Windows 7 Antivirus 2012 virus yesterday and I believe I removed it following the instructions at http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012.

    Today, however, I am unable to connect to the internet on my computer (a PC that is physically connected to a router) and I've also noticed that I cannot access my windows firewall. All my wireless devices are connecting to the net.

    I have done some searching and have seen people with similar problems but none of the fixes for them have helped me connect to the internet.

    Any help would be greatly appreciated.

    Thanks.
  2. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  3. efre2

    efre2 TS Rookie Topic Starter Posts: 20

    Thanks for the quick reply!

    Here is the log:

    Farbar Service Scanner
    Ran by Elliot (administrator) on 14-01-2012 at 16:13:54
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    Thanks
  4. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Nothing wrong there.

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices (do NOT change any settings here)
    • List Users, Partitions and Memory size
    Click Go and post the result.
  5. efre2

    efre2 TS Rookie Topic Starter Posts: 20

    MiniToolBox by Farbar
    Ran by Elliot (administrator) on 14-01-2012 at 16:20:46
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    ========================= Hosts content: =================================

    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection 3 (Connected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Elliot-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection 3:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet #2
    Physical Address. . . . . . . . . : 78-2B-CB-A0-3C-B4
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::b4db:e84b:de2c:24cf%16(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Saturday, 14 January 2012 4:03:33 PM
    Lease Expires . . . . . . . . . . : Sunday, 15 January 2012 4:03:33 PM
    Default Gateway . . . . . . . . . : 192.168.0.1
    DHCP Server . . . . . . . . . . . : 192.168.0.1
    DHCPv6 IAID . . . . . . . . . . . : 276310987
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-D9-35-6A-84-2B-2B-C0-84-93
    DNS Servers . . . . . . . . . . . : 192.168.0.1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{A3E04FAD-2ADE-4519-B7EE-6F7A8F57E2A8}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: www.routerlogin.com
    Address: 192.168.0.1

    Name: google.com
    Addresses: 74.125.237.144
    74.125.237.145
    74.125.237.147
    74.125.237.148
    74.125.237.146


    Pinging google.com [74.125.237.114] with 32 bytes of data:
    Reply from 74.125.237.114: bytes=32 time=26ms TTL=56
    Reply from 74.125.237.114: bytes=32 time=26ms TTL=57

    Ping statistics for 74.125.237.114:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 26ms, Average = 26ms
    Server: www.routerlogin.com
    Address: 192.168.0.1

    Name: yahoo.com
    Addresses: 72.30.2.43
    209.191.122.70
    98.137.149.56
    98.139.180.149


    Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
    Reply from 98.139.180.149: bytes=32 time=351ms TTL=49
    Reply from 98.139.180.149: bytes=32 time=297ms TTL=49

    Ping statistics for 98.139.180.149:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 297ms, Maximum = 351ms, Average = 324ms
    Server: www.routerlogin.com
    Address: 192.168.0.1

    Name: bleepingcomputer.com
    Address: 208.43.87.2


    Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
    Reply from 208.43.87.2: Destination host unreachable.
    Reply from 208.43.87.2: Destination host unreachable.

    Ping statistics for 208.43.87.2:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    16...78 2b cb a0 3c b4 ......Broadcom NetLink (TM) Gigabit Ethernet #2
    1...........................Software Loopback Interface 1
    11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
    12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 20
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    192.168.0.0 255.255.255.0 On-link 192.168.0.5 276
    192.168.0.5 255.255.255.255 On-link 192.168.0.5 276
    192.168.0.255 255.255.255.255 On-link 192.168.0.5 276
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 192.168.0.5 276
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 192.168.0.5 276
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    16 276 fe80::/64 On-link
    16 276 fe80::b4db:e84b:de2c:24cf/128
    On-link
    1 306 ff00::/8 On-link
    16 276 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 04 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
    Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 21 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 22 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 23 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 24 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 25 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 26 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 27 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 28 C:\Windows\SysWOW64\rsvpsp.dll [File Not found] ()
    Catalog9 29 C:\Windows\SysWOW64\rsvpsp.dll [File Not found] ()
    x64-Catalog5 01 mswsock.dll [File Not found] ()
    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 mswsock.dll [File Not found] ()
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
    x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
    x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
    x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
    x64-Catalog9 01 mswsock.dll [File Not found] ()
    x64-Catalog9 02 mswsock.dll [File Not found] ()
    x64-Catalog9 03 mswsock.dll [File Not found] ()
    x64-Catalog9 04 mswsock.dll [File Not found] ()
    x64-Catalog9 05 mswsock.dll [File Not found] ()
    x64-Catalog9 06 mswsock.dll [File Not found] ()
    x64-Catalog9 07 mswsock.dll [File Not found] ()
    x64-Catalog9 08 mswsock.dll [File Not found] ()
    x64-Catalog9 09 mswsock.dll [File Not found] ()
    x64-Catalog9 10 mswsock.dll [File Not found] ()

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (01/14/2012 03:41:16 PM) (Source: Application Hang) (User: )
    Description: The program mbam.exe version 1.51.0.1118 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 374

    Start Time: 01ccd2765ae9fe00

    Termination Time: 0

    Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

    Report Id: eec26358-3e69-11e1-86fe-782bcba03cb4

    Error: (01/14/2012 03:16:31 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x000222cb
    Faulting process id: 0xc38
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (01/14/2012 02:13:28 PM) (Source: Microsoft-Windows-CAPI2) (User: )
    Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

    Details:
    Could not query the status of the EventSystem service.

    System Error:
    A system shutdown is in progress.
    .

    Error: (01/14/2012 01:41:08 PM) (Source: Application Hang) (User: )
    Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 6d0

    Start Time: 01ccd26483d9c89d

    Termination Time: 60000

    Application Path: C:\Windows\Explorer.EXE

    Report Id: e7f1bc42-3e58-11e1-bf23-782bcba03cb4

    Error: (01/14/2012 01:19:46 PM) (Source: Application Error) (User: )
    Description: Faulting application name: McItInfo.exe, version: 11.0.556.0, time stamp: 0x4dc24268
    Faulting module name: McItInfo.exe, version: 11.0.556.0, time stamp: 0x4dc24268
    Exception code: 0xc0000005
    Fault offset: 0x0001f7a5
    Faulting process id: 0x15ec
    Faulting application start time: 0xMcItInfo.exe0
    Faulting application path: McItInfo.exe1
    Faulting module path: McItInfo.exe2
    Report Id: McItInfo.exe3

    Error: (01/14/2012 01:19:37 PM) (Source: Application Error) (User: )
    Description: Faulting application name: Install.exe_McAfee Integrated Security Platform Installer, version: 5.3.128.0, time stamp: 0x4dc85b48
    Faulting module name: Dwnload.dll, version: 5.3.128.0, time stamp: 0x4dc85b2c
    Exception code: 0xc0000005
    Fault offset: 0x0002037a
    Faulting process id: 0xfc4
    Faulting application start time: 0xInstall.exe_McAfee Integrated Security Platform Installer0
    Faulting application path: Install.exe_McAfee Integrated Security Platform Installer1
    Faulting module path: Install.exe_McAfee Integrated Security Platform Installer2
    Report Id: Install.exe_McAfee Integrated Security Platform Installer3

    Error: (01/14/2012 00:43:14 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (01/14/2012 00:43:14 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (01/14/2012 00:41:18 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
    Faulting module name: WS2_32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba68
    Exception code: 0xc0000005
    Fault offset: 0x00006fb2
    Faulting process id: 0x10fc
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (01/14/2012 00:32:48 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


    System errors:
    =============
    Error: (01/14/2012 04:06:15 PM) (Source: Service Control Manager) (User: )
    Description: The MemeoBackgroundService service failed to start due to the following error:
    %%1053

    Error: (01/14/2012 04:06:15 PM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the MemeoBackgroundService service to connect.

    Error: (01/14/2012 04:03:33 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    mfewfpk

    Error: (01/14/2012 03:58:45 PM) (Source: Service Control Manager) (User: )
    Description: The MemeoBackgroundService service failed to start due to the following error:
    %%31

    Error: (01/14/2012 03:55:44 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    mfewfpk

    Error: (01/14/2012 03:53:24 PM) (Source: Service Control Manager) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (01/14/2012 03:53:17 PM) (Source: Service Control Manager) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (01/14/2012 03:50:28 PM) (Source: Application Popup) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (01/14/2012 03:46:31 PM) (Source: Service Control Manager) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (01/14/2012 03:32:46 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.


    Microsoft Office Sessions:
    =========================
    Error: (06/10/2011 08:41:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 177380 seconds with 120 seconds of active time. This session ended with a crash.

    Error: (03/06/2011 10:13:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2083 seconds with 1440 seconds of active time. This session ended with a crash.

    Error: (02/11/2011 06:39:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (02/11/2011 06:29:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.


    ========================= Devices: ================================

    Name: McAfee Inc. mfewfpk
    Description: McAfee Inc. mfewfpk
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: mfewfpk
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ========================= Memory info: ===================================

    Percentage of memory in use: 21%
    Total physical RAM: 8174.45 MB
    Available physical RAM: 6431.7 MB
    Total Pagefile: 16347.09 MB
    Available Pagefile: 13909.54 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3959.25 MB

    ========================= Partitions: =====================================

    1 Drive c: (OS) (Fixed) (Total:1850.64 GB) (Free:1671.82 GB) NTFS
    2 Drive d: (Data) (Fixed) (Total:1863.01 GB) (Free:1124.81 GB) NTFS
    4 Drive f: (POCKET) (Removable) (Total:3.72 GB) (Free:1.24 GB) FAT32
    8 Drive j: (My Book) (Fixed) (Total:1396.61 GB) (Free:1163.86 GB) NTFS
    11 Drive z: (WD SmartWare) (CDROM) (Total:0.65 GB) (Free:0 GB) UDF

    ========================= Users: ========================================

    User accounts for \\ELLIOT-PC

    Administrator Elliot Guest


    **** End of log ****
  6. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    All settings are fine as well.

    Something is simply blocking your browsers.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
  7. efre2

    efre2 TS Rookie Topic Starter Posts: 20

    I have reinstalled Malwarebyte's but can't update it (I assume because my internet is not working?).

    I am currently running a quick scan (with a database that is 136 days old).

    In the meantime, here is the log of the initial scan I ran yesterday that I picked up some problem files. I will post the other logs ASAP.

    Thanks again.



    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.13.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Elliot :: ELLIOT-PC [administrator]

    13/01/2012 7:47:53 PM
    mbam-log-2012-01-13 (19-47-53).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 725269
    Time elapsed: 3 hour(s), 18 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 19
    C:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> No action taken.
    C:\Users\Elliot\AppData\Local\gap.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
    C:\Users\Elliot\AppData\Local\Temp\oiu0.9895232175286958.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Users\Elliot\AppData\Local\Temp\~!#3DD0.tmp (Spyware.Password) -> Quarantined and deleted successfully.
    C:\Users\Elliot\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\e9a7bd6-4bec87c2 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Windows\System32\SPLS1.com (Trojan.Krypt) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\SPLS1.com (Trojan.Krypt) -> Quarantined and deleted successfully.
    C:\Windows\Temp\vcnpvc\setup.exe (Trojan.Krypt) -> Quarantined and deleted successfully.
    D:\ELLIOT\School\Year 12\Physics\Scotts Physics\VCEPhysics1and2Software\11WavelikePropertiesofLight\LiteWavRay06.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    D:\ELLIOT\School\Year 12\Physics\Scotts Physics\VCEPhysics1and2Software\11WavelikePropertiesofLight\Polarize06.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    D:\ELLIOT\School\Year 12\Physics\Scotts Physics\VCEPhysics1and2Software\12Nuclear&Radioactivity\AtomicTheoryDevt06.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    D:\ELLIOT\School\Year 12\Physics\Scotts Physics\VCEPhysics1and2Software\21Movement\Acceleration06.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    D:\ELLIOT\School\Year 12\Physics\Scotts Physics\VCEPhysics1and2Software\22Electricity\ElectricMENU04.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    D:\ELLIOT\School\Year 12\Physics\Scotts Physics\VCEPhysics1and2Software\22Electricity\ElectricMENU06.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    D:\ELLIOT\School\Year 12\Physics\Scotts Physics\VCEPhysics1and2Software\ExperimentalData\EXPTECHNIQUE.EXE (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    D:\ELLIOT\School\Year 12\Physics\Scotts Physics\VCEPhysics3and4Software\45Sound\ElMagWaveCharcs06.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    D:\ELLIOT\School\Year 12\Physics\Scotts Physics\VCEPhysics3and4Software\ExperimentalData\EXPTECHNIQUE.EXE (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    F:\System Volume Information\_restore{C9127370-AC13-425F-9CAF-4A1189BBB07B}\RP39\A0009639.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
    F:\System Volume Information\_restore{C9127370-AC13-425F-9CAF-4A1189BBB07B}\RP39\A0009645.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.

    (end)
  8. Broni

    Broni Malware Annihilator Posts: 46,775   +254

  9. efre2

    efre2 TS Rookie Topic Starter Posts: 20

    Sorry that took so long...

    Malwarebytes:


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7622

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    14/01/2012 5:27:49 PM
    mbam-log-2012-01-14 (17-27-49).txt

    Scan type: Quick scan
    Objects scanned: 195692
    Time elapsed: 2 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    ==============

    GMER:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-14 17:25:13
    Windows 6.1.7601 Service Pack 1
    Running: hwwu458l.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08C6933A-7343-8698-BC45-229DE03C6E2E}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08C6933A-7343-8698-BC45-229DE03C6E2E}@iagndnkacaindennod 0x6A 0x61 0x68 0x67 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08C6933A-7343-8698-BC45-229DE03C6E2E}@haenbneklleknpke 0x6A 0x61 0x68 0x67 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08C6933A-7343-8698-BC45-229DE03C6E2E}@fagnkmnpjakn 0x65 0x61 0x63 0x64 ...

    ---- Files - GMER 1.0.15 ----

    File C:\Users\Elliot\AppData\Roaming\systemfl.$dk 990 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS018E8.log 1048576 bytes
    File C:\Windows\SysWOW64\sys_drv_2.dat 5020 bytes
    File C:\Windows\SysWOW64\WinFLdrv.sys 21888 bytes executable <-- ROOTKIT !!!

    ---- Services - GMER 1.0.15 ----

    Service C:\Windows\SysWOW64\WinFLdrv.sys [AUTO] WinFLdrv <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
  10. efre2

    efre2 TS Rookie Topic Starter Posts: 20

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by Elliot at 17:28:23 on 2012-01-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8174.6147 [GMT 11:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackup.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWoW64\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\SysWOW64\msdt.exe
    C:\Windows\SysWOW64\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110608190706.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    uRun: [Facebook Update] "C:\Users\Elliot\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [WD Anywhere Backup] C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f
    StartupFolder: C:\Users\Elliot\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Elliot\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{4992DDE0-4E46-4A99-B003-70B28911F6FA} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{C8CB7EEF-2D14-45AA-A68A-AC835BB4F425} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{D95F3F13-1B54-464E-A0CE-B9D7A88B903A} : DhcpNameServer = 198.142.0.51 61.88.88.88
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110608190706.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
    BHO-X64: Vuze Remote - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    mRun-x64: [WD Anywhere Backup] C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Elliot\AppData\Roaming\Mozilla\Firefox\Profiles\jlj4gjgr.default\
    FF - component: C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Elliot\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Elliot\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Elliot\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Elliot\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-6-29 158720]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-6-1 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-6-1 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-6-1 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-1-31 197960]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-1-31 208272]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2011-1-31 158832]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2009-11-13 25824]
    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    S3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
    S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-12-14 25072]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-31 13336]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-6-1 249936]
    S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
    S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
    S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-31 705856]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-01-21 04:19:21 -------- d-----w- C:\Users\Elliot\AppData\Local\{86430B88-D1AB-4A99-9AEF-252B555B3915}
    2012-01-14 05:04:53 -------- d-s---w- C:\ComboFix
    2012-01-14 04:55:41 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-01-14 04:42:04 98816 ----a-w- C:\Windows\sed.exe
    2012-01-14 04:42:04 518144 ----a-w- C:\Windows\SWREG.exe
    2012-01-14 04:42:04 256000 ----a-w- C:\Windows\PEV.exe
    2012-01-14 04:42:04 184320 ----a-w- C:\Windows\MBR.exe
    2012-01-14 04:27:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-01-14 02:11:34 -------- d-----w- C:\Users\Elliot\AppData\Local\{7F0C2A54-8BB3-4229-B5A1-3B4F9B3660A2}
    2012-01-14 02:11:15 -------- d-----w- C:\Users\Elliot\AppData\Local\{CC309D7B-4749-4140-A12C-1897BD29C757}
    2012-01-14 02:10:33 -------- d-----w- C:\Users\Elliot\AppData\Roaming\Ybews
    2012-01-14 02:10:33 -------- d-----w- C:\Users\Elliot\AppData\Roaming\Okm
    2012-01-14 01:36:33 -------- d-----w- C:\Users\Elliot\AppData\Local\{E87EB522-5391-4000-9D54-E89864A9AB05}
    2012-01-14 01:26:38 -------- d-----w- C:\Users\Elliot\AppData\Local\{1E7212CF-A89E-4115-810D-0E49CEB6D7D8}
    2012-01-14 01:09:58 -------- d-----w- C:\Users\Elliot\AppData\Local\{03BE3113-C494-4232-829F-74812936379B}
    2012-01-14 01:03:28 -------- d-----w- C:\Users\Elliot\AppData\Local\{B3F75082-B40B-4D66-9A33-E2D0D60EA57A}
    2012-01-14 00:56:48 -------- d-----w- C:\Users\Elliot\AppData\Local\{F9D0D57F-F344-484F-A393-6D4765D61DE5}
    2012-01-14 00:50:25 -------- d-----w- C:\Users\Elliot\AppData\Local\{7638B5C0-E615-4B41-A1E2-86D6F3FEC357}
    2012-01-14 00:43:37 -------- d-----w- C:\Users\Elliot\AppData\Roaming\BACS.exe
    2012-01-14 00:16:28 -------- d-----w- C:\Program Files\Broadcom
    2012-01-14 00:15:37 -------- d-----w- C:\Windows\Dell
    2012-01-14 00:14:21 -------- d-----w- C:\Users\Elliot\AppData\Local\Downloaded Installations
    2012-01-14 00:10:57 -------- d-----w- C:\Users\Elliot\AppData\Local\{169A4083-9479-4A84-A27B-189BB719033B}
    2012-01-13 21:38:49 -------- d-----w- C:\Users\Elliot\AppData\Local\{B2C514AF-F436-47F8-873A-ACF8256F15BA}
    2012-01-13 08:45:32 -------- d-----w- C:\Users\Elliot\AppData\Roaming\Malwarebytes
    2012-01-13 08:45:28 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-01-13 08:45:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-01-13 06:55:37 -------- d-----w- C:\Users\Elliot\AppData\Local\{55DCD8A1-247B-49A4-82B5-FE14DF9D2FB8}
    2012-01-12 18:55:12 -------- d-----w- C:\Users\Elliot\AppData\Local\{D255449F-4D4C-4B06-ABA3-7A4A8FAACF61}
    2012-01-12 06:54:41 -------- d-----w- C:\Users\Elliot\AppData\Local\{F4922F54-966D-4D00-A7B0-A777F66EDD86}
    2012-01-12 06:54:27 -------- d-----w- C:\Users\Elliot\AppData\Local\{414697F0-EDF7-4998-B6C9-F89933EA8449}
    2012-01-11 18:54:00 -------- d-----w- C:\Users\Elliot\AppData\Local\{42FEE5CE-558B-407D-9266-AE24FFD9C64E}
    2012-01-11 18:53:48 -------- d-----w- C:\Users\Elliot\AppData\Local\{D63E16EE-6FA2-4992-A726-AFE79F014D7B}
    2012-01-11 09:36:48 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-01-11 09:36:48 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-01-11 09:36:48 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-01-11 09:36:48 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-01-11 09:36:43 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2012-01-11 09:36:43 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-01-11 09:36:38 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-01-11 09:36:38 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-01-11 06:53:22 -------- d-----w- C:\Users\Elliot\AppData\Local\{D7C74817-631D-4B66-A4E9-B5C8621AF6E8}
    2012-01-10 18:52:57 -------- d-----w- C:\Users\Elliot\AppData\Local\{CA3E10DE-7F7B-47C8-AA49-73AD26076395}
    2012-01-10 06:52:32 -------- d-----w- C:\Users\Elliot\AppData\Local\{6B2E45D4-FB27-429D-A6EA-9EFF0EE578A2}
    2012-01-10 06:52:20 -------- d-----w- C:\Users\Elliot\AppData\Local\{4AFBC1AB-3F5C-4DE3-9BD2-1A70B7871E93}
    2012-01-08 04:46:39 28672 ----a-w- C:\Windows\SysWow64\AVEQT.dll
    2012-01-08 04:46:39 129024 ----a-w- C:\Windows\SysWow64\AVERM.dll
    2012-01-08 04:46:38 -------- d-----w- C:\Program Files (x86)\Ultra MKV Converter
    2012-01-08 04:16:46 -------- d-----w- C:\Program Files\iPod
    2012-01-08 04:16:45 -------- d-----w- C:\Program Files\iTunes
    2012-01-06 03:09:25 -------- d-----w- C:\Users\Elliot\AppData\Local\{D1819E09-5FD6-45C1-876A-11354F876A86}
    2012-01-06 03:09:14 -------- d-----w- C:\Users\Elliot\AppData\Local\{1676F130-970A-48E8-9689-9B5B7E1CF675}
    2012-01-04 23:09:12 -------- d-----w- C:\Users\Elliot\AppData\Local\{0F108CCC-BE43-4F3F-9FBB-5CCB5BF1106E}
    2012-01-04 23:08:59 -------- d-----w- C:\Users\Elliot\AppData\Local\{4B826CF5-FED7-4A29-A2DD-5EDE8C6278EE}
    2012-01-04 05:12:26 -------- d-----w- C:\Users\Elliot\AppData\Local\{F03A50DD-52C0-4891-8939-E12ABAF9FD0A}
    2012-01-04 05:12:10 -------- d-----w- C:\Users\Elliot\AppData\Local\{87F581B8-69E2-480A-A7C9-EB344499CD91}
    2012-01-03 12:22:49 -------- d-----w- C:\Users\Elliot\AppData\Local\{B60E9068-4931-4F6F-8BFC-0D844F225177}
    2012-01-03 00:22:22 -------- d-----w- C:\Users\Elliot\AppData\Local\{AA7669B1-FCFC-4CA2-B264-E6A5AE9C3797}
    2012-01-03 00:22:08 -------- d-----w- C:\Users\Elliot\AppData\Local\{E7260A23-8E11-4EEC-BA96-98201E33F403}
    2012-01-02 12:21:34 -------- d-----w- C:\Users\Elliot\AppData\Local\{8A02F6E5-EEF9-43CD-B64D-202BC0E33686}
    2012-01-02 00:21:00 -------- d-----w- C:\Users\Elliot\AppData\Local\{51E6446F-1E91-41BF-B9FF-CE56650FE543}
    2012-01-02 00:20:44 -------- d-----w- C:\Users\Elliot\AppData\Local\{9491AB75-C0EC-4589-A52F-3D7ECE689A05}
    2012-01-01 04:36:15 -------- d-----w- C:\Users\Elliot\AppData\Local\{71F8AC65-1412-4DB9-9696-EBE0023B0962}
    2012-01-01 04:36:03 -------- d-----w- C:\Users\Elliot\AppData\Local\{357BF5A0-2B5A-4D17-A410-3063081FCF24}
    2011-12-29 00:13:16 -------- d-----w- C:\Users\Elliot\AppData\Local\{6FACED6F-2F90-4337-8FE3-C16790AD83C4}
    2011-12-27 14:27:56 -------- d-----w- C:\Users\Elliot\AppData\Local\{B6519709-2290-4A0D-88FB-A00D8584E5E2}
    2011-12-27 02:27:31 -------- d-----w- C:\Users\Elliot\AppData\Local\{BD7F99F4-8D44-4F79-817B-D9651C2808E0}
    2011-12-27 02:27:18 -------- d-----w- C:\Users\Elliot\AppData\Local\{BBF59B7B-4229-4727-ADC4-842AF763B3F5}
    2011-12-26 13:14:23 -------- d-----w- C:\Users\Elliot\AppData\Local\{4E55B001-7666-43EC-BF22-4AB700967D8B}
    2011-12-26 13:14:12 -------- d-----w- C:\Users\Elliot\AppData\Local\{D0434FFD-3F32-4F59-A6D8-F0BD7607D028}
    2011-12-26 02:31:20 16200 ----a-w- C:\Windows\stinger.sys
    2011-12-26 01:13:43 -------- d-----w- C:\Users\Elliot\AppData\Local\{AB21B693-3FE3-41A9-964E-41BC0C41AEBE}
    2011-12-26 01:13:26 -------- d-----w- C:\Users\Elliot\AppData\Local\{9A4C6228-9654-4E33-A067-6D87586D2C4D}
    2011-12-25 01:04:53 -------- d-----w- C:\Users\Elliot\AppData\Local\{EEA6EDBE-63C1-4EA7-9B20-CB648BF6A25A}
    2011-12-25 01:04:41 -------- d-----w- C:\Users\Elliot\AppData\Local\{3A57AEF3-2444-4841-B206-E195D9C44C8F}
    2011-12-24 13:04:10 -------- d-----w- C:\Users\Elliot\AppData\Local\{9A497DE1-6101-4780-A878-D7B286EA81DD}
    2011-12-24 13:03:39 -------- d-----w- C:\Users\Elliot\AppData\Local\{7A7D6783-A9B0-4AB7-BD72-9EF380C50213}
    2011-12-24 12:38:14 -------- d-----w- C:\Users\Elliot\AppData\Local\{6A7C2575-BEA4-4C18-88C0-CC69B105101F}
    2011-12-24 00:37:47 -------- d-----w- C:\Users\Elliot\AppData\Local\{94FE5017-3E19-41E8-B37B-197432A4BBB5}
    2011-12-24 00:37:32 -------- d-----w- C:\Users\Elliot\AppData\Local\{8081BAAB-D81F-4D69-AA65-ADACDDE30F44}
    2011-12-23 01:24:18 -------- d-----w- C:\Users\Elliot\AppData\Local\{7EC7428E-9B44-43F8-BD7C-D45F00FAF696}
    2011-12-23 01:23:46 -------- d-----w- C:\Users\Elliot\AppData\Local\{A1B17974-0322-4752-915C-DA8AC3F12F57}
    2011-12-22 13:26:34 -------- d-----w- C:\Users\Elliot\AppData\Local\{963A54D4-27E1-42FA-B616-B43B5FF02F26}
    2011-12-22 12:04:01 -------- d-----w- C:\Users\Elliot\AppData\Roaming\Macrovision
    2011-12-22 01:26:03 -------- d-----w- C:\Users\Elliot\AppData\Local\{61F695ED-2B04-4BCB-A9F6-A8EA176B4352}
    2011-12-22 01:25:30 -------- d-----w- C:\Users\Elliot\AppData\Local\{64420133-859B-4D9B-87EE-B7A0EFBC9EB8}
    2011-12-21 04:59:22 -------- d-----w- C:\Users\Elliot\AppData\Local\{2B3594C0-B7AC-40B0-BFBC-B7DBC7130D98}
    2011-12-21 04:59:08 -------- d-----w- C:\Users\Elliot\AppData\Local\{357B0A25-A8C0-4BCE-B37D-F00849C53BAF}
    2011-12-20 15:24:42 -------- d-----w- C:\Users\Elliot\AppData\Local\{3F77B649-071C-409D-A767-E16EB2F04C17}
    2011-12-20 03:26:36 -------- d-----w- C:\Users\Elliot\AppData\Local\{76DD4E1B-BA96-4194-9C85-42B5420A0388}
    2011-12-19 15:26:08 -------- d-----w- C:\Users\Elliot\AppData\Local\{4A230B68-0FEE-45A2-8A4F-FC30BBDC9D1C}
    2011-12-19 03:25:45 -------- d-----w- C:\Users\Elliot\AppData\Local\{271DAEB1-41E3-4680-9530-92A6A3DB81CC}
    2011-12-18 15:25:21 -------- d-----w- C:\Users\Elliot\AppData\Local\{E58B822E-9BBE-4C77-811C-14A6141E94FF}
    2011-12-18 03:24:47 -------- d-----w- C:\Users\Elliot\AppData\Local\{83D6C388-056D-4D67-B024-06F1EB311234}
    2011-12-18 03:24:35 -------- d-----w- C:\Users\Elliot\AppData\Local\{5FB91B70-7AC9-45C5-B3B4-67E6501BAF07}
    2011-12-15 23:50:42 -------- d-----w- C:\Users\Elliot\AppData\Local\{3452F7C5-E73C-442A-A046-B4021A24BB3F}
    2011-12-15 11:50:17 -------- d-----w- C:\Users\Elliot\AppData\Local\{3044ADD8-2D26-4523-A496-03851B2CC3F3}
    2011-12-15 11:50:06 -------- d-----w- C:\Users\Elliot\AppData\Local\{40EE538B-A84D-4F1A-88C0-E390C2E17B6C}
    .
    ==================== Find3M ====================
    .
    2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    .
    ============= FINISH: 17:29:15.52 ===============
  11. efre2

    efre2 TS Rookie Topic Starter Posts: 20

    Attach.txt


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/02/2011 7:05:21 PM
    System Uptime: 14/01/2012 4:03:12 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0Y2MRG
    Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | CPU 1 | 1598/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 1851 GiB total, 1671.573 GiB free.
    D: is FIXED (NTFS) - 1863 GiB total, 1124.805 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is FIXED (NTFS) - 1397 GiB total, 1139.724 GiB free.
    K: is Removable
    L: is Removable
    Z: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: McAfee Inc. mfewfpk
    Device ID: ROOT\LEGACY_MFEWFPK\0000
    Manufacturer:
    Name: McAfee Inc. mfewfpk
    PNP Device ID: ROOT\LEGACY_MFEWFPK\0000
    Service: mfewfpk
    .
    ==== System Restore Points ===================
    .
    RP129: 14/01/2012 11:14:59 AM - Installed Broadcom NetXtreme-I Netlink Driver and Management Installer.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Acrobat 7.0 Professional
    Adobe Acrobat 7.1.0 Professional
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Illustrator CS2
    Adobe Photoshop CS2
    Adobe Reader 9.1.2
    albumworks
    Apple Application Support
    Apple Software Update
    ATI Catalyst Control Center
    Audacity 1.3.12 (Unicode)
    bitRipper
    CameraHelperMsi
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon MP Navigator EX 2.0
    Canon Utilities Digital Photo Professional 3.8
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities EOS Utility
    Canon Utilities My Printer
    Canon Utilities PhotoStitch
    Canon Utilities Picture Style Editor
    Canon Utilities WFT Utility
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    D3DX10
    Dartos Image Collection
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Getting Started Guide
    Dell MusicStage
    Dell PhotoStage
    Dell Stage
    Dell VideoStage
    DirectX 9 Runtime
    Dropbox
    DVDx 4.0
    eBay
    EndNote X4
    erLT
    Facebook Video Calling 1.0.0.8953
    FlipShare
    GenoPro 2.5.3.9
    Google Calendar Sync
    Google Talk Plugin
    GoToAssist 8.0.0.514
    HandBrake 0.9.5
    High-Definition Video Playback 10
    Inkjet Printer/Scanner Extended Survey Program
    Intel(R) Rapid Storage Technology
    iPhone Explorer 2.100
    Java Auto Updater
    Java(TM) 6 Update 24
    Junk Mail filter update
    LAME v3.98.3 for Audacity
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Magic ISO Maker v5.5 (build 0281)
    Malwarebytes' Anti-Malware version 1.51.2.1300
    McAfee Security Center
    McAfee Virtual Technician
    Mesh Runtime
    Messenger Companion
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox (3.6.24)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multimedia Card Reader
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack Basic
    Nero BackItUp 10 Help (CHM)
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero CoverDesigner 10 Help (CHM)
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Dolby Files 10
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero InfoTool 10
    Nero InfoTool 10 Help (CHM)
    Nero MediaHub 10 Help (CHM)
    Nero Multimedia Suite 10
    Nero Recode 10
    Nero Recode 10 Help (CHM)
    Nero RescueAgent 10 Help (CHM)
    Nero SoundTrax 10 Help (CHM)
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    Nero Vision 10
    Nero Vision 10 Help (CHM)
    Nero WaveEditor 10 Help (CHM)
    PDF Decrypter Pro 3.00
    Photobook Designer
    PhotoShowExpress
    Picasa 3
    QuickTime
    Realtek High Definition Audio Driver
    ResearchSoft Direct Export Helper
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skins
    Skype Toolbars
    Skypeô 4.2
    Sonic CinePlayer Decoder Pack
    THX TruStudio PC
    Ultra MKV Converter 3.2.0610
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VLC media player 1.1.10
    Vuze
    Vuze Remote Toolbar
    WD Anywhere Backup
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    21/01/2012 3:19:19 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    21/01/2012 3:18:50 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    14/01/2012 4:06:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MemeoBackgroundService service to connect.
    14/01/2012 4:06:15 PM, Error: Service Control Manager [7000] - The MemeoBackgroundService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    14/01/2012 4:03:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfewfpk
    14/01/2012 3:58:45 PM, Error: Service Control Manager [7000] - The MemeoBackgroundService service failed to start due to the following error: A device attached to the system is not functioning.
    14/01/2012 3:53:24 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    14/01/2012 3:50:28 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    14/01/2012 3:32:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    14/01/2012 3:21:39 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    14/01/2012 3:21:39 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
    14/01/2012 3:21:39 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    14/01/2012 2:13:32 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
    14/01/2012 2:13:26 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    14/01/2012 2:13:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk mfewfpk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    14/01/2012 2:13:23 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    14/01/2012 12:36:05 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    14/01/2012 12:36:05 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    14/01/2012 12:36:04 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    14/01/2012 12:36:03 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
    14/01/2012 12:30:01 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
    14/01/2012 12:26:22 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    14/01/2012 12:26:04 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    14/01/2012 12:26:04 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    14/01/2012 12:24:32 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
    14/01/2012 1:29:53 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
    12/01/2012 1:32:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    11/01/2012 8:30:00 PM, Error: Service Control Manager [7023] - The McAfee VirusScan Announcer service terminated with the following error: %%-2147467243
    .
    ==== End Of File ===========================
     
  12. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  13. efre2

    efre2 TS Rookie Topic Starter Posts: 20

    It didn't seem to find anything...


    11:21:05.0370 4536 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
    11:21:05.0386 4536 ============================================================
    11:21:05.0386 4536 Current date / time: 2012/01/15 11:21:05.0386
    11:21:05.0386 4536 SystemInfo:
    11:21:05.0386 4536
    11:21:05.0386 4536 OS Version: 6.1.7601 ServicePack: 1.0
    11:21:05.0386 4536 Product type: Workstation
    11:21:05.0386 4536 ComputerName: ELLIOT-PC
    11:21:05.0386 4536 UserName: Elliot
    11:21:05.0386 4536 Windows directory: C:\Windows
    11:21:05.0386 4536 System windows directory: C:\Windows
    11:21:05.0386 4536 Running under WOW64
    11:21:05.0386 4536 Processor architecture: Intel x64
    11:21:05.0386 4536 Number of processors: 8
    11:21:05.0386 4536 Page size: 0x1000
    11:21:05.0386 4536 Boot type: Normal boot
    11:21:05.0386 4536 ============================================================
    11:21:05.0651 4536 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000, SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
    11:21:05.0651 4536 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000, SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
    11:21:05.0651 4536 Drive \Device\Harddisk2\DR15 - Size: 0x15D27100000, SectorSize: 0x200, Cylinders: 0x2C82B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    11:21:05.0651 4536 Drive \Device\Harddisk3\DR16 - Size: 0xEEDA0000, SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    11:21:05.0713 4536 Initialize success
    11:21:06.0634 5680 ============================================================
    11:21:06.0634 5680 Scan started
    11:21:06.0634 5680 Mode: Manual;
    11:21:06.0634 5680 ============================================================
    11:21:07.0133 5680 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    11:21:07.0133 5680 1394ohci - ok
    11:21:07.0180 5680 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    11:21:07.0180 5680 ACPI - ok
    11:21:07.0211 5680 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    11:21:07.0211 5680 AcpiPmi - ok
    11:21:07.0273 5680 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:21:07.0273 5680 adp94xx - ok
    11:21:07.0320 5680 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    11:21:07.0320 5680 adpahci - ok
    11:21:07.0351 5680 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    11:21:07.0351 5680 adpu320 - ok
    11:21:07.0414 5680 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    11:21:07.0414 5680 AFD - ok
    11:21:07.0461 5680 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    11:21:07.0461 5680 agp440 - ok
    11:21:07.0507 5680 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    11:21:07.0507 5680 aliide - ok
    11:21:07.0554 5680 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    11:21:07.0554 5680 amdide - ok
    11:21:07.0570 5680 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    11:21:07.0570 5680 AmdK8 - ok
    11:21:07.0726 5680 amdkmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
    11:21:07.0835 5680 amdkmdag - ok
    11:21:07.0851 5680 amdkmdap (f712c26d40bf3cd2c020bb518e8150b1) C:\Windows\system32\DRIVERS\atikmpag.sys
    11:21:07.0851 5680 amdkmdap - ok
    11:21:07.0866 5680 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    11:21:07.0866 5680 AmdPPM - ok
    11:21:07.0897 5680 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    11:21:07.0913 5680 amdsata - ok
    11:21:07.0929 5680 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:21:07.0929 5680 amdsbs - ok
    11:21:07.0960 5680 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    11:21:07.0960 5680 amdxata - ok
    11:21:08.0007 5680 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    11:21:08.0007 5680 AppID - ok
    11:21:08.0069 5680 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    11:21:08.0069 5680 arc - ok
    11:21:08.0100 5680 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    11:21:08.0100 5680 arcsas - ok
    11:21:08.0131 5680 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:21:08.0131 5680 AsyncMac - ok
    11:21:08.0178 5680 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    11:21:08.0178 5680 atapi - ok
    11:21:08.0194 5680 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
    11:21:08.0194 5680 AtiHdmiService - ok
    11:21:08.0241 5680 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    11:21:08.0256 5680 b06bdrv - ok
    11:21:08.0287 5680 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:21:08.0287 5680 b57nd60a - ok
    11:21:08.0319 5680 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    11:21:08.0319 5680 Beep - ok
    11:21:08.0397 5680 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:21:08.0397 5680 blbdrive - ok
    11:21:08.0459 5680 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    11:21:08.0459 5680 bowser - ok
    11:21:08.0490 5680 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:21:08.0506 5680 BrFiltLo - ok
    11:21:08.0506 5680 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:21:08.0506 5680 BrFiltUp - ok
    11:21:08.0537 5680 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    11:21:08.0537 5680 BridgeMP - ok
    11:21:08.0568 5680 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    11:21:08.0568 5680 Brserid - ok
    11:21:08.0584 5680 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    11:21:08.0584 5680 BrSerWdm - ok
    11:21:08.0615 5680 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:21:08.0615 5680 BrUsbMdm - ok
    11:21:08.0646 5680 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    11:21:08.0646 5680 BrUsbSer - ok
    11:21:08.0662 5680 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    11:21:08.0662 5680 BTHMODEM - ok
    11:21:08.0693 5680 catchme - ok
    11:21:08.0724 5680 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    11:21:08.0724 5680 cdfs - ok
    11:21:08.0755 5680 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    11:21:08.0755 5680 cdrom - ok
    11:21:08.0787 5680 cfwids (e8ddaaf635a4ea6f24927544e97c6de8) C:\Windows\system32\drivers\cfwids.sys
    11:21:08.0787 5680 cfwids - ok
    11:21:08.0818 5680 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    11:21:08.0818 5680 circlass - ok
    11:21:08.0865 5680 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    11:21:08.0865 5680 CLFS - ok
    11:21:08.0880 5680 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    11:21:08.0896 5680 CmBatt - ok
    11:21:08.0927 5680 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    11:21:08.0927 5680 cmdide - ok
    11:21:08.0974 5680 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    11:21:08.0974 5680 CNG - ok
    11:21:08.0989 5680 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    11:21:08.0989 5680 Compbatt - ok
    11:21:09.0036 5680 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    11:21:09.0036 5680 CompositeBus - ok
    11:21:09.0067 5680 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    11:21:09.0067 5680 crcdisk - ok
    11:21:09.0099 5680 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    11:21:09.0099 5680 DfsC - ok
    11:21:09.0130 5680 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    11:21:09.0130 5680 discache - ok
    11:21:09.0145 5680 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    11:21:09.0145 5680 Disk - ok
    11:21:09.0192 5680 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    11:21:09.0192 5680 drmkaud - ok
    11:21:09.0239 5680 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    11:21:09.0255 5680 DXGKrnl - ok
    11:21:09.0317 5680 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    11:21:09.0379 5680 ebdrv - ok
    11:21:09.0411 5680 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    11:21:09.0426 5680 elxstor - ok
    11:21:09.0457 5680 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    11:21:09.0457 5680 ErrDev - ok
    11:21:09.0473 5680 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    11:21:09.0489 5680 exfat - ok
    11:21:09.0489 5680 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    11:21:09.0504 5680 fastfat - ok
    11:21:09.0504 5680 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    11:21:09.0504 5680 fdc - ok
    11:21:09.0520 5680 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    11:21:09.0535 5680 FileInfo - ok
    11:21:09.0535 5680 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    11:21:09.0535 5680 Filetrace - ok
    11:21:09.0567 5680 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    11:21:09.0567 5680 flpydisk - ok
    11:21:09.0598 5680 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    11:21:09.0598 5680 FltMgr - ok
    11:21:09.0613 5680 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    11:21:09.0613 5680 FsDepends - ok
    11:21:09.0629 5680 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    11:21:09.0629 5680 Fs_Rec - ok
    11:21:09.0660 5680 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    11:21:09.0676 5680 fvevol - ok
    11:21:09.0676 5680 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:21:09.0676 5680 gagp30kx - ok
    11:21:09.0723 5680 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    11:21:09.0723 5680 GEARAspiWDM - ok
    11:21:09.0738 5680 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    11:21:09.0754 5680 hcw85cir - ok
    11:21:09.0785 5680 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    11:21:09.0785 5680 HDAudBus - ok
    11:21:09.0801 5680 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    11:21:09.0801 5680 HidBatt - ok
    11:21:09.0816 5680 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    11:21:09.0816 5680 HidBth - ok
    11:21:09.0832 5680 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    11:21:09.0832 5680 HidIr - ok
    11:21:09.0863 5680 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    11:21:09.0863 5680 HidUsb - ok
    11:21:09.0910 5680 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    11:21:09.0910 5680 HpSAMD - ok
    11:21:09.0957 5680 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    11:21:09.0957 5680 HTTP - ok
    11:21:10.0003 5680 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    11:21:10.0003 5680 hwpolicy - ok
    11:21:10.0035 5680 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    11:21:10.0035 5680 i8042prt - ok
    11:21:10.0066 5680 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
    11:21:10.0066 5680 iaStor - ok
    11:21:10.0113 5680 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    11:21:10.0113 5680 iaStorV - ok
    11:21:10.0128 5680 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    11:21:10.0128 5680 iirsp - ok
    11:21:10.0159 5680 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    11:21:10.0159 5680 Impcd - ok
    11:21:10.0206 5680 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
    11:21:10.0253 5680 IntcAzAudAddService - ok
    11:21:10.0269 5680 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    11:21:10.0269 5680 IntcDAud - ok
    11:21:10.0315 5680 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    11:21:10.0315 5680 intelide - ok
    11:21:10.0331 5680 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    11:21:10.0331 5680 intelppm - ok
    11:21:10.0378 5680 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:21:10.0378 5680 IpFilterDriver - ok
    11:21:10.0409 5680 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    11:21:10.0409 5680 IPMIDRV - ok
    11:21:10.0425 5680 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    11:21:10.0440 5680 IPNAT - ok
    11:21:10.0471 5680 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    11:21:10.0471 5680 IRENUM - ok
    11:21:10.0503 5680 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    11:21:10.0503 5680 isapnp - ok
    11:21:10.0534 5680 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    11:21:10.0534 5680 iScsiPrt - ok
    11:21:10.0549 5680 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
    11:21:10.0565 5680 k57nd60a - ok
    11:21:10.0596 5680 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    11:21:10.0612 5680 kbdclass - ok
    11:21:10.0643 5680 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    11:21:10.0643 5680 kbdhid - ok
    11:21:10.0674 5680 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    11:21:10.0690 5680 KSecDD - ok
    11:21:10.0705 5680 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    11:21:10.0705 5680 KSecPkg - ok
    11:21:10.0705 5680 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    11:21:10.0721 5680 ksthunk - ok
    11:21:10.0752 5680 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    11:21:10.0752 5680 lltdio - ok
    11:21:10.0783 5680 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:21:10.0783 5680 LSI_FC - ok
    11:21:10.0799 5680 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:21:10.0799 5680 LSI_SAS - ok
    11:21:10.0815 5680 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:21:10.0815 5680 LSI_SAS2 - ok
    11:21:10.0830 5680 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:21:10.0830 5680 LSI_SCSI - ok
    11:21:10.0830 5680 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    11:21:10.0846 5680 luafv - ok
    11:21:10.0877 5680 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
    11:21:10.0893 5680 LVRS64 - ok
    11:21:11.0017 5680 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
    11:21:11.0095 5680 LVUVC64 - ok
    11:21:11.0142 5680 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    11:21:11.0142 5680 megasas - ok
    11:21:11.0158 5680 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    11:21:11.0173 5680 MegaSR - ok
    11:21:11.0189 5680 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
    11:21:11.0189 5680 MEIx64 - ok
    11:21:11.0220 5680 mfeapfk (fb752feb1ed4e660ff51712892905c04) C:\Windows\system32\drivers\mfeapfk.sys
    11:21:11.0220 5680 mfeapfk - ok
    11:21:11.0251 5680 mfeavfk (3257cf681999a47d8c552dfbbeb7844e) C:\Windows\system32\drivers\mfeavfk.sys
    11:21:11.0251 5680 mfeavfk - ok
    11:21:11.0267 5680 mfeavfk01 - ok
    11:21:11.0298 5680 mfefirek (00016d7ed29a95d6f7e7b6a3f591fd2d) C:\Windows\system32\drivers\mfefirek.sys
    11:21:11.0298 5680 mfefirek - ok
    11:21:11.0314 5680 mfehidk (39030c98198f02a2f3a1c3166bf56253) C:\Windows\system32\drivers\mfehidk.sys
    11:21:11.0329 5680 mfehidk - ok
    11:21:11.0345 5680 mfenlfk (217fa02439de74844b6a39aebeed24e1) C:\Windows\system32\DRIVERS\mfenlfk.sys
    11:21:11.0345 5680 mfenlfk - ok
    11:21:11.0361 5680 mferkdet (8474e6ee0b5eab108cf005c6c4956e75) C:\Windows\system32\drivers\mferkdet.sys
    11:21:11.0361 5680 mferkdet - ok
    11:21:11.0361 5680 mfewfpk - ok
    11:21:11.0407 5680 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    11:21:11.0407 5680 Modem - ok
    11:21:11.0439 5680 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    11:21:11.0439 5680 monitor - ok
    11:21:11.0485 5680 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    11:21:11.0485 5680 mouclass - ok
    11:21:11.0501 5680 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    11:21:11.0501 5680 mouhid - ok
    11:21:11.0532 5680 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    11:21:11.0532 5680 mountmgr - ok
    11:21:11.0579 5680 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    11:21:11.0579 5680 mpio - ok
    11:21:11.0595 5680 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    11:21:11.0595 5680 mpsdrv - ok
    11:21:11.0657 5680 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    11:21:11.0657 5680 MRxDAV - ok
    11:21:11.0704 5680 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:21:11.0704 5680 mrxsmb - ok
    11:21:11.0735 5680 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:21:11.0735 5680 mrxsmb10 - ok
    11:21:11.0766 5680 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:21:11.0766 5680 mrxsmb20 - ok
    11:21:11.0797 5680 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    11:21:11.0797 5680 msahci - ok
    11:21:11.0813 5680 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    11:21:11.0829 5680 msdsm - ok
    11:21:11.0844 5680 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    11:21:11.0844 5680 Msfs - ok
    11:21:11.0860 5680 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    11:21:11.0860 5680 mshidkmdf - ok
    11:21:11.0891 5680 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    11:21:11.0891 5680 msisadrv - ok
    11:21:11.0922 5680 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    11:21:11.0938 5680 MSKSSRV - ok
    11:21:11.0938 5680 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    11:21:11.0953 5680 MSPCLOCK - ok
    11:21:11.0969 5680 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    11:21:11.0969 5680 MSPQM - ok
    11:21:12.0016 5680 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    11:21:12.0016 5680 MsRPC - ok
    11:21:12.0047 5680 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    11:21:12.0047 5680 mssmbios - ok
    11:21:12.0078 5680 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    11:21:12.0078 5680 MSTEE - ok
    11:21:12.0078 5680 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    11:21:12.0078 5680 MTConfig - ok
    11:21:12.0094 5680 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    11:21:12.0109 5680 Mup - ok
    11:21:12.0125 5680 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    11:21:12.0125 5680 NativeWifiP - ok
    11:21:12.0187 5680 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    11:21:12.0203 5680 NDIS - ok
    11:21:12.0265 5680 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    11:21:12.0265 5680 NdisCap - ok
    11:21:12.0281 5680 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    11:21:12.0281 5680 NdisTapi - ok
    11:21:12.0312 5680 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    11:21:12.0312 5680 Ndisuio - ok
    11:21:12.0359 5680 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    11:21:12.0359 5680 NdisWan - ok
    11:21:12.0406 5680 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    11:21:12.0406 5680 NDProxy - ok
    11:21:12.0453 5680 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys
    11:21:12.0453 5680 Netaapl - ok
    11:21:12.0468 5680 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    11:21:12.0468 5680 NetBIOS - ok
    11:21:12.0484 5680 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    11:21:12.0484 5680 NetBT - ok
    11:21:12.0531 5680 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    11:21:12.0531 5680 nfrd960 - ok
    11:21:12.0562 5680 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    11:21:12.0577 5680 Npfs - ok
    11:21:12.0577 5680 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    11:21:12.0593 5680 nsiproxy - ok
    11:21:12.0640 5680 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    11:21:12.0671 5680 Ntfs - ok
    11:21:12.0687 5680 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    11:21:12.0702 5680 Null - ok
    11:21:12.0733 5680 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    11:21:12.0733 5680 nvraid - ok
    11:21:12.0780 5680 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    11:21:12.0780 5680 nvstor - ok
    11:21:12.0827 5680 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    11:21:12.0827 5680 nv_agp - ok
    11:21:12.0889 5680 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    11:21:12.0889 5680 ohci1394 - ok
    11:21:12.0905 5680 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    11:21:12.0905 5680 Parport - ok
    11:21:12.0936 5680 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    11:21:12.0952 5680 partmgr - ok
    11:21:12.0999 5680 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
    11:21:13.0014 5680 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
    11:21:13.0045 5680 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    11:21:13.0045 5680 pci - ok
    11:21:13.0077 5680 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    11:21:13.0092 5680 pciide - ok
    11:21:13.0108 5680 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    11:21:13.0108 5680 pcmcia - ok
    11:21:13.0123 5680 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    11:21:13.0123 5680 pcw - ok
    11:21:13.0155 5680 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    11:21:13.0170 5680 PEAUTH - ok
    11:21:13.0217 5680 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    11:21:13.0217 5680 PptpMiniport - ok
    11:21:13.0233 5680 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    11:21:13.0233 5680 Processor - ok
    11:21:13.0279 5680 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    11:21:13.0279 5680 Psched - ok
    11:21:13.0311 5680 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
    11:21:13.0326 5680 PxHlpa64 - ok
    11:21:13.0357 5680 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    11:21:13.0389 5680 ql2300 - ok
    11:21:13.0404 5680 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    11:21:13.0404 5680 ql40xx - ok
    11:21:13.0420 5680 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    11:21:13.0420 5680 QWAVEdrv - ok
    11:21:13.0420 5680 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    11:21:13.0420 5680 RasAcd - ok
    11:21:13.0451 5680 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:21:13.0451 5680 RasAgileVpn - ok
    11:21:13.0482 5680 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:21:13.0498 5680 Rasl2tp - ok
    11:21:13.0513 5680 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    11:21:13.0513 5680 RasPppoe - ok
    11:21:13.0529 5680 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    11:21:13.0529 5680 RasSstp - ok
    11:21:13.0576 5680 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    11:21:13.0576 5680 rdbss - ok
    11:21:13.0591 5680 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    11:21:13.0591 5680 rdpbus - ok
    11:21:13.0591 5680 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:21:13.0591 5680 RDPCDD - ok
    11:21:13.0623 5680 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    11:21:13.0623 5680 RDPENCDD - ok
    11:21:13.0638 5680 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    11:21:13.0638 5680 RDPREFMP - ok
    11:21:13.0669 5680 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    11:21:13.0669 5680 RDPWD - ok
    11:21:13.0716 5680 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    11:21:13.0716 5680 rdyboost - ok
    11:21:13.0747 5680 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    11:21:13.0747 5680 rspndr - ok
    11:21:13.0779 5680 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    11:21:13.0794 5680 sbp2port - ok
    11:21:13.0841 5680 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    11:21:13.0841 5680 scfilter - ok
    11:21:13.0872 5680 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    11:21:13.0872 5680 secdrv - ok
    11:21:13.0888 5680 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    11:21:13.0888 5680 Serenum - ok
    11:21:13.0903 5680 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    11:21:13.0903 5680 Serial - ok
    11:21:13.0935 5680 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    11:21:13.0950 5680 sermouse - ok
    11:21:13.0981 5680 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    11:21:13.0997 5680 sffdisk - ok
    11:21:14.0013 5680 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    11:21:14.0013 5680 sffp_mmc - ok
    11:21:14.0028 5680 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    11:21:14.0028 5680 sffp_sd - ok
    11:21:14.0028 5680 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    11:21:14.0044 5680 sfloppy - ok
    11:21:14.0059 5680 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:21:14.0075 5680 SiSRaid2 - ok
    11:21:14.0075 5680 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    11:21:14.0091 5680 SiSRaid4 - ok
    11:21:14.0106 5680 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    11:21:14.0106 5680 Smb - ok
    11:21:14.0122 5680 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    11:21:14.0137 5680 spldr - ok
    11:21:14.0184 5680 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    11:21:14.0200 5680 srv - ok
    11:21:14.0231 5680 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    11:21:14.0247 5680 srv2 - ok
    11:21:14.0278 5680 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    11:21:14.0278 5680 srvnet - ok
    11:21:14.0309 5680 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    11:21:14.0309 5680 stexstor - ok
    11:21:14.0356 5680 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    11:21:14.0356 5680 swenum - ok
    11:21:14.0434 5680 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    11:21:14.0465 5680 Tcpip - ok
    11:21:14.0496 5680 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    11:21:14.0512 5680 TCPIP6 - ok
    11:21:14.0543 5680 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    11:21:14.0543 5680 tcpipreg - ok
    11:21:14.0574 5680 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    11:21:14.0574 5680 TDPIPE - ok
    11:21:14.0590 5680 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    11:21:14.0590 5680 TDTCP - ok
    11:21:14.0621 5680 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    11:21:14.0637 5680 tdx - ok
    11:21:14.0652 5680 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    11:21:14.0652 5680 TermDD - ok
    11:21:14.0715 5680 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:21:14.0715 5680 tssecsrv - ok
    11:21:14.0761 5680 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    11:21:14.0761 5680 TsUsbFlt - ok
    11:21:14.0824 5680 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    11:21:14.0824 5680 tunnel - ok
    11:21:14.0871 5680 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    11:21:14.0871 5680 uagp35 - ok
    11:21:14.0917 5680 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    11:21:14.0917 5680 udfs - ok
    11:21:14.0964 5680 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    11:21:14.0980 5680 uliagpkx - ok
    11:21:15.0011 5680 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    11:21:15.0011 5680 umbus - ok
    11:21:15.0042 5680 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    11:21:15.0042 5680 UmPass - ok
    11:21:15.0089 5680 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    11:21:15.0105 5680 USBAAPL64 - ok
    11:21:15.0136 5680 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    11:21:15.0151 5680 usbaudio - ok
    11:21:15.0183 5680 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    11:21:15.0183 5680 usbccgp - ok
    11:21:15.0214 5680 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    11:21:15.0214 5680 usbcir - ok
    11:21:15.0245 5680 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    11:21:15.0245 5680 usbehci - ok
    11:21:15.0276 5680 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    11:21:15.0276 5680 usbhub - ok
    11:21:15.0307 5680 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    11:21:15.0307 5680 usbohci - ok
    11:21:15.0323 5680 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    11:21:15.0339 5680 usbprint - ok
    11:21:15.0370 5680 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    11:21:15.0370 5680 usbscan - ok
    11:21:15.0401 5680 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:21:15.0417 5680 USBSTOR - ok
    11:21:15.0432 5680 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    11:21:15.0432 5680 usbuhci - ok
    11:21:15.0463 5680 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    11:21:15.0463 5680 vdrvroot - ok
    11:21:15.0479 5680 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    11:21:15.0479 5680 vga - ok
    11:21:15.0495 5680 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    11:21:15.0495 5680 VgaSave - ok
    11:21:15.0526 5680 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    11:21:15.0541 5680 vhdmp - ok
    11:21:15.0573 5680 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    11:21:15.0573 5680 viaide - ok
    11:21:15.0588 5680 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    11:21:15.0604 5680 volmgr - ok
    11:21:15.0635 5680 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    11:21:15.0651 5680 volmgrx - ok
    11:21:15.0651 5680 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    11:21:15.0666 5680 volsnap - ok
    11:21:15.0682 5680 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    11:21:15.0697 5680 vsmraid - ok
    11:21:15.0713 5680 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    11:21:15.0713 5680 vwifibus - ok
    11:21:15.0729 5680 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    11:21:15.0729 5680 WacomPen - ok
    11:21:15.0744 5680 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:21:15.0744 5680 WANARP - ok
    11:21:15.0744 5680 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:21:15.0760 5680 Wanarpv6 - ok
    11:21:15.0775 5680 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    11:21:15.0775 5680 Wd - ok
    11:21:15.0807 5680 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    11:21:15.0807 5680 WDC_SAM - ok
    11:21:15.0822 5680 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    11:21:15.0838 5680 Wdf01000 - ok
    11:21:15.0885 5680 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    11:21:15.0885 5680 WfpLwf - ok
    11:21:15.0916 5680 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    11:21:15.0916 5680 WimFltr - ok
    11:21:15.0931 5680 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    11:21:15.0931 5680 WIMMount - ok
    11:21:15.0931 5680 WinFLdrv - ok
    11:21:16.0041 5680 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    11:21:16.0041 5680 WinUsb - ok
    11:21:16.0087 5680 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    11:21:16.0087 5680 WmiAcpi - ok
    11:21:16.0134 5680 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    11:21:16.0134 5680 ws2ifsl - ok
    11:21:16.0197 5680 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    11:21:16.0212 5680 WudfPf - ok
    11:21:16.0228 5680 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:21:16.0228 5680 WUDFRd - ok
    11:21:16.0259 5680 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    11:21:16.0353 5680 \Device\Harddisk0\DR0 - ok
    11:21:16.0353 5680 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    11:21:16.0384 5680 \Device\Harddisk1\DR1 - ok
    11:21:16.0384 5680 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR15
    11:21:16.0384 5680 \Device\Harddisk2\DR15 - ok
    11:21:16.0399 5680 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR16
    11:21:16.0399 5680 \Device\Harddisk3\DR16 - ok
    11:21:16.0399 5680 Boot (0x1200) (2f41c825225518397578e67c9e2efb7e) \Device\Harddisk0\DR0\Partition0
    11:21:16.0399 5680 \Device\Harddisk0\DR0\Partition0 - ok
    11:21:16.0431 5680 Boot (0x1200) (638e758ce9fa4bccb3b2ac4f7788984c) \Device\Harddisk0\DR0\Partition1
    11:21:16.0431 5680 \Device\Harddisk0\DR0\Partition1 - ok
    11:21:16.0431 5680 Boot (0x1200) (7e73b43742153296325de3e9948c8fa6) \Device\Harddisk1\DR1\Partition0
    11:21:16.0431 5680 \Device\Harddisk1\DR1\Partition0 - ok
    11:21:16.0431 5680 Boot (0x1200) (9b5ce993eb309d3b72a0bfedbf25d666) \Device\Harddisk2\DR15\Partition0
    11:21:16.0431 5680 \Device\Harddisk2\DR15\Partition0 - ok
    11:21:16.0431 5680 Boot (0x1200) (3fca86ade1074b71e301a94d41b7f34d) \Device\Harddisk3\DR16\Partition0
    11:21:16.0431 5680 \Device\Harddisk3\DR16\Partition0 - ok
    11:21:16.0431 5680 ============================================================
    11:21:16.0431 5680 Scan finished
    11:21:16.0431 5680 ============================================================
    11:21:16.0446 7360 Detected object count: 0
    11:21:16.0446 7360 Actual detected object count: 0
  14. efre2

    efre2 TS Rookie Topic Starter Posts: 20

    I probably should have mentioned earlier... before I sought your help I had noticed that my bfe.reg and firewall.reg files were missing and readded them to my computer with the help of other forums. Not sure if that changes anything..?
  15. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    You rather not, but what's done is done.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  16. efre2

    efre2 TS Rookie Topic Starter Posts: 20

    I had trouble again updating aswMBR because of no internet...

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-15 11:47:25
    -----------------------------
    11:47:25.048 OS Version: Windows x64 6.1.7601 Service Pack 1
    11:47:25.048 Number of processors: 8 586 0x2A07
    11:47:25.048 ComputerName: ELLIOT-PC UserName: Elliot
    11:47:30.071 Initialize success
    11:47:59.598 AVAST engine download error: 0
    11:48:08.334 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    11:48:08.334 Disk 0 Vendor: ST320006 CC43 Size: 1907729MB BusType: 3
    11:48:08.334 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
    11:48:08.334 Disk 1 Vendor: WDC_WD20 51.0 Size: 1907729MB BusType: 3
    11:48:08.350 Disk 0 MBR read successfully
    11:48:08.350 Disk 0 MBR scan
    11:48:08.350 Disk 0 Windows 7 default MBR code
    11:48:08.350 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 133 MB offset 63
    11:48:08.350 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12542 MB offset 274432
    11:48:08.365 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1895052 MB offset 25960448
    11:48:08.365 Service scanning
    11:48:09.348 Modules scanning
    11:48:09.348 Disk 0 trace - called modules:
    11:48:09.348 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    11:48:09.348 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80093ef060]
    11:48:09.364 3 CLASSPNP.SYS[fffff88001bab43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007481050]
    11:48:09.364 Scan finished successfully
    11:48:19.956 Disk 0 MBR has been saved successfully to "C:\Users\Elliot\Desktop\MBR.dat"
    11:48:19.956 The log file has been saved successfully to "C:\Users\Elliot\Desktop\aswMBR.txt"
    11:48:27.518 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
    11:48:27.518 The log file has been saved successfully to "F:\aswMBR.txt"

    =======================================

    rootkit


    CreateFile() ERROR 32
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`18400000

    Size Device Name MBR Status
    --------------------------------------------
    1863 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  17. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
  18. efre2

    efre2 TS Rookie Topic Starter Posts: 20

    ListParts by Farbar
    Ran by Elliot on 15-01-2012 at 14:38:26
    Windows 7 (X64)
    Running From: C:\Users\Elliot\Desktop
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 35%
    Total physical RAM: 8174.45 MB
    Available physical RAM: 5254.19 MB
    Total Pagefile: 16347.09 MB
    Available Pagefile: 11392.15 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:1850.64 GB) (Free:1669.2 GB) NTFS
    2 Drive d: (Data) (Fixed) (Total:1863.01 GB) (Free:1124.81 GB) NTFS
    4 Drive f: (POCKET) (Removable) (Total:3.72 GB) (Free:1.22 GB) FAT32
    8 Drive j: (My Book) (Fixed) (Total:1396.61 GB) (Free:1137.91 GB) NTFS
    11 Drive z: (WD SmartWare) (CDROM) (Total:0.65 GB) (Free:0 GB) UDF

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 1863 GB 0 B
    Disk 1 Online 1863 GB 0 B
    Disk 2 Online 1396 GB 0 B
    Disk 3 Online 3821 MB 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 No Media 0 B 0 B
    Disk 7 No Media 0 B 0 B
    Disk 8 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 133 MB 31 KB
    Partition 2 Primary 12 GB 134 MB
    Partition 3 Primary 1850 GB 12 GB

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 RECOVERY NTFS Partition 12 GB Healthy System (partition with boot components)

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C OS NTFS Partition 1850 GB Healthy Boot

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1863 GB 1024 KB

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D Data NTFS Partition 1863 GB Healthy

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1396 GB 1024 KB

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 J My Book NTFS Partition 1396 GB Healthy

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3817 MB 4032 KB

    Disk: 3
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 F POCKET FAT32 Removable 3817 MB Healthy



    ****** End Of Log ******
  19. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
  20. efre2

    efre2 TS Rookie Topic Starter Posts: 20

    "No infections were found"

    I'm not imagining there's a problem am I? :)
  21. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    No, there is an infection but I must go step by step.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  22. efre2

    efre2 TS Rookie Topic Starter Posts: 20

    ComboFix 12-01-13.05 - Elliot 15/01/2012 15:20:18.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8174.6362 [GMT 11:00]
    Running from: c:\users\Elliot\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\dmwkcaa.tmp
    c:\programdata\kndhcaa.tmp
    c:\programdata\lndhcaa.tmp
    c:\programdata\mndhcaa.tmp
    c:\programdata\nndhcaa.tmp
    c:\programdata\ondhcaa.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-15 to 2012-01-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-15 04:29 . 2012-01-15 04:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-15 04:29 . 2012-01-15 04:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-01-14 04:27 . 2011-08-31 06:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-14 02:10 . 2012-01-14 02:16 -------- d-----w- c:\users\Elliot\AppData\Roaming\Ybews
    2012-01-14 02:10 . 2012-01-14 02:14 -------- d-----w- c:\users\Elliot\AppData\Roaming\Okm
    2012-01-14 00:43 . 2012-01-14 00:43 -------- d-----w- c:\users\Elliot\AppData\Roaming\BACS.exe
    2012-01-14 00:16 . 2012-01-14 00:16 -------- d-----w- c:\program files\Broadcom
    2012-01-14 00:15 . 2012-01-14 00:15 -------- d-----w- c:\windows\Dell
    2012-01-14 00:14 . 2012-01-14 00:14 -------- d-----w- c:\users\Elliot\AppData\Local\Downloaded Installations
    2012-01-13 08:45 . 2012-01-13 08:45 -------- d-----w- c:\users\Elliot\AppData\Roaming\Malwarebytes
    2012-01-13 08:45 . 2012-01-13 08:45 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-13 08:45 . 2012-01-14 05:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-01-11 09:36 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
    2012-01-11 09:36 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-11 09:36 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-01-11 09:36 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
    2012-01-11 09:36 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 09:36 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-01-11 09:36 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 09:36 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-01-08 04:46 . 2007-04-12 03:19 129024 ----a-w- c:\windows\SysWow64\AVERM.dll
    2012-01-08 04:46 . 2006-09-26 02:57 28672 ----a-w- c:\windows\SysWow64\AVEQT.dll
    2012-01-08 04:46 . 2012-01-08 04:47 -------- d-----w- c:\program files (x86)\Ultra MKV Converter
    2012-01-08 04:16 . 2012-01-08 04:16 -------- d-----w- c:\program files\iPod
    2012-01-08 04:16 . 2012-01-08 04:17 -------- d-----w- c:\program files\iTunes
    2011-12-26 02:31 . 2011-12-26 02:31 16200 ----a-w- c:\windows\stinger.sys
    2011-12-22 12:04 . 2011-12-22 12:04 -------- d-----w- c:\users\Elliot\AppData\Roaming\Macrovision
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-24 04:52 . 2011-12-14 03:46 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-11-13 07:22 . 2011-11-13 07:22 53248 ----a-r- c:\users\Elliot\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-11-05 05:32 . 2011-12-14 03:46 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 04:26 . 2011-12-14 03:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-11-04 01:53 . 2011-12-14 16:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-04 01:44 . 2011-12-14 16:01 1390080 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 01:44 . 2011-12-14 16:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 01:34 . 2011-12-14 16:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-11-03 22:47 . 2011-12-14 16:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-11-03 22:40 . 2011-12-14 16:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39 . 2011-12-14 16:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-11-03 22:31 . 2011-12-14 16:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-10-26 05:21 . 2011-12-14 03:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-11-20 . 9D95E71C8BC028DFFDEBC71207C31396 . 858112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-14_04.54.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-01-14 01:41 . 2012-01-15 04:14 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    + 2012-01-13 08:45 . 2012-01-15 04:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2012-01-13 08:45 . 2012-01-14 02:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-01-15 00:43 . 2012-01-15 04:14 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012011520120116\index.dat
    + 2012-01-14 01:41 . 2012-01-14 07:59 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012011420120115\index.dat
    - 2012-01-14 01:41 . 2012-01-14 03:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012011420120115\index.dat
    + 2012-01-15 04:14 . 2012-01-15 04:15 23552 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B78F81B-3F2F-11E1-9500-782BCBA03CB4}.dat
    + 2012-01-15 04:14 . 2012-01-15 04:14 39936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{64358796-3F2F-11E1-9500-782BCBA03CB4}.dat
    + 2012-01-15 04:14 . 2012-01-15 04:15 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{609C530C-3F2F-11E1-9500-782BCBA03CB4}.dat
    - 2012-01-13 08:46 . 2012-01-14 03:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-01-13 08:46 . 2012-01-15 04:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-01-14 05:20 . 2012-01-14 05:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
    + 2011-01-31 11:59 . 2012-01-15 04:18 52534 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-01-15 04:18 31582 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-02-10 09:18 . 2012-01-15 04:18 15408 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2497366735-1331177007-3287805736-1000_UserData.bin
    + 2011-02-10 06:01 . 2012-01-15 04:22 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-10 06:01 . 2012-01-14 04:52 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-10 06:01 . 2012-01-14 04:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-02-10 06:01 . 2012-01-15 04:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-01-15 04:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-01-14 04:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-01-15 01:19 . 2012-01-15 01:19 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FB54F19F-3F16-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 00:43 . 2012-01-15 00:43 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F364A22E-3F11-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 05:23 . 2012-01-14 05:23 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E5EF2875-3E6F-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 05:15 . 2012-01-14 05:20 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C7798877-3E6E-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 03:19 . 2012-01-15 03:19 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BE9008F3-3F27-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 02:43 . 2012-01-15 02:43 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B5FFA120-3F22-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 07:59 . 2012-01-14 07:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B19B1239-3E85-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 07:59 . 2012-01-14 07:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B0A845DD-3E85-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 02:07 . 2012-01-15 02:07 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AE9B26AF-3F1D-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 03:47 . 2012-01-15 03:47 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A6DA46C0-3F2B-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 02:35 . 2012-01-15 02:35 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{988EDE85-3F21-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 01:59 . 2012-01-15 01:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{907C9FA0-3F1C-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 04:15 . 2012-01-15 04:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7E9C15CD-3F2F-11E1-9500-782BCBA03CB4}.dat
    + 2012-01-15 04:14 . 2012-01-15 04:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7B78F81A-3F2F-11E1-9500-782BCBA03CB4}.dat
    + 2012-01-15 01:15 . 2012-01-15 01:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6B697ECD-3F16-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 04:14 . 2012-01-15 04:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{64358795-3F2F-11E1-9500-782BCBA03CB4}.dat
    + 2012-01-15 04:14 . 2012-01-15 04:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{609C530B-3F2F-11E1-9500-782BCBA03CB4}.dat
    + 2012-01-15 04:14 . 2012-01-15 04:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5D77C1ED-3F2F-11E1-9500-782BCBA03CB4}.dat
    + 2012-01-15 03:23 . 2012-01-15 03:23 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4C89FC2B-3F28-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 03:51 . 2012-01-15 03:51 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{35CE2A75-3F2C-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 07:55 . 2012-01-14 07:55 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{21578C7D-3E85-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 01:27 . 2012-01-15 01:27 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1893B754-3F18-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 06:43 . 2012-01-14 06:43 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{136995F2-3E7B-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 00:51 . 2012-01-15 00:51 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{11509027-3F13-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 02:31 . 2012-01-15 02:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{092FDCE4-3F21-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 07:47 . 2012-01-14 07:47 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{037BABF5-3E84-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 01:19 . 2012-01-15 01:20 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FB54F1A0-3F16-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 00:43 . 2012-01-15 00:44 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F364A22F-3F11-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 05:23 . 2012-01-14 05:24 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E5EF2876-3E6F-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 05:15 . 2012-01-14 05:16 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C7798878-3E6E-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 03:19 . 2012-01-15 03:20 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BE9008F4-3F27-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 02:43 . 2012-01-15 02:44 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B5FFA121-3F22-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 07:59 . 2012-01-14 08:00 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B19B123A-3E85-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 07:59 . 2012-01-14 08:00 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0A845DE-3E85-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 02:07 . 2012-01-15 02:08 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE9B26B0-3F1D-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 03:47 . 2012-01-15 03:48 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A6DA46C1-3F2B-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 02:35 . 2012-01-15 02:36 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{988EDE86-3F21-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 01:59 . 2012-01-15 02:00 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{907C9FA1-3F1C-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 04:15 . 2012-01-15 04:15 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{81445C5F-3F2F-11E1-9500-782BCBA03CB4}.dat
    + 2012-01-15 04:15 . 2012-01-15 04:15 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7E9C15CE-3F2F-11E1-9500-782BCBA03CB4}.dat
    + 2012-01-15 04:14 . 2012-01-15 04:14 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6E5AC67A-3F2F-11E1-9500-782BCBA03CB4}.dat
    + 2012-01-15 01:15 . 2012-01-15 01:16 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6B697ECE-3F16-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 05:20 . 2012-01-14 05:20 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{67E8872B-3E6F-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 04:14 . 2012-01-15 04:15 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5D77C1EE-3F2F-11E1-9500-782BCBA03CB4}.dat
    + 2012-01-15 03:23 . 2012-01-15 03:24 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C89FC2C-3F28-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 03:51 . 2012-01-15 03:52 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{35CE2A76-3F2C-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 07:55 . 2012-01-14 07:56 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21578C7E-3E85-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 01:27 . 2012-01-15 01:28 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1893B755-3F18-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 06:43 . 2012-01-14 06:44 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{136995F3-3E7B-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 00:51 . 2012-01-15 00:52 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{11509028-3F13-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 02:31 . 2012-01-15 02:32 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{092FDCE5-3F21-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-14 07:47 . 2012-01-14 07:48 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{037BABF6-3E84-11E1-A1A9-782BCBA03CB4}.dat
    + 2012-01-15 04:16 . 2012-01-15 04:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-01-14 04:54 . 2012-01-14 04:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-01-15 04:16 . 2012-01-15 04:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-01-14 04:54 . 2012-01-14 04:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 04:54 . 2012-01-15 04:15 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-01-14 04:48 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 05:12 . 2012-01-04 05:41 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:12 . 2012-01-14 06:10 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:01 . 2012-01-14 04:53 973724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-01-15 04:16 973724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:54 . 2012-01-15 04:15 2277376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-01-14 04:48 2277376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-01-15 04:15 3653632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-01-14 04:48 3653632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-10 08:30 . 2012-01-15 03:55 8031768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2011-02-10 08:30 . 2012-01-14 03:12 8031768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2012-01-13 12:35 . 2012-01-15 04:16 8069156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    - 2012-01-13 12:35 . 2012-01-14 04:13 8069156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2009-07-14 02:34 . 2012-01-15 04:27 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2011-12-14 16:19 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2011-03-09 12:16 . 2012-01-15 04:16 53282336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2497366735-1331177007-3287805736-1000-12288.dat
    - 2011-03-09 12:16 . 2012-01-14 04:53 53282336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2497366735-1331177007-3287805736-1000-12288.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz2.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Elliot\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Elliot\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Elliot\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Elliot\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="c:\users\Elliot\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "WD Anywhere Backup"="c:\program files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-11-13 222432]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1658440]
    "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-13 98304]
    "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-03 240112]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-02 518640]
    "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-22 483328]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-07 421736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-02-11 560128]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
    .
    c:\users\Elliot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Elliot\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-2-14 25214]
    Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2009-11-13 25824]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    R3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
    R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-12-14 25072]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
    R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-03 1116656]
    R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-03 219632]
    R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-03-13 158832]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-18 450848]
    S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2497366735-1331177007-3287805736-1000Core.job
    - c:\users\Elliot\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 06:38]
    .
    2012-01-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2497366735-1331177007-3287805736-1000UA.job
    - c:\users\Elliot\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 06:38]
    .
    2012-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2497366735-1331177007-3287805736-1000Core.job
    - c:\users\Elliot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 08:33]
    .
    2012-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2497366735-1331177007-3287805736-1000UA.job
    - c:\users\Elliot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 08:33]
    .
    2011-12-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
    .
    2012-01-15 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
    .
    2012-01-14 c:\windows\Tasks\vtscheduletask.job
    - c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2011-02-20 03:25]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Elliot\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Elliot\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Elliot\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Elliot\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2010-12-10 4775176]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 2114376]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 192.168.0.1
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    FF - ProfilePath - c:\users\Elliot\AppData\Roaming\Mozilla\Firefox\Profiles\jlj4gjgr.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
    "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**êu‹ÓÏ"]
    "LP_LastUpdateTime"="0"
    "LP_LastCheckTime"=dword:4f125297
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
    be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
    34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
    02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
    79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
    1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:8c,50,10,8b,5d,d2,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,e4,ac,65,5c,5c,da,4a,81,04,c6,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,e4,ac,65,5c,5c,da,4a,81,04,c6,\
    .
    [HKEY_USERS\S-1-5-21-2497366735-1331177007-3287805736-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08C6933A-7343-8698-BC45-229DE03C6E2E}*]
    "iagndnkacaindennod"=hex:6a,61,68,67,64,63,63,62,6d,6a,69,6a,6e,62,6c,69,66,6c,
    6f,6f,00,00
    "haenbneklleknpke"=hex:6a,61,68,67,64,63,63,62,6d,6a,69,6a,6e,62,6c,69,66,6c,
    6f,6f,00,00
    "fagnkmnpjakn"=hex:65,61,63,64,63,67,70,6f,63,6d,00,ff
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-01-15 15:39:32
    ComboFix-quarantined-files.txt 2012-01-15 04:39
    ComboFix2.txt 2012-01-14 05:00
    .
    Pre-Run: 1,792,262,692,864 bytes free
    Post-Run: 1,792,057,049,088 bytes free
    .
    - - End Of File - - D06DE48E6191D49274492D65CEC4F82D
  23. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  24. efre2

    efre2 TS Rookie Topic Starter Posts: 20

    OTL.txt part 1

    Still can't connect to the internet... :(

    OTL logfile created on: 1/15/2012 4:28:14 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Elliot\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    7.98 Gb Total Physical Memory | 5.64 Gb Available Physical Memory | 70.63% Memory free
    15.96 Gb Paging File | 13.70 Gb Available in Paging File | 85.82% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1850.64 Gb Total Space | 1669.06 Gb Free Space | 90.19% Space Free | Partition Type: NTFS
    Drive D: | 1863.01 Gb Total Space | 1124.81 Gb Free Space | 60.38% Space Free | Partition Type: NTFS
    Drive F: | 3.72 Gb Total Space | 1.22 Gb Free Space | 32.76% Space Free | Partition Type: FAT32
    Drive J: | 1396.61 Gb Total Space | 1135.17 Gb Free Space | 81.28% Space Free | Partition Type: NTFS
    Drive Z: | 665.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: ELLIOT-PC | User Name: Elliot | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/17 00:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Elliot\Desktop\OTL.exe
    PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2011/04/08 23:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    PRC - [2010/09/13 21:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2009/11/13 13:30:44 | 001,500,384 | ---- | M] (Memeo Inc.) -- C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackup.exe
    PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    PRC - [2008/01/22 19:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/12 03:27:47 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
    MOD - [2012/01/12 03:23:17 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
    MOD - [2012/01/12 03:22:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
    MOD - [2011/10/14 10:38:16 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll
    MOD - [2011/10/14 09:29:29 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
    MOD - [2011/10/14 09:29:19 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
    MOD - [2011/10/14 09:29:05 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
    MOD - [2011/10/14 09:29:01 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
    MOD - [2011/10/14 09:28:46 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
    MOD - [2011/10/14 09:28:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
    MOD - [2011/10/14 09:28:43 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
    MOD - [2011/10/14 09:28:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
    MOD - [2010/11/05 12:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2009/11/13 13:30:58 | 001,804,000 | ---- | M] () -- C:\Program Files (x86)\WD\WD Anywhere Backup\Memeo.Client.UI.dll
    MOD - [2009/10/22 09:04:16 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\WD\WD Anywhere Backup\sqlite3.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/03/17 17:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2011/03/13 12:45:12 | 000,158,832 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2011/03/13 12:37:22 | 000,208,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2011/03/13 12:37:06 | 000,197,960 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
    SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2010/10/27 02:51:38 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/06/29 16:12:20 | 000,158,720 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
    SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2011/01/31 22:39:45 | 001,045,256 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/01/31 22:35:35 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2011/01/14 06:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
    SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
    SRV - [2010/09/13 21:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2010/09/04 04:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/09/04 04:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/08/25 23:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
    SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/11/13 13:30:42 | 000,025,824 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
    SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/01/22 19:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/12/14 12:19:10 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
    DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 200(UVC)
    DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/13 12:20:10 | 000,639,216 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2011/03/13 12:20:10 | 000,481,376 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2011/03/13 12:20:10 | 000,227,856 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2011/03/13 12:20:10 | 000,156,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2011/03/13 12:20:10 | 000,098,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2011/03/13 12:20:10 | 000,075,672 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
    DRV:64bit: - [2011/03/13 12:20:10 | 000,065,128 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/10/27 04:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/10/27 02:14:24 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/10/16 12:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/09/22 14:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/09/14 23:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/06/08 23:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
    DRV:64bit: - [2010/04/19 19:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
    DRV:64bit: - [2010/03/19 06:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/02/28 02:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/01/29 17:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2006/11/01 15:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  25. efre2

    efre2 TS Rookie Topic Starter Posts: 20

    part 2

    IE - HKU\S-1-5-21-2497366735-1331177007-3287805736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2497366735-1331177007-3287805736-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2497366735-1331177007-3287805736-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2497366735-1331177007-3287805736-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Elliot\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Elliot\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Elliot\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Elliot\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Elliot\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/22 11:14:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/22 11:14:57 | 000,000,000 | ---D | M]

    [2011/02/19 17:05:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elliot\AppData\Roaming\Mozilla\Extensions
    [2012/01/09 18:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elliot\AppData\Roaming\Mozilla\Firefox\Profiles\jlj4gjgr.default\extensions
    [2011/03/07 20:06:24 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\Elliot\AppData\Roaming\Mozilla\Firefox\Profiles\jlj4gjgr.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
    [2012/01/09 18:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/04/05 15:41:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/04/14 15:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/04/09 13:25:11 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2011/04/09 13:25:11 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2011/04/09 13:25:11 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2011/04/09 13:25:11 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/01/15 15:30:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20110608190706.dll (McAfee, Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110608190706.dll (McAfee, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2497366735-1331177007-3287805736-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
    O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [WD Anywhere Backup] C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe (Memeo Inc.)
    O4 - HKU\S-1-5-21-2497366735-1331177007-3287805736-1000..\Run: [Facebook Update] C:\Users\Elliot\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
    O4 - HKU\.DEFAULT..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
    O4 - HKU\S-1-5-18..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
    O4 - Startup: C:\Users\Elliot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Elliot\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2497366735-1331177007-3287805736-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2497366735-1331177007-3287805736-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2497366735-1331177007-3287805736-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O15 - HKU\S-1-5-21-2497366735-1331177007-3287805736-1000\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-2497366735-1331177007-3287805736-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2497366735-1331177007-3287805736-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4992DDE0-4E46-4A99-B003-70B28911F6FA}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8CB7EEF-2D14-45AA-A68A-AC835BB4F425}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D95F3F13-1B54-464E-A0CE-B9D7A88B903A}: DhcpNameServer = 198.142.0.51 61.88.88.88
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/30 09:44:07 | 000,000,088 | ---- | M] () - Z:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
    Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/21 15:19:21 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{86430B88-D1AB-4A99-9AEF-252B555B3915}
    [2012/01/15 16:27:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Elliot\Desktop\OTL.exe
    [2012/01/15 15:39:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/01/15 15:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2012/01/15 14:55:01 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Elliot\Desktop\FixTDSS.exe
    [2012/01/15 11:49:37 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Elliot\Desktop\boot_cleaner.exe
    [2012/01/15 11:47:24 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Elliot\Desktop\aswMBR.exe
    [2012/01/15 11:21:04 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Elliot\Desktop\tdsskiller.exe
    [2012/01/14 16:53:13 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Elliot\Desktop\dds.scr
    [2012/01/14 16:53:04 | 007,956,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Elliot\Desktop\mbam-rules.exe
    [2012/01/14 15:42:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/14 15:42:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/14 15:42:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/14 15:41:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/14 15:40:46 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/14 15:40:38 | 004,383,253 | R--- | C] (Swearware) -- C:\Users\Elliot\Desktop\ComboFix.exe
    [2012/01/14 15:34:36 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\Elliot\Desktop\BlitzBlank.exe
    [2012/01/14 15:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/14 15:27:57 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/01/14 13:11:34 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{7F0C2A54-8BB3-4229-B5A1-3B4F9B3660A2}
    [2012/01/14 13:11:15 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{CC309D7B-4749-4140-A12C-1897BD29C757}
    [2012/01/14 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Roaming\Ybews
    [2012/01/14 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Roaming\Okm
    [2012/01/14 12:51:31 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Elliot\Desktop\mbam-setup.exe
    [2012/01/14 12:36:33 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{E87EB522-5391-4000-9D54-E89864A9AB05}
    [2012/01/14 12:26:38 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{1E7212CF-A89E-4115-810D-0E49CEB6D7D8}
    [2012/01/14 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{03BE3113-C494-4232-829F-74812936379B}
    [2012/01/14 12:03:28 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{B3F75082-B40B-4D66-9A33-E2D0D60EA57A}
    [2012/01/14 11:56:48 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{F9D0D57F-F344-484F-A393-6D4765D61DE5}
    [2012/01/14 11:50:25 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{7638B5C0-E615-4B41-A1E2-86D6F3FEC357}
    [2012/01/14 11:43:37 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Roaming\BACS.exe
    [2012/01/14 11:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom
    [2012/01/14 11:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
    [2012/01/14 11:15:37 | 000,000,000 | ---D | C] -- C:\Windows\Dell
    [2012/01/14 11:14:21 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\Downloaded Installations
    [2012/01/14 11:10:57 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{169A4083-9479-4A84-A27B-189BB719033B}
    [2012/01/14 08:38:49 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{B2C514AF-F436-47F8-873A-ACF8256F15BA}
    [2012/01/13 19:45:32 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Roaming\Malwarebytes
    [2012/01/13 19:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/13 19:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/01/13 17:55:37 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{55DCD8A1-247B-49A4-82B5-FE14DF9D2FB8}
    [2012/01/13 05:55:12 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{D255449F-4D4C-4B06-ABA3-7A4A8FAACF61}
    [2012/01/12 17:54:41 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{F4922F54-966D-4D00-A7B0-A777F66EDD86}
    [2012/01/12 17:54:27 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{414697F0-EDF7-4998-B6C9-F89933EA8449}
    [2012/01/12 05:54:00 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{42FEE5CE-558B-407D-9266-AE24FFD9C64E}
    [2012/01/12 05:53:48 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{D63E16EE-6FA2-4992-A726-AFE79F014D7B}
    [2012/01/11 17:53:22 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{D7C74817-631D-4B66-A4E9-B5C8621AF6E8}
    [2012/01/11 05:52:57 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{CA3E10DE-7F7B-47C8-AA49-73AD26076395}
    [2012/01/10 17:52:32 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{6B2E45D4-FB27-429D-A6EA-9EFF0EE578A2}
    [2012/01/10 17:52:20 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{4AFBC1AB-3F5C-4DE3-9BD2-1A70B7871E93}
    [2012/01/08 15:53:17 | 000,000,000 | ---D | C] -- C:\Users\Elliot\Desktop\New folder
    [2012/01/08 15:53:06 | 000,000,000 | ---D | C] -- C:\Users\Elliot\Desktop\The League
    [2012/01/08 15:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra MKV Converter
    [2012/01/08 15:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ultra MKV Converter
    [2012/01/08 15:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/01/08 15:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/01/08 15:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/01/06 14:09:25 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{D1819E09-5FD6-45C1-876A-11354F876A86}
    [2012/01/06 14:09:14 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{1676F130-970A-48E8-9689-9B5B7E1CF675}
    [2012/01/05 10:09:12 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{0F108CCC-BE43-4F3F-9FBB-5CCB5BF1106E}
    [2012/01/05 10:08:59 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{4B826CF5-FED7-4A29-A2DD-5EDE8C6278EE}
    [2012/01/04 16:12:26 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{F03A50DD-52C0-4891-8939-E12ABAF9FD0A}
    [2012/01/04 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{87F581B8-69E2-480A-A7C9-EB344499CD91}
    [2012/01/03 23:22:49 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{B60E9068-4931-4F6F-8BFC-0D844F225177}
    [2012/01/03 11:22:22 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{AA7669B1-FCFC-4CA2-B264-E6A5AE9C3797}
    [2012/01/03 11:22:08 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{E7260A23-8E11-4EEC-BA96-98201E33F403}
    [2012/01/02 23:21:34 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{8A02F6E5-EEF9-43CD-B64D-202BC0E33686}
    [2012/01/02 11:21:00 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{51E6446F-1E91-41BF-B9FF-CE56650FE543}
    [2012/01/02 11:20:44 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{9491AB75-C0EC-4589-A52F-3D7ECE689A05}
    [2012/01/01 15:36:15 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{71F8AC65-1412-4DB9-9696-EBE0023B0962}
    [2012/01/01 15:36:03 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{357BF5A0-2B5A-4D17-A410-3063081FCF24}
    [2011/12/29 11:13:16 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{6FACED6F-2F90-4337-8FE3-C16790AD83C4}
    [2011/12/28 01:27:56 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{B6519709-2290-4A0D-88FB-A00D8584E5E2}
    [2011/12/27 13:27:31 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{BD7F99F4-8D44-4F79-817B-D9651C2808E0}
    [2011/12/27 13:27:18 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{BBF59B7B-4229-4727-ADC4-842AF763B3F5}
    [2011/12/27 00:14:23 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{4E55B001-7666-43EC-BF22-4AB700967D8B}
    [2011/12/27 00:14:12 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{D0434FFD-3F32-4F59-A6D8-F0BD7607D028}
    [2011/12/26 13:31:20 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
    [2011/12/26 12:13:43 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{AB21B693-3FE3-41A9-964E-41BC0C41AEBE}
    [2011/12/26 12:13:26 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{9A4C6228-9654-4E33-A067-6D87586D2C4D}
    [2011/12/25 12:04:53 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{EEA6EDBE-63C1-4EA7-9B20-CB648BF6A25A}
    [2011/12/25 12:04:41 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{3A57AEF3-2444-4841-B206-E195D9C44C8F}
    [2011/12/25 00:04:10 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{9A497DE1-6101-4780-A878-D7B286EA81DD}
    [2011/12/25 00:03:39 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{7A7D6783-A9B0-4AB7-BD72-9EF380C50213}
    [2011/12/24 23:38:14 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{6A7C2575-BEA4-4C18-88C0-CC69B105101F}
    [2011/12/24 11:37:47 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{94FE5017-3E19-41E8-B37B-197432A4BBB5}
    [2011/12/24 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{8081BAAB-D81F-4D69-AA65-ADACDDE30F44}
    [2011/12/23 12:24:18 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{7EC7428E-9B44-43F8-BD7C-D45F00FAF696}
    [2011/12/23 12:23:46 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{A1B17974-0322-4752-915C-DA8AC3F12F57}
    [2011/12/23 00:26:34 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{963A54D4-27E1-42FA-B616-B43B5FF02F26}
    [2011/12/22 23:04:01 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Roaming\Macrovision
    [2011/12/22 12:26:03 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{61F695ED-2B04-4BCB-A9F6-A8EA176B4352}
    [2011/12/22 12:25:30 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{64420133-859B-4D9B-87EE-B7A0EFBC9EB8}
    [2011/12/21 18:43:16 | 000,000,000 | ---D | C] -- C:\Users\Elliot\Desktop\Music George
    [2011/12/21 15:59:22 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{2B3594C0-B7AC-40B0-BFBC-B7DBC7130D98}
    [2011/12/21 15:59:08 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{357B0A25-A8C0-4BCE-B37D-F00849C53BAF}
    [2011/12/21 02:24:42 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{3F77B649-071C-409D-A767-E16EB2F04C17}
    [2011/12/20 14:26:36 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{76DD4E1B-BA96-4194-9C85-42B5420A0388}
    [2011/12/20 02:26:08 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{4A230B68-0FEE-45A2-8A4F-FC30BBDC9D1C}
    [2011/12/19 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{271DAEB1-41E3-4680-9530-92A6A3DB81CC}
    [2011/12/19 02:25:21 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{E58B822E-9BBE-4C77-811C-14A6141E94FF}
    [2011/12/18 14:24:47 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{83D6C388-056D-4D67-B024-06F1EB311234}
    [2011/12/18 14:24:35 | 000,000,000 | ---D | C] -- C:\Users\Elliot\AppData\Local\{5FB91B70-7AC9-45C5-B3B4-67E6501BAF07}
    [2011/12/17 11:06:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
    [2 C:\Users\Elliot\Desktop\*.tmp files -> C:\Users\Elliot\Desktop\*.tmp -> ]
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/15 16:00:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2497366735-1331177007-3287805736-1000UA.job
    [2012/01/15 16:00:00 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job
    [2012/01/15 15:30:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/01/15 15:27:41 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/15 15:27:41 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/15 15:16:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/15 15:16:48 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/15 14:56:13 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/01/15 13:46:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2497366735-1331177007-3287805736-1000UA.job
    [2012/01/15 11:49:00 | 000,044,607 | ---- | M] () -- C:\Users\Elliot\Desktop\bootkit_remover.zip
    [2012/01/15 11:48:19 | 000,000,512 | ---- | M] () -- C:\Users\Elliot\Desktop\MBR.dat
    [2012/01/14 22:00:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2497366735-1331177007-3287805736-1000Core.job
    [2012/01/14 16:43:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2497366735-1331177007-3287805736-1000Core.job
    [2012/01/14 16:37:56 | 000,302,592 | ---- | M] () -- C:\Users\Elliot\Desktop\hwwu458l.exe
    [2012/01/14 15:28:00 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2012/01/14 12:54:02 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Elliot\Desktop\mbam-setup.exe
    [2012/01/14 12:43:17 | 001,196,748 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/01/14 12:43:17 | 000,391,680 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/01/14 12:43:17 | 000,005,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/01/14 12:32:10 | 000,003,364 | ---- | M] () -- C:\Users\Elliot\Desktop\firewall.reg
    [2012/01/14 12:31:38 | 000,001,495 | ---- | M] () -- C:\Users\Elliot\Desktop\bfe.reg
    [2012/01/14 12:18:40 | 050,331,648 | ---- | M] () -- C:\Users\Elliot\Desktop\R282233.exe
    [2012/01/14 11:06:50 | 000,000,017 | ---- | M] () -- C:\Users\Elliot\AppData\Local\resmon.resmoncfg
    [2012/01/14 09:02:10 | 004,383,253 | R--- | M] (Swearware) -- C:\Users\Elliot\Desktop\ComboFix.exe
    [2012/01/13 23:02:08 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Elliot\Desktop\tdsskiller.exe
    [2012/01/13 21:32:14 | 000,024,576 | ---- | M] () -- C:\Users\Elliot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/01/13 19:44:39 | 000,000,000 | ---- | M] () -- C:\ProgramData\Vqr5BO8X.dat
    [2012/01/13 19:36:12 | 000,014,440 | -HS- | M] () -- C:\Users\Elliot\AppData\Local\db2am60oby25758xy4e00f7d271u4p355010g2o2s7gsn
    [2012/01/13 19:36:12 | 000,014,440 | -HS- | M] () -- C:\ProgramData\db2am60oby25758xy4e00f7d271u4p355010g2o2s7gsn
    [2012/01/13 09:22:46 | 000,799,545 | ---- | M] () -- C:\Users\Elliot\Desktop\ListParts64.exe
    [2012/01/12 00:01:50 | 000,303,000 | -H-- | M] () -- C:\Users\Elliot\Desktop\ZbThumbnail.info
    [2012/01/10 18:00:25 | 000,024,277 | ---- | M] () -- C:\Users\Elliot\Desktop\censor-beep-2.mp3
    [2012/01/10 17:59:26 | 000,014,873 | ---- | M] () -- C:\Users\Elliot\Desktop\censor-beep-1.mp3
    [2012/01/10 10:51:53 | 000,002,048 | ---- | M] () -- C:\Users\Elliot\AppData\Roaming\Photobook Designer Prefs
    [2012/01/10 04:42:36 | 000,334,125 | ---- | M] () -- C:\Users\Elliot\Desktop\FSS.exe
    [2012/01/09 23:20:14 | 000,253,536 | ---- | M] () -- C:\Users\Elliot\Desktop\SpeedScheduler_1.6.0.jar
    [2012/01/08 15:46:40 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Ultra MKV Converter.lnk
    [2012/01/08 15:17:26 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/07 04:37:34 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Elliot\Desktop\aswMBR.exe
    [2012/01/05 20:15:35 | 000,039,495 | ---- | M] () -- C:\Users\Elliot\Desktop\Aloe Blacc.jpg
    [2012/01/05 17:24:01 | 000,803,300 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
    [2012/01/02 11:20:50 | 000,001,045 | ---- | M] () -- C:\Users\Elliot\Desktop\Dropbox.lnk
    [2011/12/27 21:45:48 | 000,396,071 | ---- | M] () -- C:\Users\Elliot\Desktop\MiniToolBox.exe
    [2011/12/26 13:31:20 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
    [2011/12/26 13:29:15 | 002,021,790 | ---- | M] () -- C:\Windows\SysWow64\67cBEBC.mht
    [2011/12/25 00:02:49 | 591,262,457 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/12/24 11:36:52 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2011/12/23 22:01:46 | 003,161,519 | ---- | M] () -- C:\Users\Elliot\Desktop\photo 2.JPG
    [2011/12/19 18:41:34 | 000,082,226 | ---- | M] () -- C:\Users\Elliot\Desktop\378017_10150420092736143_614116142_8841797_639134752_n.jpg
    [2 C:\Users\Elliot\Desktop\*.tmp files -> C:\Users\Elliot\Desktop\*.tmp -> ]
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/15 14:38:24 | 000,799,545 | ---- | C] () -- C:\Users\Elliot\Desktop\ListParts64.exe
    [2012/01/15 11:49:31 | 000,044,607 | ---- | C] () -- C:\Users\Elliot\Desktop\bootkit_remover.zip
    [2012/01/15 11:48:19 | 000,000,512 | ---- | C] () -- C:\Users\Elliot\Desktop\MBR.dat
    [2012/01/14 16:38:56 | 000,302,592 | ---- | C] () -- C:\Users\Elliot\Desktop\hwwu458l.exe
    [2012/01/14 16:20:26 | 000,396,071 | ---- | C] () -- C:\Users\Elliot\Desktop\MiniToolBox.exe
    [2012/01/14 16:13:37 | 000,334,125 | ---- | C] () -- C:\Users\Elliot\Desktop\FSS.exe
    [2012/01/14 15:42:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/14 15:42:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/14 15:42:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/14 15:42:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/14 15:28:00 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2012/01/14 12:34:41 | 000,003,364 | ---- | C] () -- C:\Users\Elliot\Desktop\firewall.reg
    [2012/01/14 12:34:41 | 000,001,495 | ---- | C] () -- C:\Users\Elliot\Desktop\bfe.reg
    [2012/01/14 12:31:09 | 050,331,648 | ---- | C] () -- C:\Users\Elliot\Desktop\R282233.exe
    [2012/01/14 11:06:50 | 000,000,017 | ---- | C] () -- C:\Users\Elliot\AppData\Local\resmon.resmoncfg
    [2012/01/13 19:44:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\Vqr5BO8X.dat
    [2012/01/13 19:32:55 | 000,014,440 | -HS- | C] () -- C:\Users\Elliot\AppData\Local\db2am60oby25758xy4e00f7d271u4p355010g2o2s7gsn
    [2012/01/13 19:32:55 | 000,014,440 | -HS- | C] () -- C:\ProgramData\db2am60oby25758xy4e00f7d271u4p355010g2o2s7gsn
    [2012/01/10 18:00:25 | 000,024,277 | ---- | C] () -- C:\Users\Elliot\Desktop\censor-beep-2.mp3
    [2012/01/10 17:59:26 | 000,014,873 | ---- | C] () -- C:\Users\Elliot\Desktop\censor-beep-1.mp3
    [2012/01/09 23:20:14 | 000,253,536 | ---- | C] () -- C:\Users\Elliot\Desktop\SpeedScheduler_1.6.0.jar
    [2012/01/08 15:46:40 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Ultra MKV Converter.lnk
    [2012/01/08 15:46:39 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
    [2012/01/08 15:46:39 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
    [2012/01/08 15:17:26 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/05 20:24:17 | 000,039,495 | ---- | C] () -- C:\Users\Elliot\Desktop\Aloe Blacc.jpg
    [2012/01/03 16:42:02 | 000,702,004 | ---- | C] () -- C:\Users\Elliot\Desktop\IMG_8931-3.JPG
    [2012/01/02 11:20:50 | 000,001,045 | ---- | C] () -- C:\Users\Elliot\Desktop\Dropbox.lnk
    [2011/12/26 13:29:15 | 002,021,790 | ---- | C] () -- C:\Windows\SysWow64\67cBEBC.mht
    [2011/12/23 22:01:28 | 003,161,519 | ---- | C] () -- C:\Users\Elliot\Desktop\photo 2.JPG
    [2011/12/19 18:41:41 | 000,082,226 | ---- | C] () -- C:\Users\Elliot\Desktop\378017_10150420092736143_614116142_8841797_639134752_n.jpg
    [2011/12/17 11:06:08 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2011/12/17 11:06:06 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2011/12/04 20:02:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011/08/31 22:34:15 | 000,803,300 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2011/06/09 09:02:30 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
    [2011/04/05 14:45:30 | 000,002,048 | ---- | C] () -- C:\Users\Elliot\AppData\Roaming\Photobook Designer Prefs
    [2011/03/13 19:25:04 | 000,002,048 | ---- | C] () -- C:\Users\Elliot\AppData\Roaming\albumworks Prefs
    [2011/03/05 13:27:31 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
    [2011/03/05 13:27:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
    [2011/02/20 20:25:59 | 000,024,576 | ---- | C] () -- C:\Users\Elliot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/11 18:50:23 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/02/01 14:25:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/01/31 22:40:27 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
    [2011/01/31 22:40:27 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
    [2011/01/31 22:40:27 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
    [2011/01/31 22:40:17 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2011/01/31 22:40:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/09/17 18:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2000/08/31 11:00:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.