svchost.exe infection cannot be removed

jtenman · January 4, 2012

Every time I run a scan I am told that svchost.exe is infected. When I try to Remove the Selected infections, I am told to reboot. After reboot, the infections still exist.

Mainly I get a Trojan.Agent, but sometimes it finds Heuristics.Reserved.Word.Exploit as well.

Attaching requested files as well.

Attach.txt

DDS.txt

Maurice Naggar · February 20, 2012

Hello jtenman,

Please advise if you have resolved your issue. If not, and you need guided help, we need a fresh report.

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

This topic will be closed if we do not hear back from you in 3 days.

jtenman · February 21, 2012

Still happening. Every time I turn my computer on or bring it out of hibernate I get the notice. Still can't get it removed. Attaching the updated logs.

RSIT Log

Logfile of random's system information tool 1.09 (written by random/random)

Run by Anya at 2012-02-20 20:32:16

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 114 GB (51%) free of 223 GB

Total RAM: 4003 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:32:26 PM, on 2/20/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\trend micro\Anya.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg32.dll

O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [OE] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Anya\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg32.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: Trend Micro Client/Server Security Agent (svcGenericHost) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TabletServiceWacom - Unknown owner - C:\windows\system32\Wacom_Tablet.exe (file missing)

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe

O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe

O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe

O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15382 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\lsm.exe

winlogon.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

"C:\Program Files\IDT\WDM\STacSV64.exe"

C:\windows\system32\svchost.exe -k LocalService

atieclxx

/QuitInfo:00000000000002A4;00000000000002B0; /AddRef;

C:\Windows\system32\vcsFPService.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

"C:\Program Files\DigitalPersona\Bin\DpHostW.exe"

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files\IDT\WDM\AESTSr64.exe"

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"

"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"

C:\windows\system32\svchost.exe -k bthsvcs

"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"

"C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe"

"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\Wacom_Tablet.exe

"C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"

WLIDSvcM.exe 2680

"C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe"

C:\windows\system32\wbem\unsecapp.exe -Embedding

"taskhost.exe"

"C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe"

/QuitInfo:0000000000000820;0000000000000824; /AddRef;

/QuitInfo:00000000000007F8;000000000000082C;

"C:\windows\system32\Dwm.exe"

HostedAgent.exe .\config\cfg_Modules.bin 1 0 1

\??\C:\windows\system32\conhost.exe "12676445382123399599-40657045-910582744-1345945431-757727501709705974998230459

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\Explorer.EXE

WTablet\Wacom_TabletUser.exe

-netsvcs

Wacom_Tablet.exe au

\??\C:\windows\system32\conhost.exe "39066512210967735482081793848-527163699-2141819476540609201346171055-531453530

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

/loadhooks /Parent:0000000000000CEC

"C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe" /service

"C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNTMon.exe" "-HideWindow"

"C:\Program Files\DigitalPersona\Bin\DPAgent.exe"

"C:\Program Files\DellTPad\Apoint.exe"

"C:\Program Files\Dell\QuickSet\quickset.exe"

"C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe"

C:\windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

"C:\Dell\DBRM\Reminder\DbrmTrayicon.exe"

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\IDT\WDM\sttray64.exe"

"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

C:\windows\system32\wbem\unsecapp.exe -Embedding

"C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}

"C:\Program Files\DellTPad\HidFind.exe"

"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"

"Apntex.exe"

\??\C:\windows\system32\conhost.exe "2017084845-139286333-1964748077-949217741934264323-731801478-521690255-514698689

"C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"

"C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe" -Embedding

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"C:\Program Files\iPod\bin\iPodService.exe"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe" -h

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

C:\windows\system32\WLANExt.exe 147310656

\??\C:\windows\system32\conhost.exe "231552332-825813560175998999-1277449232178756613117046554419578302-1939798234

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\windows\System32\svchost.exe -k WerSvcGroup

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

C:\windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\Skype\Phone\Skype.exe"

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=10644.156c8d30.1558654766 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 10644 "\\.\pipe\gecko-crash-server-pipe.10644" plugin

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"

"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe11_ Global\UsGthrCtrlFltPipeMssGthrPipe11 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524

"C:\Users\Anya\Downloads\RSITx64.exe"

C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4183632481-3653789735-2840657637-1000Core.job

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4183632481-3653789735-2840657637-1000UA.job

C:\windows\tasks\PCDoctorBackgroundMonitorTask.job

C:\windows\tasks\SystemToolsDailyTest.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default

prefs.js - "browser.search.useDBForOrder" - true

prefs.js - "browser.startup.homepage" - "http://www.msn.com/?pc=Z164&install_date=20111002"

prefs.js - "keyword.URL" - "http://www.bing.com/search?pc=Z164&form=ZGAADF&install_date=20111002&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 10.1 Plugin

"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]

"Description"=Picasa3 plugin

"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\

{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\

np-mswmp.dll

npdeployJava1.dll

WMP Firefox Plugin License.rtf

WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml.old

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\

fastdial@telega.phpnet.us

foxmarks@kei.com

support@lastpass.com

{5911488E-9D1E-40ec-8CBB-06B231CC153F}

{75562457-ec1e-499e-842e-3209b8c23a7e}

{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}]

TmIEPlugInBHO Class - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll [2010-07-21 285520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-06 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}]

TmIEPlugInBHO Class - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg32.dll [2010-07-21 218448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}]

StartNow Toolbar Helper - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll [2011-07-27 502272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29 3844768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{5911488E-9D1E-40ec-8CBB-06B231CC153F} - StartNow Toolbar - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll [2011-07-27 502272]

{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2011-04-12 609144]

"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2011-01-21 3666800]

"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []

"FreeFallProtection"=C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [2010-12-15 686704]

"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-12-17 1933584]

"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2010-11-03 10228224]

"DBRMTray"=C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [2010-09-10 206336]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-03-25 167960]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-03-25 391704]

"Persistence"=C:\Windows\system32\igfxpers.exe [2011-03-25 418840]

"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15 499608]

"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2011-05-27 1128448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

"Google Update"=C:\Users\Anya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-20 136176]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"Dell Webcam Central"=C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2010-08-19 487562]

"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]

"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]

"OfficeScanNT Monitor"=C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [2011-10-27 1713168]

"OE"=C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [2010-08-10 846672]

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-06-07 421160]

"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-05-24 336384]

"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

"AdobeCS5.5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

"StartNowToolbarHelper"=C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe []

"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\windows\system32\igfxdev.dll [2011-03-25 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=DPPassFilter

scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DpHost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-20 20:32:17 ----D---- C:\Program Files\trend micro

2012-02-20 20:32:16 ----D---- C:\rsit

2012-02-15 04:48:01 ----A---- C:\windows\system32\MRT.INI

2012-02-15 04:42:50 ----A---- C:\windows\system32\mshtmled.dll

2012-02-15 04:42:49 ----A---- C:\windows\SYSWOW64\mshtmled.dll

2012-02-15 04:42:48 ----A---- C:\windows\SYSWOW64\iertutil.dll

2012-02-15 04:42:48 ----A---- C:\windows\system32\iertutil.dll

2012-02-15 04:42:47 ----A---- C:\windows\SYSWOW64\url.dll

2012-02-15 04:42:47 ----A---- C:\windows\SYSWOW64\jscript9.dll

2012-02-15 04:42:47 ----A---- C:\windows\SYSWOW64\ieui.dll

2012-02-15 04:42:47 ----A---- C:\windows\system32\url.dll

2012-02-15 04:42:47 ----A---- C:\windows\system32\jscript9.dll

2012-02-15 04:42:47 ----A---- C:\windows\system32\ieui.dll

2012-02-15 04:42:46 ----A---- C:\windows\SYSWOW64\urlmon.dll

2012-02-15 04:42:46 ----A---- C:\windows\SYSWOW64\jscript.dll

2012-02-15 04:42:46 ----A---- C:\windows\system32\urlmon.dll

2012-02-15 04:42:46 ----A---- C:\windows\system32\jscript.dll

2012-02-15 04:42:45 ----A---- C:\windows\SYSWOW64\wininet.dll

2012-02-15 04:42:45 ----A---- C:\windows\system32\wininet.dll

2012-02-15 04:42:45 ----A---- C:\windows\system32\jsproxy.dll

2012-02-15 04:42:44 ----A---- C:\windows\SYSWOW64\jsproxy.dll

2012-02-15 04:42:42 ----A---- C:\windows\SYSWOW64\mshtml.dll

2012-02-15 04:42:40 ----A---- C:\windows\system32\mshtml.dll

2012-02-15 04:42:39 ----A---- C:\windows\SYSWOW64\ieframe.dll

2012-02-15 04:42:39 ----A---- C:\windows\system32\ieframe.dll

2012-02-14 21:11:47 ----A---- C:\windows\system32\shell32.dll

2012-02-14 21:11:46 ----A---- C:\windows\SYSWOW64\shell32.dll

2012-02-14 21:11:45 ----A---- C:\windows\SYSWOW64\ntshrui.dll

2012-02-14 21:11:45 ----A---- C:\windows\system32\ntshrui.dll

2012-02-14 21:11:39 ----A---- C:\windows\system32\win32k.sys

2012-02-14 21:11:37 ----A---- C:\windows\system32\drivers\afd.sys

2012-02-14 21:11:33 ----A---- C:\windows\SYSWOW64\msvcrt.dll

2012-02-14 21:11:33 ----A---- C:\windows\system32\msvcrt.dll

2012-01-31 00:53:20 ----A---- C:\windows\SYSWOW64\schannel.dll

2012-01-31 00:53:20 ----A---- C:\windows\system32\schannel.dll

2012-01-31 00:53:20 ----A---- C:\windows\system32\lsasrv.dll

2012-01-31 00:53:20 ----A---- C:\windows\system32\drivers\ksecpkg.sys

2012-01-31 00:53:20 ----A---- C:\windows\system32\drivers\cng.sys

2012-01-31 00:53:19 ----A---- C:\windows\SYSWOW64\webio.dll

2012-01-31 00:53:19 ----A---- C:\windows\SYSWOW64\sspicli.dll

2012-01-31 00:53:19 ----A---- C:\windows\SYSWOW64\secur32.dll

2012-01-31 00:53:19 ----A---- C:\windows\system32\webio.dll

2012-01-31 00:53:19 ----A---- C:\windows\system32\sspisrv.dll

2012-01-31 00:53:19 ----A---- C:\windows\system32\sspicli.dll

2012-01-31 00:53:19 ----A---- C:\windows\system32\secur32.dll

2012-01-31 00:53:19 ----A---- C:\windows\system32\lsass.exe

2012-01-31 00:53:19 ----A---- C:\windows\system32\drivers\ksecdd.sys

======List of files/folders modified in the last 1 month======

2012-02-20 20:32:17 ----RD---- C:\Program Files

2012-02-20 20:31:50 ----AD---- C:\windows\Temp

2012-02-20 20:19:40 ----D---- C:\Users\Anya\AppData\Roaming\Skype

2012-02-20 19:46:34 ----D---- C:\windows\inf

2012-02-20 19:46:34 ----AD---- C:\windows\System32

2012-02-20 19:46:34 ----A---- C:\windows\system32\PerfStringBackup.INI

2012-02-20 10:30:15 ----D---- C:\windows\system32\config

2012-02-19 21:11:22 ----D---- C:\windows\system32\NDF

2012-02-19 21:06:35 ----A---- C:\windows\SYSWOW64\log.txt

2012-02-19 21:03:55 ----D---- C:\Users\Anya\AppData\Roaming\WTablet

2012-02-19 01:21:49 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-02-19 00:55:23 ----D---- C:\windows\system32\wdi

2012-02-16 10:58:13 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2012-02-16 01:07:12 ----SHD---- C:\windows\Installer

2012-02-16 01:06:15 ----SHD---- C:\System Volume Information

2012-02-15 06:28:06 ----D---- C:\windows\Microsoft.NET

2012-02-15 06:28:05 ----RSD---- C:\windows\assembly

2012-02-15 05:24:22 ----D---- C:\windows\winsxs

2012-02-15 05:20:32 ----D---- C:\windows\SysWOW64

2012-02-15 05:20:31 ----D---- C:\windows\SYSWOW64\migration

2012-02-15 05:20:31 ----D---- C:\windows\system32\migration

2012-02-15 05:20:31 ----D---- C:\windows\system32\drivers

2012-02-15 05:20:31 ----D---- C:\Program Files\Internet Explorer

2012-02-15 05:20:31 ----D---- C:\Program Files (x86)\Internet Explorer

2012-02-15 04:50:28 ----D---- C:\ProgramData\Microsoft Help

2012-02-15 04:44:42 ----A---- C:\windows\system32\MRT.exe

2012-02-15 04:43:52 ----D---- C:\windows\system32\catroot

2012-02-15 04:43:51 ----D---- C:\windows\system32\catroot2

2012-02-15 04:36:10 ----D---- C:\windows\Minidump

2012-02-15 04:36:03 ----AD---- C:\Windows

2012-02-14 12:45:28 ----D---- C:\windows\Prefetch

2012-02-13 23:45:53 ----RD---- C:\Program Files (x86)\Skype

2012-02-13 23:45:53 ----D---- C:\Program Files (x86)\Common Files

2012-02-13 23:45:52 ----D---- C:\ProgramData\Skype

2012-02-10 15:06:32 ----D---- C:\windows\system32\Tasks

2012-02-10 15:06:31 ----D---- C:\windows\Tasks

2012-02-10 15:06:19 ----D---- C:\Program Files\Dell Support Center

2012-02-10 15:06:10 ----D---- C:\ProgramData\Dell

2012-02-04 23:03:15 ----A---- C:\tmuninst.ini

2012-01-31 05:04:43 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-29 06:07:49 ----D---- C:\windows\LiveKernelReports

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-11-06 438808]

R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer; C:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\windows\system32\DRIVERS\tmlwf.sys [2010-11-08 196688]

R1 tmtdi;Trend Micro TDI Driver; C:\windows\system32\DRIVERS\tmtdi.sys [2010-11-08 108624]

R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]

R2 TmFilter;Trend Micro Filter; \??\C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-07-11 342288]

R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-07-11 42768]

R2 tmwfp;Trend Micro WFP Callout Driver; C:\windows\system32\DRIVERS\tmwfp.sys [2010-11-08 338000]

R2 TurboB;Turbo Boost UI Monitor driver; C:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2011-07-11 2077456]

R3 Acceler;Accelerometer Service; C:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]

R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2011-05-24 9319936]

R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2011-05-24 306176]

R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x64; C:\windows\system32\DRIVERS\Apfiltr.sys [2011-05-13 363856]

R3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\drivers\BthEnum.sys [2009-07-13 41984]

R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-13 118784]

R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-27 80384]

R3 btmaux;Intel Bluetooth Auxiliary Service; C:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]

R3 btmhsf;btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [2010-10-19 274432]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]

R3 iBtFltCoex;iBtFltCoex; C:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904]

R3 IntcDAud;Intel® Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

R3 intelkmd;intelkmd; C:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-25 12262336]

R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2011-12-10 23152]

R3 MEIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [2012-02-01 25072]

R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-13 158720]

R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]

R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\windows\system32\DRIVERS\stwrt64.sys [2011-05-27 528384]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]

R3 wacommousefilter;Wacom Mouse Filter Driver; C:\windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12848]

R3 wacomvhid;Wacom Virtual Hid Driver; C:\windows\system32\DRIVERS\wacomvhid.sys [2008-07-11 15272]

R3 WacomVKHid;Virtual Keyboard Driver; C:\windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 12976]

R3 wdkmd;Intel WiDi KMD; C:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]

R3 WinUSB;WinUSB Service; C:\windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]

S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2011-04-27 552960]

S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-03-25 12262336]

S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-13 12352]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-10-29 250984]

S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 USBAAPL64;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]

S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]

S3 wacmoumonitor;Wacom Mode Helper; C:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 18216]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2011-05-24 203776]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-05-25 37664]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 983104]

R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2011-04-06 349472]

R2 DpHost;@C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2010-12-29 440144]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-12-17 1515792]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-10-05 325656]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 ntrtscan;Trend Micro Client/Server Security Agent RealTime Scan; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [2011-12-29 1852584]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-12-17 836880]

R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2011-05-27 301568]

R2 svcGenericHost;Trend Micro Client/Server Security Agent; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-09-16 50704]

R2 TabletServiceWacom;TabletServiceWacom; C:\windows\system32\Wacom_Tablet.exe [2008-10-30 3580712]

R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-07-27 267488]

R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2010-12-03 3143472]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]

R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-06-07 934176]

R3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [2009-07-06 570632]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 DellDigitalDelivery;Dell Digital Delivery Service; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-03-24 148360]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]

S2 tmlisten;Trend Micro Client/Server Security Agent Listener; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2011-12-08 2064992]

S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-07 136120]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032]

S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 917840]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-07-07 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

info.txt

Maurice Naggar · February 21, 2012

Going forward, please do NOT attach logs/reports. Use Notepad & COPY all lines, then Paste into the main body of reply box.

That would be a time saver and much appreciated.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Go to your Desktop
Double-Click the Computer icon.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 3

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
Enable (check) the Remove found threats option, and run the scan.
After the scan completes, the Details tab in the Results window will display what was found and removed.
- A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad or Wordpad.
The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/u...ine-scanner/faq
- It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
  (And the prompt re-enabling when finished.)
- If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
- Do not use the system while the scan is running. Once the full scan is underway, go take a long break

Reply with copy of the Eset scan log

Step 4

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Re-enable the antivirus program.

Step 5

Reply with copies of contents of The Eset scan log & the MBAM scan log for review.

jtenman · February 21, 2012

Eset Log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=88f13ee9a5efe14288e63fd1b79114ac

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-21 05:12:14

# local_time=2012-02-21 10:12:14 (-0700, Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 18797741 81381009 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=199215

# found=9

# cleaned=9

# scan_time=6775

C:\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe a variant of Win32/Toolbar.Zugo application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Users\Anya\AppData\Local\Temp\NODFF69.tmp a variant of Win32/Toolbar.Zugo application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Users\Anya\AppData\Local\Temp\nssF7D0.tmp\omc6oni.ham a variant of Win32/Kryptik.XOO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Anya\AppData\Local\Temp\nssF7D0.tmp\p1n5sdu.cgw a variant of Win32/Kryptik.XOO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Anya\AppData\Local\Temp\nssF7D0.tmp\rnrvopw.zum a variant of Win32/Kryptik.XOO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{75562457-ec1e-499e-842e-3209b8c23a7e}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Anya\Downloads\VeohWebPlayerSetup_eng.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C

-----------------EOF-----------------

MBAM Log:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.21.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Anya :: ANYA-PC [administrator]

Protection: Enabled

2/21/2012 10:55:52 AM

mbam-log-2012-02-21 (10-55-52).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 368714

Time elapsed: 1 hour(s), 36 minute(s), 52 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 2568 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

-----------------EOF-----------------

Maurice Naggar · February 21, 2012

Eset picked up a few trojans & some bogus toolbars.

MBAM should have squashed a trojan as well.

Follow-up:

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Disable your anti-virus program How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

Re-enable your anti-virus program.

jtenman · February 21, 2012

ComboFix Log:

ComboFix 12-02-21.02 - Anya 02/21/2012 15:24:29.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.2016 [GMT -7:00]

Running from: c:\users\Anya\Desktop\ComboFix.exe

AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\StartNow Toolbar

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files (x86)\StartNow Toolbar\Resources\installer.xml

c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html

c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png

c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js

c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml

c:\program files (x86)\StartNow Toolbar\Resources\update.xml

c:\program files (x86)\StartNow Toolbar\uninstall.dat

c:\programdata\PCDr\5907\Downloads\f8338de4-40cb-4494-bc70-93db3ab9e32d.dll

c:\programdata\PCDr\5907\Downloads\fa2ff61b-2c58-4071-916b-f881289a3959.dll

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\Web.config

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{75562457-ec1e-499e-842e-3209b8c23a7e}

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{75562457-ec1e-499e-842e-3209b8c23a7e}\chrome\xulcache.jar

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{75562457-ec1e-499e-842e-3209b8c23a7e}\defaults\preferences\xulcache.js

c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{75562457-ec1e-499e-842e-3209b8c23a7e}\install.rdf

c:\windows\IsUn0419.exe

c:\windows\svchost.exe

c:\windows\Temp\log.txt

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Updater Service for StartNow Toolbar

.

((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))

.

2012-02-21 22:32 . 2012-02-21 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-21 15:16 . 2012-02-21 15:16 -------- d-----w- c:\program files (x86)\ESET

2012-02-21 15:07 . 2012-02-21 15:08 -------- d-----w- c:\program files (x86)\ERUNT

2012-02-21 03:32 . 2012-02-21 03:32 -------- d-----w- c:\program files\trend micro

2012-02-21 03:32 . 2012-02-21 15:09 -------- d-----w- C:\rsit

2012-02-15 04:11 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 04:11 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-15 04:11 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 04:11 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-15 04:11 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-15 04:11 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-15 04:11 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 04:11 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-14 06:45 . 2012-02-14 06:45 -------- d-----w- c:\program files (x86)\Common Files\Skype

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 22:24 . 2011-12-20 13:06 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2011-10-27 1713168]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ DPPassFilter scecli

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-03-24 148360]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-02-01 25072]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032]

R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 917840]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 983104]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-09-17 50704]

S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [x]

S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-07-12 342288]

S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-07-12 42768]

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-12-03 3143472]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183632481-3653789735-2840657637-1000Core.job

- c:\users\Anya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-20 23:39]

.

2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183632481-3653789735-2840657637-1000UA.job

- c:\users\Anya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-20 23:39]

.

2012-02-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]

.

2012-02-21 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-21 3666800]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-15 686704]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-09-10 206336]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-26 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-26 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-26 418840]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"combofix"="c:\combofix\CF29635.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z164&install_date=20111002

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z164&form=ZGAADF&install_date=20111002&q=

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe

AddRemove-Ãåðîè Ìå÷à è Ìàãèè III: Êëèíîê Àðìàãåääîíà - c:\windows\IsUn0419.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,

5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b

"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,

18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47

"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,

6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:1b,cf,b1,20,12,c7,cc,01

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

c:\\.\globalroot\systemroot\svchost.exe

c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\\.\globalroot\systemroot\svchost.exe

.

**************************************************************************

.

Completion time: 2012-02-21 15:44:24 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-21 22:44

.

Pre-Run: 122,447,265,792 bytes free

Post-Run: 122,626,199,552 bytes free

.

- - End Of File - - A328445D4D9971AC43E492923E430316

Maurice Naggar · February 22, 2012

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & Paste contents of last MBAM scan log, AND, tell me, How is your system now ?

jtenman · February 23, 2012

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.22.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Anya :: ANYA-PC [administrator]

Protection: Enabled

2/22/2012 4:31:29 PM

mbam-log-2012-02-22 (16-31-29).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 188280

Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 3836 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Still finding the infected files even after removing and rebooting.

Maurice Naggar · February 23, 2012

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
*****************************************************************
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
themeui.dll
svchost.exe
beep.sys
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
*****************************************************************
Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
Close any browser(s) windows that may be open.
Using your mouse, click on Run Scan.
The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt

jtenman · February 24, 2012

OTL logfile created on: 2/23/2012 7:03:46 PM - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Anya\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 60.23% Memory free

7.82 Gb Paging File | 5.45 Gb Available in Paging File | 69.72% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 218.14 Gb Total Space | 100.53 Gb Free Space | 46.09% Space Free | Partition Type: NTFS

Computer Name: ANYA-PC | User Name: Anya | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/23 19:01:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Anya\Desktop\OTL.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/10/27 23:36:00 | 000,023,568 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

PRC - [2011/09/16 20:31:46 | 000,050,704 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

PRC - [2011/05/24 23:05:52 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe

PRC - [2010/12/15 08:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

PRC - [2010/11/17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/11/05 21:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/11/05 21:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/11/03 10:01:34 | 000,983,104 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

PRC - [2010/11/03 10:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

PRC - [2010/11/03 09:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2010/11/03 09:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

PRC - [2010/10/05 19:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/10/05 19:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/08/19 16:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/15 05:37:35 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bc264c7dba2096c2c88080090bf42600\IAStorUtil.ni.dll

MOD - [2012/02/15 05:32:29 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012/02/15 05:31:50 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MOD - [2012/02/15 05:31:43 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MOD - [2012/02/15 05:31:27 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MOD - [2012/02/15 05:31:19 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012/02/15 05:31:15 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012/02/15 05:31:12 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2011/10/13 02:33:07 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll

MOD - [2011/10/13 02:28:28 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2010/12/15 08:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/27 11:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2011/05/24 21:07:30 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/12/29 11:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)

SRV:64bit: - [2010/12/17 12:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2010/12/17 12:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2010/12/17 12:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2010/12/03 08:26:34 | 003,143,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)

SRV:64bit: - [2010/11/29 13:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2008/10/30 10:07:20 | 003,580,712 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV - [2012/01/31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/12/29 04:50:22 | 001,852,584 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)

SRV - [2011/12/08 04:29:57 | 002,064,992 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)

SRV - [2011/09/16 20:31:46 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)

SRV - [2011/03/24 06:08:04 | 000,148,360 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)

SRV - [2010/12/03 08:14:58 | 002,696,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)

SRV - [2010/11/05 21:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/11/03 10:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2010/11/03 10:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2010/11/03 09:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2010/10/05 19:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/10/05 19:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/07/21 14:48:20 | 000,596,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)

SRV - [2010/07/21 14:44:22 | 000,917,840 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/07/06 12:16:50 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/01 15:06:42 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011/05/27 11:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/05/24 23:26:28 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/05/24 20:25:14 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/05/13 01:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/25 19:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)

DRV:64bit: - [2011/03/25 19:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/12/21 07:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2010/12/13 07:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)

DRV:64bit: - [2010/12/10 14:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/12/10 14:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/12/01 03:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)

DRV:64bit: - [2010/11/29 13:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/08 19:07:48 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)

DRV:64bit: - [2010/11/08 19:06:58 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)

DRV:64bit: - [2010/11/08 19:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2010/11/06 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/11/04 03:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)

DRV:64bit: - [2010/11/04 01:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)

DRV:64bit: - [2010/10/29 17:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/10/26 12:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/10/19 16:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/09/21 07:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/08/20 09:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)

DRV:64bit: - [2010/08/12 08:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/10/06 10:53:26 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2008/07/11 10:16:50 | 000,015,272 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2007/02/15 16:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)

DRV - [2011/07/11 19:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)

DRV - [2011/07/11 19:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)

DRV - [2011/07/11 19:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z164&install_date=20111002

IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z164&install_date=20111002"

FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z164&form=ZGAADF&install_date=20111002&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anya\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anya\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/06/06 17:19:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\FirefoxExtension [2011/12/24 20:36:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/19 01:21:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/24 20:35:59 | 000,000,000 | ---D | M]

[2011/07/07 20:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anya\AppData\Roaming\Mozilla\Extensions

[2012/02/21 15:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions

[2012/01/20 19:02:39 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2012/02/02 10:23:31 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\fastdial@telega.phpnet.us

[2012/01/07 23:26:19 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\foxmarks@kei.com

[2012/02/02 10:23:32 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\572h96j1.default\extensions\support@lastpass.com

[2012/01/17 13:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/12/17 07:56:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

() (No name found) -- C:\USERS\ANYA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\572H96J1.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

() (No name found) -- C:\USERS\ANYA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\572H96J1.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI

() (No name found) -- C:\USERS\ANYA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\572H96J1.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI

[2012/02/19 01:21:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/09/11 09:38:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

[2011/11/08 18:01:31 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anya\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Anya\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anya\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Anya\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\

CHR - Extension: Google Search = C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Skype Click to Call = C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\

CHR - Extension: Gmail = C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/21 15:35:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll (Trend Micro Inc.)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4:64bit: - HKLM..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F192AF7-B087-4FCB-93CB-05F113C5F11B}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg32.dll (Trend Micro Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: DpHost - C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/23 19:01:57 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Anya\Desktop\OTL.exe

[2012/02/23 00:13:01 | 000,447,752 | ---- | C] (On2.com) -- C:\windows\SysWow64\vp6vfw.dll

[2012/02/23 00:12:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE

[2012/02/23 00:12:16 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll

[2012/02/23 00:12:16 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll

[2012/02/23 00:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts

[2012/02/22 23:55:39 | 000,000,000 | ---D | C] -- C:\Users\Anya\Desktop\New folder

[2012/02/21 15:36:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/02/21 15:22:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012/02/21 15:22:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012/02/21 15:22:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012/02/21 15:21:56 | 000,000,000 | ---D | C] -- C:\windows\ERDNT

[2012/02/21 15:21:46 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/02/21 08:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/02/21 08:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/02/21 08:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/02/20 20:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2012/02/20 20:32:16 | 000,000,000 | ---D | C] -- C:\rsit

[2012/02/15 04:42:50 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2012/02/15 04:42:49 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2012/02/15 04:42:47 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2012/02/15 04:42:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2012/02/15 04:42:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2012/02/15 04:42:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2012/02/15 04:42:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2012/02/15 04:42:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2012/02/15 04:42:46 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2012/02/15 04:42:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2012/02/15 04:42:45 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2012/02/14 21:11:45 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll

[2012/02/14 21:11:42 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl

[2012/02/14 21:11:41 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl

[2012/02/14 21:11:33 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll

[2012/02/13 23:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/02/13 23:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012/02/10 15:06:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center

[2012/01/31 00:53:20 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll

[2012/01/31 00:53:19 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll

[2012/01/31 00:53:19 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll

[2012/01/31 00:53:19 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll

[2012/01/31 00:53:19 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll

[2012/01/31 00:53:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll

========== Files - Modified Within 30 Days ==========

[2012/02/23 19:01:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Anya\Desktop\OTL.exe

[2012/02/23 19:00:21 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4183632481-3653789735-2840657637-1000UA.job

[2012/02/23 16:00:14 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job

[2012/02/23 15:56:01 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4183632481-3653789735-2840657637-1000Core.job

[2012/02/23 14:44:52 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/23 14:44:52 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/23 12:36:03 | 000,101,968 | ---- | M] () -- C:\Users\Anya\Desktop\404775_10150664691409459_508024458_11019001_1478175065_n.jpg

[2012/02/23 11:08:18 | 000,864,152 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/02/23 11:08:18 | 000,726,912 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/02/23 11:08:18 | 000,139,588 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/02/23 11:07:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/02/23 00:15:29 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk

[2012/02/23 00:12:05 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk

[2012/02/22 16:47:41 | 3148,226,560 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/21 15:35:51 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2012/02/20 23:33:16 | 677,116,182 | ---- | M] () -- C:\windows\MEMORY.DMP

[2012/02/20 10:34:57 | 001,055,464 | ---- | M] () -- C:\Users\Anya\Desktop\100_0632.JPG

[2012/02/17 12:30:09 | 000,050,664 | ---- | M] () -- C:\Users\Anya\Desktop\stock-photo-man-in-front-of-computer-screen-dark-night-room-and-blue-light-11514280.jpg

[2012/02/15 05:22:21 | 004,971,576 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/02/15 04:48:01 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI

[2012/02/14 12:44:36 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012/02/13 23:45:53 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/02/04 23:03:15 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini

[2012/01/30 23:47:37 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/02/23 12:35:58 | 000,101,968 | ---- | C] () -- C:\Users\Anya\Desktop\404775_10150664691409459_508024458_11019001_1478175065_n.jpg

[2012/02/23 00:15:29 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk

[2012/02/23 00:15:29 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk

[2012/02/23 00:12:05 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk

[2012/02/21 15:22:06 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012/02/21 15:22:05 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012/02/21 15:22:05 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012/02/21 15:22:05 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012/02/21 15:22:05 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012/02/20 10:34:48 | 001,055,464 | ---- | C] () -- C:\Users\Anya\Desktop\100_0632.JPG

[2012/02/17 12:30:08 | 000,050,664 | ---- | C] () -- C:\Users\Anya\Desktop\stock-photo-man-in-front-of-computer-screen-dark-night-room-and-blue-light-11514280.jpg

[2012/02/15 04:48:01 | 000,000,129 | ---- | C] () -- C:\windows\SysNative\MRT.INI

[2012/02/13 23:45:53 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/02/10 15:06:31 | 000,000,564 | ---- | C] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012/02/10 15:06:30 | 000,000,506 | ---- | C] () -- C:\windows\tasks\SystemToolsDailyTest.job

[2012/01/30 23:47:37 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/12/30 04:43:36 | 000,862,702 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/12/20 01:11:30 | 000,009,548 | -HS- | C] () -- C:\Users\Anya\AppData\Local\0wu2e81evj0s52qgiys4810aj163xcv11j7y

[2011/12/20 01:11:30 | 000,009,548 | -HS- | C] () -- C:\ProgramData\0wu2e81evj0s52qgiys4810aj163xcv11j7y

[2011/11/08 07:14:50 | 000,004,608 | ---- | C] () -- C:\Users\Anya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/21 18:01:22 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll

[2011/06/06 19:30:34 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011/06/06 19:30:33 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011/06/06 19:30:33 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/06/06 19:29:21 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini

[2011/06/06 19:29:17 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini

[2011/06/06 19:29:17 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini

[2011/06/06 19:29:17 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini

[2011/06/06 19:29:17 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini

[2011/06/06 19:29:17 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini

[2011/06/06 19:29:17 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini

[2011/06/06 17:04:52 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2011/06/06 17:01:37 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll

[2011/06/06 16:58:56 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat

[2011/06/06 16:53:32 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll

[2011/05/24 23:04:28 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll

[2011/04/26 02:25:40 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini

[2011/03/17 10:51:44 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >

[2011/09/11 21:09:22 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\Adobe

[2011/07/10 14:08:00 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\Apple Computer

[2011/09/10 10:25:44 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\Atari

[2011/07/07 15:11:37 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\ATI

[2011/07/07 19:13:28 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011/07/07 15:11:36 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\Creative

[2011/08/22 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\DAEMON Tools Lite

[2011/12/15 22:37:39 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\DAEMON Tools Pro

[2011/07/08 10:01:12 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\Dell

[2011/07/07 15:08:32 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\DigitalPersona

[2011/07/07 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\Identities

[2011/07/27 15:10:43 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\IDT

[2011/07/07 15:08:19 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\Intel

[2011/07/07 15:11:37 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\Intel Corporation

[2011/07/07 15:26:35 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\Macromedia

[2011/12/20 06:06:23 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\Malwarebytes

[2011/06/06 19:38:40 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\Media Center Programs

[2011/08/08 03:16:59 | 000,000,000 | --SD | M] -- C:\Users\Anya\AppData\Roaming\Microsoft

[2011/07/07 20:18:28 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\Mozilla

[2011/07/09 10:01:40 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\PCDr

[2011/09/11 21:00:53 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\PDAppFlex

[2011/07/07 20:18:29 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\Reallusion

[2012/02/23 19:03:23 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\Skype

[2011/07/07 19:04:32 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\SYSTEMAX Software Development

[2012/01/20 20:49:23 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\uTorrent

[2011/12/24 20:36:04 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\vlc

[2012/02/22 16:48:20 | 000,000,000 | ---D | M] -- C:\Users\Anya\AppData\Roaming\WTablet

< %APPDATA%\*.exe /s >

[2011/07/07 19:12:53 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Anya\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011/07/20 17:17:03 | 000,010,134 | R--- | M] () -- C:\Users\Anya\AppData\Roaming\Microsoft\Installer\{0FA0F736-0851-C84A-08AE-D2F39C188B83}\ARPPRODUCTICON.exe

[2012/02/23 00:12:58 | 000,010,134 | R--- | M] () -- C:\Users\Anya\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

[2012/02/10 15:03:40 | 055,252,360 | ---- | M] (Dell Inc) -- C:\Users\Anya\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5907_23_64_01.exe

[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Anya\AppData\Roaming\PCDr\Update\Rules\0182fa95-4d0d-4d71-ab11-4f5178f4ca01\au_5899_rules\AddCertificate.exe

[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Anya\AppData\Roaming\PCDr\Update\Rules\15295be9-2c66-46e4-a37f-9e0d4e3a0d17\au_5899_rules\AddCertificate.exe

[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Anya\AppData\Roaming\PCDr\Update\Rules\192778e5-edb4-47ca-afa4-6280e7198ac0\au_5899_rules\AddCertificate.exe

[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Anya\AppData\Roaming\PCDr\Update\Rules\3b8d6997-b306-47af-a259-44a1732f4864\au_5899_rules\AddCertificate.exe

[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Anya\AppData\Roaming\PCDr\Update\Rules\73f07bfc-39d5-48a5-b33b-59bb620a6382\au_5899_rules\AddCertificate.exe

[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Anya\AppData\Roaming\PCDr\Update\Rules\8cad5d92-2bbb-40c5-a7e8-ad7af164afce\au_5899_rules\AddCertificate.exe

[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Anya\AppData\Roaming\PCDr\Update\Rules\9c1b5a0d-a22b-4aad-912d-2c4025f6d374\au_5899_rules\AddCertificate.exe

[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Anya\AppData\Roaming\PCDr\Update\Rules\a1b360a0-051a-4bb7-8477-471704178f2b\au_5899_rules\AddCertificate.exe

[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Anya\AppData\Roaming\PCDr\Update\Rules\ac973da1-c156-400e-a9e3-d7d01beb251c\au_5899_rules\AddCertificate.exe

[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Anya\AppData\Roaming\PCDr\Update\Rules\c07cd628-4b52-4c3e-90fb-ee71fb0e1473\au_5899_rules\AddCertificate.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys

[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys

[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys

[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys

[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: BEEP.SYS >

[2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\windows\SysNative\drivers\beep.sys

[2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

< MD5 for: CNGAUDIT.DLL >

[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll

[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll

[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll

[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >

[2010/11/06 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\windows\SysNative\drivers\iaStor.sys

[2010/11/06 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys

[2010/11/06 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_05602dde0a28e7f4\iaStor.sys

< MD5 for: IASTORV.SYS >

[2010/11/20 06:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010/11/20 06:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2010/05/12 01:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys

[2011/03/10 23:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011/03/10 23:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys

[2011/03/10 23:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011/03/10 23:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011/03/10 23:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011/03/10 23:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

[2010/05/12 01:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2009/07/13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010/11/20 06:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll

[2010/11/20 06:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll

[2010/11/20 06:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010/11/20 05:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll

[2010/11/20 05:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010/11/20 05:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2010/05/12 01:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys

[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011/03/10 23:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011/03/10 23:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2010/05/12 01:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys

[2011/03/10 23:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011/03/10 23:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys

[2011/03/10 23:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/10 23:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010/11/20 06:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/20 06:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >

[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009/07/13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010/11/20 05:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll

[2010/11/20 05:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010/11/20 05:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010/11/20 06:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll

[2010/11/20 06:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll

[2010/11/20 06:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SVCHOST.EXE >

[2009/07/13 18:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\Windows\svchost.exe

[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe

[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe

[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe

[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: THEMEUI.DLL >

[2010/11/20 06:27:26 | 002,851,840 | ---- | M] (Microsoft Corporation) MD5=2C647ABE9A424E55B5F3DAE4629B4277 -- C:\windows\SysNative\themeui.dll

[2010/11/20 06:27:26 | 002,851,840 | ---- | M] (Microsoft Corporation) MD5=2C647ABE9A424E55B5F3DAE4629B4277 -- C:\Windows\winsxs\amd64_microsoft-windows-themeui_31bf3856ad364e35_6.1.7601.17514_none_e3249be23220b37c\themeui.dll

[2010/11/20 05:21:30 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=5992A9DF57FD5E6960FDCC2DB69867F7 -- C:\Windows\SysWOW64\themeui.dll

[2010/11/20 05:21:30 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=5992A9DF57FD5E6960FDCC2DB69867F7 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.1.7601.17514_none_8706005e79c34246\themeui.dll

[2009/07/13 18:41:55 | 002,851,328 | ---- | M] (Microsoft Corporation) MD5=740304CDCAA54E4312DEDA7F288CEB06 -- C:\Windows\winsxs\amd64_microsoft-windows-themeui_31bf3856ad364e35_6.1.7600.16385_none_e0f3881a35322fe2\themeui.dll

[2009/07/13 18:16:16 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=BA25800813148F910A600B6DE1F78B2B -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.1.7600.16385_none_84d4ec967cd4beac\themeui.dll

< MD5 for: USERINIT.EXE >

[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe

[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe

[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe

[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

Maurice Naggar · February 24, 2012

Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
*****************************************************************
:processes
killallprocesses
:files
C:\Windows\svchost.exe
C:\Windows\svchost(2).exe
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
*****************************************************************
Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
Close any browser(s) windows that may be open.
Using your mouse, click on the red-lettered button Run Fix.
Once you see a message box "Fix complete! Click OK to open the fix log."
Click the OK button
The log will open in Notepad (your default text editor).
Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

Disable your antivirus program (Trend Micro)

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Download, Save, then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

When done, re-enable your anti-virus program.

Tell me, How is your system now?

jtenman · February 24, 2012

File contents below. I ran a quick scan with MS Safety scanner and it didn't find anything, however Malwarebytes still found the issue with svchost.exe. I'm running a full scan with MS Safety scanner now but must go to work so won't know the results until later.

All processes killed

========== PROCESSES ==========

========== FILES ==========

C:\Windows\svchost.exe moved successfully.

File\Folder C:\Windows\svchost(2).exe not found.

========== COMMANDS ==========

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Anya

->Temp folder emptied: 110585499 bytes

->Temporary Internet Files folder emptied: 30933382 bytes

->Java cache emptied: 113268 bytes

->FireFox cache emptied: 604019367 bytes

->Google Chrome cache emptied: 47372174 bytes

->Flash cache emptied: 110423 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56468 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 625845181 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes

RecycleBin emptied: 222696 bytes

Total Files Cleaned = 1,354.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Anya

->Flash cache emptied: 0 bytes

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.33.2 log created on 02242012_051648

Files\Folders moved on Reboot...

C:\Users\Anya\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot.

Registry entries deleted on Reboot...

jtenman · February 25, 2012

Still infected.

Maurice Naggar · February 25, 2012

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for jtenman only. If you are a casual viewer, do NOT try this on your system!

If you are not jtenman and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Given you are running Windows 7, please remember that on most all tools you'll need to start them by Right-clicking, selecting Run as Administrator, AND allowing them to run at UAC prompt!

Let's have you run some additional diagnostic tools. Do as much as you can:

Step 1

Go to Start button > Select RUN > type in

CMD

and press Enter-key

Copy and Paste or type the exact (entire) contents of Code box

ipconfig /flushdns

and press Enter-key

Close Command prompt window

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 3

Please read carefully and follow these steps.

Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have (if you have).
Download TDSSKiller and save it to your Desktop.
RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
Then press Start Scan

When the scan is done, it will display a summary screen.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 4

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 5

Close all non-essential programs & windows that you have open.

Go here and download & SAVE Silent Runners.vbs (use IE to download it) to a new folder on your drive and run it. It generates a log too {name will start with "Startup Programs". It takes a minute or two and it will notify you with a popup when your log is ready (it will be in the new folder you created). Please post the information back in this thread. If your AV queries the script, allow it to run. It's not malicious. It simply generates a report on your system, and does not do any cleanup.

Step 6

Reply with copy of contents of aswmbr log,

the TDSSKILLER log,

the GMER log,

the Silent Runners log,

also provide an update on current status (eg, are things better, or are you still in Safe Mode with Networking)

jtenman · February 25, 2012

I'm not in Safe Mode, but still every time I boot up Malwarebytes is finding the svchost.exe issue and is still unable to remove it. Logs are below:

aswmbr:

Run date: 2012-02-25 07:14:44

-----------------------------

07:14:44.456 OS Version: Windows x64 6.1.7601 Service Pack 1

07:14:44.456 Number of processors: 4 586 0x2A07

07:14:44.458 ComputerName: ANYA-PC UserName: Anya

07:14:51.599 Initialize success

07:15:54.441 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

07:15:54.446 Disk 0 Vendor: ST250LT0 0001 Size: 238475MB BusType: 3

07:15:54.452 Device \Driver\iaStor -> MajorFunction fffffa80066565c4

07:15:54.459 Disk 0 MBR read successfully

07:15:54.464 Disk 0 MBR scan

07:15:54.472 Disk 0 Windows 7 default MBR code

07:15:54.495 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048

07:15:54.501 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848

07:15:54.519 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223373 MB offset 30926848

07:15:54.561 Disk 0 scanning C:\windows\system32\drivers

07:16:13.764 Service scanning

07:16:33.300 Modules scanning

07:16:33.318 Scan finished successfully

07:17:02.810 Disk 0 MBR has been saved successfully to "C:\Users\Anya\Desktop\Fixes\MBR.dat"

07:17:02.867 The log file has been saved successfully to "C:\Users\Anya\Desktop\Fixes\aswMBR.txt"

----------------------------EOF---------------------------------------

TDSSKILLER:

07:17:30.0862 12456 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49

07:17:31.0345 12456 ============================================================

07:17:31.0346 12456 Current date / time: 2012/02/25 07:17:31.0345

07:17:31.0346 12456 SystemInfo:

07:17:31.0346 12456

07:17:31.0346 12456 OS Version: 6.1.7601 ServicePack: 1.0

07:17:31.0346 12456 Product type: Workstation

07:17:31.0346 12456 ComputerName: ANYA-PC

07:17:31.0346 12456 UserName: Anya

07:17:31.0346 12456 Windows directory: C:\windows

07:17:31.0346 12456 System windows directory: C:\windows

07:17:31.0346 12456 Running under WOW64

07:17:31.0347 12456 Processor architecture: Intel x64

07:17:31.0347 12456 Number of processors: 4

07:17:31.0347 12456 Page size: 0x1000

07:17:31.0347 12456 Boot type: Normal boot

07:17:31.0347 12456 ============================================================

07:17:32.0203 12456 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

07:17:32.0207 12456 \Device\Harddisk0\DR0:

07:17:32.0207 12456 MBR used

07:17:32.0207 12456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

07:17:32.0207 12456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x1B446970

07:17:32.0259 12456 Initialize success

07:17:32.0260 12456 ============================================================

07:18:04.0867 12440 ============================================================

07:18:04.0867 12440 Scan started

07:18:04.0867 12440 Mode: Manual; SigCheck; TDLFS;

07:18:04.0867 12440 ============================================================

07:18:05.0977 12440 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

07:18:06.0273 12440 1394ohci - ok

07:18:06.0322 12440 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\windows\system32\DRIVERS\Accelern.sys

07:18:06.0417 12440 Acceler - ok

07:18:06.0502 12440 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

07:18:06.0535 12440 ACPI - ok

07:18:06.0599 12440 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

07:18:06.0765 12440 AcpiPmi - ok

07:18:06.0835 12440 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

07:18:06.0884 12440 adp94xx - ok

07:18:06.0933 12440 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

07:18:06.0958 12440 adpahci - ok

07:18:06.0990 12440 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

07:18:07.0015 12440 adpu320 - ok

07:18:07.0106 12440 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

07:18:07.0242 12440 AFD - ok

07:18:07.0285 12440 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

07:18:07.0308 12440 agp440 - ok

07:18:07.0394 12440 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

07:18:07.0417 12440 aliide - ok

07:18:07.0484 12440 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

07:18:07.0497 12440 amdide - ok

07:18:07.0573 12440 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

07:18:07.0942 12440 AmdK8 - ok

07:18:07.0960 12440 Scan interrupted by user!

07:18:07.0960 12440 ============================================================

07:18:07.0960 12440 Scan finished

07:18:07.0960 12440 ============================================================

07:18:07.0975 34092 Detected object count: 0

07:18:07.0976 34092 Actual detected object count: 0

07:18:14.0235 15288 ============================================================

07:18:14.0235 15288 Scan started

07:18:14.0235 15288 Mode: Manual; SigCheck; TDLFS;

07:18:14.0235 15288 ============================================================

07:18:14.0530 15288 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

07:18:14.0580 15288 1394ohci - ok

07:18:14.0635 15288 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\windows\system32\DRIVERS\Accelern.sys

07:18:14.0657 15288 Acceler - ok

07:18:14.0724 15288 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

07:18:14.0756 15288 ACPI - ok

07:18:14.0788 15288 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

07:18:14.0800 15288 AcpiPmi - ok

07:18:14.0830 15288 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

07:18:14.0842 15288 adp94xx - ok

07:18:14.0890 15288 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

07:18:14.0910 15288 adpahci - ok

07:18:14.0925 15288 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

07:18:14.0934 15288 adpu320 - ok

07:18:15.0001 15288 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

07:18:15.0015 15288 AFD - ok

07:18:15.0085 15288 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

07:18:15.0108 15288 agp440 - ok

07:18:15.0161 15288 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

07:18:15.0183 15288 aliide - ok

07:18:15.0236 15288 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

07:18:15.0258 15288 amdide - ok

07:18:15.0301 15288 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

07:18:15.0327 15288 AmdK8 - ok

07:18:15.0526 15288 amdkmdag (2f24f1bc9c9f3f09c10d3373c2ef65c4) C:\windows\system32\DRIVERS\atikmdag.sys

07:18:15.0919 15288 amdkmdag - ok

07:18:16.0011 15288 amdkmdap (66ec81a7711e52431d34ab5c9166b8b1) C:\windows\system32\DRIVERS\atikmpag.sys

07:18:16.0092 15288 amdkmdap - ok

07:18:16.0121 15288 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

07:18:16.0144 15288 AmdPPM - ok

07:18:16.0207 15288 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

07:18:16.0232 15288 amdsata - ok

07:18:16.0269 15288 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

07:18:16.0302 15288 amdsbs - ok

07:18:16.0349 15288 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

07:18:16.0371 15288 amdxata - ok

07:18:16.0420 15288 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys

07:18:16.0458 15288 ApfiltrService - ok

07:18:16.0526 15288 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

07:18:16.0730 15288 AppID - ok

07:18:16.0802 15288 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

07:18:16.0825 15288 arc - ok

07:18:16.0836 15288 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

07:18:16.0844 15288 arcsas - ok

07:18:16.0854 15288 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

07:18:16.0895 15288 AsyncMac - ok

07:18:16.0950 15288 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

07:18:16.0971 15288 atapi - ok

07:18:17.0018 15288 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

07:18:17.0136 15288 b06bdrv - ok

07:18:17.0188 15288 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

07:18:17.0232 15288 b57nd60a - ok

07:18:17.0265 15288 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

07:18:17.0337 15288 Beep - ok

07:18:17.0407 15288 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

07:18:17.0442 15288 blbdrive - ok

07:18:17.0535 15288 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

07:18:17.0572 15288 bowser - ok

07:18:17.0609 15288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

07:18:17.0687 15288 BrFiltLo - ok

07:18:17.0699 15288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

07:18:17.0723 15288 BrFiltUp - ok

07:18:17.0771 15288 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys

07:18:17.0826 15288 BridgeMP - ok

07:18:17.0854 15288 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

07:18:17.0936 15288 Brserid - ok

07:18:17.0959 15288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

07:18:17.0990 15288 BrSerWdm - ok

07:18:18.0002 15288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

07:18:18.0029 15288 BrUsbMdm - ok

07:18:18.0041 15288 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

07:18:18.0054 15288 BrUsbSer - ok

07:18:18.0130 15288 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys

07:18:18.0214 15288 BthEnum - ok

07:18:18.0265 15288 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

07:18:18.0299 15288 BTHMODEM - ok

07:18:18.0329 15288 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys

07:18:18.0373 15288 BthPan - ok

07:18:18.0412 15288 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys

07:18:18.0471 15288 BTHPORT - ok

07:18:18.0506 15288 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys

07:18:18.0528 15288 BTHUSB - ok

07:18:18.0551 15288 btmaux (16c1bac9760c9fa85a30f3fa0fbb1b7a) C:\windows\system32\DRIVERS\btmaux.sys

07:18:18.0570 15288 btmaux - ok

07:18:18.0616 15288 btmhsf (0c468d8da95be16bfdd380bb9de88259) C:\windows\system32\DRIVERS\btmhsf.sys

07:18:18.0677 15288 btmhsf - ok

07:18:18.0705 15288 catchme - ok

07:18:18.0746 15288 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

07:18:18.0782 15288 cdfs - ok

07:18:18.0841 15288 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

07:18:18.0899 15288 cdrom - ok

07:18:18.0956 15288 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

07:18:18.0987 15288 circlass - ok

07:18:19.0029 15288 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

07:18:19.0051 15288 CLFS - ok

07:18:19.0105 15288 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

07:18:19.0136 15288 CmBatt - ok

07:18:19.0184 15288 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

07:18:19.0205 15288 cmdide - ok

07:18:19.0270 15288 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

07:18:19.0303 15288 CNG - ok

07:18:19.0331 15288 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

07:18:19.0337 15288 Compbatt - ok

07:18:19.0389 15288 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

07:18:19.0442 15288 CompositeBus - ok

07:18:19.0481 15288 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

07:18:19.0496 15288 crcdisk - ok

07:18:19.0559 15288 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\windows\system32\DRIVERS\CtClsFlt.sys

07:18:19.0618 15288 CtClsFlt - ok

07:18:19.0696 15288 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

07:18:19.0774 15288 DfsC - ok

07:18:19.0803 15288 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

07:18:19.0831 15288 discache - ok

07:18:19.0869 15288 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

07:18:19.0892 15288 Disk - ok

07:18:19.0941 15288 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

07:18:19.0961 15288 drmkaud - ok

07:18:20.0025 15288 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

07:18:20.0076 15288 DXGKrnl - ok

07:18:20.0161 15288 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

07:18:20.0248 15288 ebdrv - ok

07:18:20.0298 15288 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

07:18:20.0352 15288 elxstor - ok

07:18:20.0400 15288 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

07:18:20.0479 15288 ErrDev - ok

07:18:20.0539 15288 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

07:18:20.0585 15288 exfat - ok

07:18:20.0609 15288 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

07:18:20.0639 15288 fastfat - ok

07:18:20.0663 15288 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

07:18:20.0694 15288 fdc - ok

07:18:20.0727 15288 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

07:18:20.0754 15288 FileInfo - ok

07:18:20.0771 15288 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

07:18:20.0831 15288 Filetrace - ok

07:18:20.0842 15288 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

07:18:20.0853 15288 flpydisk - ok

07:18:20.0915 15288 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

07:18:20.0926 15288 FltMgr - ok

07:18:20.0958 15288 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

07:18:20.0966 15288 FsDepends - ok

07:18:20.0985 15288 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

07:18:20.0995 15288 Fs_Rec - ok

07:18:21.0037 15288 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

07:18:21.0052 15288 fvevol - ok

07:18:21.0075 15288 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

07:18:21.0102 15288 gagp30kx - ok

07:18:21.0145 15288 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

07:18:21.0152 15288 GEARAspiWDM - ok

07:18:21.0207 15288 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

07:18:21.0284 15288 hcw85cir - ok

07:18:21.0348 15288 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

07:18:21.0403 15288 HdAudAddService - ok

07:18:21.0465 15288 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

07:18:21.0509 15288 HDAudBus - ok

07:18:21.0539 15288 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

07:18:21.0548 15288 HidBatt - ok

07:18:21.0596 15288 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

07:18:21.0636 15288 HidBth - ok

07:18:21.0647 15288 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

07:18:21.0664 15288 HidIr - ok

07:18:21.0704 15288 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

07:18:21.0714 15288 HidUsb - ok

07:18:21.0766 15288 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

07:18:21.0774 15288 HpSAMD - ok

07:18:21.0841 15288 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

07:18:21.0883 15288 HTTP - ok

07:18:21.0926 15288 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

07:18:21.0953 15288 hwpolicy - ok

07:18:22.0017 15288 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys

07:18:22.0045 15288 i8042prt - ok

07:18:22.0083 15288 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys

07:18:22.0095 15288 iaStor - ok

07:18:22.0168 15288 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

07:18:22.0197 15288 iaStorV - ok

07:18:22.0231 15288 iBtFltCoex (fc85972037815fa7b413e790b426acb2) C:\windows\system32\DRIVERS\iBtFltCoex.sys

07:18:22.0260 15288 iBtFltCoex - ok

07:18:22.0505 15288 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\windows\system32\DRIVERS\igdkmd64.sys

07:18:22.0880 15288 igfx - ok

07:18:22.0919 15288 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

07:18:22.0941 15288 iirsp - ok

07:18:23.0004 15288 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys

07:18:23.0037 15288 IntcDAud - ok

07:18:23.0079 15288 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

07:18:23.0099 15288 intelide - ok

07:18:23.0369 15288 intelkmd (795c99dc4f574c97c03d0bb39cf099ee) C:\windows\system32\DRIVERS\igdpmd64.sys

07:18:23.0617 15288 intelkmd - ok

07:18:23.0664 15288 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

07:18:23.0697 15288 intelppm - ok

07:18:23.0764 15288 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

07:18:23.0811 15288 IpFilterDriver - ok

07:18:23.0855 15288 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

07:18:23.0896 15288 IPMIDRV - ok

07:18:23.0933 15288 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

07:18:23.0983 15288 IPNAT - ok

07:18:24.0013 15288 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

07:18:24.0103 15288 IRENUM - ok

07:18:24.0192 15288 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

07:18:24.0214 15288 isapnp - ok

07:18:24.0281 15288 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

07:18:24.0312 15288 iScsiPrt - ok

07:18:24.0376 15288 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

07:18:24.0398 15288 kbdclass - ok

07:18:24.0412 15288 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys

07:18:24.0423 15288 kbdhid - ok

07:18:24.0473 15288 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

07:18:24.0495 15288 KSecDD - ok

07:18:24.0543 15288 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

07:18:24.0566 15288 KSecPkg - ok

07:18:24.0596 15288 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

07:18:24.0645 15288 ksthunk - ok

07:18:24.0690 15288 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

07:18:24.0725 15288 lltdio - ok

07:18:24.0769 15288 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

07:18:24.0777 15288 LSI_FC - ok

07:18:24.0800 15288 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

07:18:24.0808 15288 LSI_SAS - ok

07:18:24.0851 15288 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

07:18:24.0858 15288 LSI_SAS2 - ok

07:18:24.0883 15288 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

07:18:24.0908 15288 LSI_SCSI - ok

07:18:24.0932 15288 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

07:18:24.0965 15288 luafv - ok

07:18:25.0012 15288 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys

07:18:25.0027 15288 MBAMProtector - ok

07:18:25.0076 15288 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

07:18:25.0098 15288 megasas - ok

07:18:25.0150 15288 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

07:18:25.0176 15288 MegaSR - ok

07:18:25.0242 15288 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\windows\system32\DRIVERS\HECIx64.sys

07:18:25.0261 15288 MEIx64 - ok

07:18:25.0297 15288 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

07:18:25.0355 15288 Modem - ok

07:18:25.0374 15288 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

07:18:25.0397 15288 monitor - ok

07:18:25.0440 15288 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

07:18:25.0462 15288 mouclass - ok

07:18:25.0491 15288 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

07:18:25.0527 15288 mouhid - ok

07:18:25.0568 15288 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

07:18:25.0589 15288 mountmgr - ok

07:18:25.0636 15288 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

07:18:25.0658 15288 mpio - ok

07:18:25.0679 15288 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

07:18:25.0708 15288 mpsdrv - ok

07:18:25.0753 15288 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

07:18:25.0847 15288 MRxDAV - ok

07:18:25.0898 15288 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

07:18:25.0963 15288 mrxsmb - ok

07:18:26.0020 15288 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

07:18:26.0075 15288 mrxsmb10 - ok

07:18:26.0130 15288 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

07:18:26.0160 15288 mrxsmb20 - ok

07:18:26.0216 15288 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

07:18:26.0237 15288 msahci - ok

07:18:26.0283 15288 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

07:18:26.0306 15288 msdsm - ok

07:18:26.0348 15288 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

07:18:26.0376 15288 Msfs - ok

07:18:26.0399 15288 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

07:18:26.0438 15288 mshidkmdf - ok

07:18:26.0458 15288 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

07:18:26.0465 15288 msisadrv - ok

07:18:26.0487 15288 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

07:18:26.0526 15288 MSKSSRV - ok

07:18:26.0548 15288 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

07:18:26.0583 15288 MSPCLOCK - ok

07:18:26.0615 15288 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

07:18:26.0676 15288 MSPQM - ok

07:18:26.0735 15288 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

07:18:26.0759 15288 MsRPC - ok

07:18:26.0804 15288 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

07:18:26.0811 15288 mssmbios - ok

07:18:26.0835 15288 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

07:18:26.0912 15288 MSTEE - ok

07:18:26.0922 15288 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

07:18:26.0947 15288 MTConfig - ok

07:18:26.0972 15288 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

07:18:26.0995 15288 Mup - ok

07:18:27.0057 15288 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

07:18:27.0100 15288 NativeWifiP - ok

07:18:27.0166 15288 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys

07:18:27.0238 15288 NDIS - ok

07:18:27.0269 15288 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

07:18:27.0314 15288 NdisCap - ok

07:18:27.0336 15288 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

07:18:27.0399 15288 NdisTapi - ok

07:18:27.0452 15288 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

07:18:27.0512 15288 Ndisuio - ok

07:18:27.0558 15288 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

07:18:27.0609 15288 NdisWan - ok

07:18:27.0652 15288 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

07:18:27.0702 15288 NDProxy - ok

07:18:27.0738 15288 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

07:18:27.0788 15288 NetBIOS - ok

07:18:27.0841 15288 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

07:18:27.0884 15288 NetBT - ok

07:18:28.0096 15288 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\windows\system32\DRIVERS\NETwNs64.sys

07:18:28.0302 15288 NETwNs64 - ok

07:18:28.0352 15288 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

07:18:28.0375 15288 nfrd960 - ok

07:18:28.0404 15288 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

07:18:28.0442 15288 Npfs - ok

07:18:28.0465 15288 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

07:18:28.0504 15288 nsiproxy - ok

07:18:28.0585 15288 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

07:18:28.0651 15288 Ntfs - ok

07:18:28.0683 15288 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

07:18:28.0716 15288 Null - ok

07:18:28.0756 15288 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\DRIVERS\nusb3hub.sys

07:18:28.0798 15288 nusb3hub - ok

07:18:28.0840 15288 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\DRIVERS\nusb3xhc.sys

07:18:28.0881 15288 nusb3xhc - ok

07:18:28.0936 15288 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

07:18:28.0963 15288 nvraid - ok

07:18:28.0994 15288 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

07:18:29.0003 15288 nvstor - ok

07:18:29.0049 15288 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

07:18:29.0074 15288 nv_agp - ok

07:18:29.0129 15288 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

07:18:29.0196 15288 ohci1394 - ok

07:18:29.0243 15288 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

07:18:29.0274 15288 Parport - ok

07:18:29.0320 15288 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

07:18:29.0345 15288 partmgr - ok

07:18:29.0435 15288 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms

07:18:29.0470 15288 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok

07:18:29.0517 15288 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

07:18:29.0545 15288 pci - ok

07:18:29.0583 15288 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

07:18:29.0604 15288 pciide - ok

07:18:29.0635 15288 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

07:18:29.0665 15288 pcmcia - ok

07:18:29.0686 15288 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

07:18:29.0695 15288 pcw - ok

07:18:29.0721 15288 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

07:18:29.0825 15288 PEAUTH - ok

07:18:29.0917 15288 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

07:18:29.0981 15288 PptpMiniport - ok

07:18:30.0008 15288 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

07:18:30.0054 15288 Processor - ok

07:18:30.0120 15288 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

07:18:30.0186 15288 Psched - ok

07:18:30.0275 15288 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

07:18:30.0359 15288 ql2300 - ok

07:18:30.0385 15288 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

07:18:30.0411 15288 ql40xx - ok

07:18:30.0458 15288 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

07:18:30.0504 15288 QWAVEdrv - ok

07:18:30.0536 15288 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

07:18:30.0583 15288 RasAcd - ok

07:18:30.0639 15288 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

07:18:30.0697 15288 RasAgileVpn - ok

07:18:30.0749 15288 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

07:18:30.0814 15288 Rasl2tp - ok

07:18:30.0836 15288 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

07:18:30.0870 15288 RasPppoe - ok

07:18:30.0900 15288 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

07:18:30.0928 15288 RasSstp - ok

07:18:30.0994 15288 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

07:18:31.0116 15288 rdbss - ok

07:18:31.0139 15288 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

07:18:31.0151 15288 rdpbus - ok

07:18:31.0168 15288 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

07:18:31.0196 15288 RDPCDD - ok

07:18:31.0228 15288 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

07:18:31.0296 15288 RDPENCDD - ok

07:18:31.0318 15288 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

07:18:31.0345 15288 RDPREFMP - ok

07:18:31.0388 15288 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys

07:18:31.0469 15288 RDPWD - ok

07:18:31.0535 15288 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

07:18:31.0562 15288 rdyboost - ok

07:18:31.0639 15288 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys

07:18:31.0678 15288 RFCOMM - ok

07:18:31.0727 15288 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

07:18:31.0799 15288 rspndr - ok

07:18:31.0851 15288 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys

07:18:31.0880 15288 RSUSBSTOR - ok

07:18:31.0919 15288 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\windows\system32\DRIVERS\Rt64win7.sys

07:18:31.0947 15288 RTL8167 - ok

07:18:32.0000 15288 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

07:18:32.0025 15288 sbp2port - ok

07:18:32.0073 15288 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

07:18:32.0136 15288 scfilter - ok

07:18:32.0168 15288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

07:18:32.0228 15288 secdrv - ok

07:18:32.0249 15288 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

07:18:32.0272 15288 Serenum - ok

07:18:32.0299 15288 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

07:18:32.0320 15288 Serial - ok

07:18:32.0363 15288 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

07:18:32.0395 15288 sermouse - ok

07:18:32.0451 15288 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

07:18:32.0497 15288 sffdisk - ok

07:18:32.0511 15288 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

07:18:32.0523 15288 sffp_mmc - ok

07:18:32.0533 15288 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

07:18:32.0556 15288 sffp_sd - ok

07:18:32.0576 15288 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

07:18:32.0606 15288 sfloppy - ok

07:18:32.0628 15288 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

07:18:32.0635 15288 SiSRaid2 - ok

07:18:32.0646 15288 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

07:18:32.0654 15288 SiSRaid4 - ok

07:18:32.0701 15288 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

07:18:32.0757 15288 Smb - ok

07:18:32.0788 15288 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

07:18:32.0796 15288 spldr - ok

07:18:32.0858 15288 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

07:18:32.0941 15288 srv - ok

07:18:32.0977 15288 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

07:18:33.0015 15288 srv2 - ok

07:18:33.0070 15288 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

07:18:33.0098 15288 srvnet - ok

07:18:33.0157 15288 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\windows\system32\DRIVERS\stdcfltn.sys

07:18:33.0170 15288 stdcfltn - ok

07:18:33.0202 15288 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

07:18:33.0220 15288 stexstor - ok

07:18:33.0369 15288 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\windows\system32\DRIVERS\stwrt64.sys

07:18:33.0444 15288 STHDA - ok

07:18:33.0512 15288 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

07:18:33.0534 15288 swenum - ok

07:18:33.0650 15288 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys

07:18:33.0730 15288 Tcpip - ok

07:18:33.0772 15288 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys

07:18:33.0802 15288 TCPIP6 - ok

07:18:33.0850 15288 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

07:18:33.0908 15288 tcpipreg - ok

07:18:33.0937 15288 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

07:18:33.0971 15288 TDPIPE - ok

07:18:33.0981 15288 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

07:18:34.0015 15288 TDTCP - ok

07:18:34.0061 15288 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

07:18:34.0117 15288 tdx - ok

07:18:34.0182 15288 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

07:18:34.0205 15288 TermDD - ok

07:18:34.0354 15288 TmFilter (8b97ba7e28bd39a2bc4a2bb66a83fec0) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys

07:18:34.0387 15288 TmFilter - ok

07:18:34.0430 15288 tmlwf (b5c00fc8786a237937c33aabee68ca26) C:\windows\system32\DRIVERS\tmlwf.sys

07:18:34.0452 15288 tmlwf - ok

07:18:34.0483 15288 TmPreFilter (1889f49a828b1cf0e2866cdd325875b0) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys

07:18:34.0489 15288 TmPreFilter - ok

07:18:34.0522 15288 tmtdi (a42e6780c52b248af54c6010a9a93384) C:\windows\system32\DRIVERS\tmtdi.sys

07:18:34.0539 15288 tmtdi - ok

07:18:34.0563 15288 tmwfp (5d38c32a4b093bc8190cf3fb9078c9cd) C:\windows\system32\DRIVERS\tmwfp.sys

07:18:34.0573 15288 tmwfp - ok

07:18:34.0627 15288 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

07:18:34.0711 15288 tssecsrv - ok

07:18:34.0768 15288 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

07:18:34.0837 15288 TsUsbFlt - ok

07:18:34.0898 15288 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

07:18:34.0981 15288 tunnel - ok

07:18:35.0014 15288 TurboB (fd24f98d2898be093fe926604be7db99) C:\windows\system32\DRIVERS\TurboB.sys

07:18:35.0033 15288 TurboB - ok

07:18:35.0067 15288 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

07:18:35.0090 15288 uagp35 - ok

07:18:35.0139 15288 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

07:18:35.0221 15288 udfs - ok

07:18:35.0267 15288 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

07:18:35.0276 15288 uliagpkx - ok

07:18:35.0341 15288 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys

07:18:35.0381 15288 umbus - ok

07:18:35.0412 15288 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

07:18:35.0461 15288 UmPass - ok

07:18:35.0520 15288 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys

07:18:35.0582 15288 USBAAPL64 - ok

07:18:35.0630 15288 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

07:18:35.0705 15288 usbccgp - ok

07:18:35.0769 15288 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

07:18:35.0819 15288 usbcir - ok

07:18:35.0869 15288 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys

07:18:35.0910 15288 usbehci - ok

07:18:35.0944 15288 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

07:18:35.0987 15288 usbhub - ok

07:18:36.0038 15288 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

07:18:36.0070 15288 usbohci - ok

07:18:36.0109 15288 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

07:18:36.0138 15288 usbprint - ok

07:18:36.0193 15288 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

07:18:36.0242 15288 usbscan - ok

07:18:36.0286 15288 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

07:18:36.0361 15288 USBSTOR - ok

07:18:36.0386 15288 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

07:18:36.0409 15288 usbuhci - ok

07:18:36.0476 15288 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys

07:18:36.0508 15288 usbvideo - ok

07:18:36.0577 15288 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

07:18:36.0599 15288 vdrvroot - ok

07:18:36.0637 15288 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

07:18:36.0648 15288 vga - ok

07:18:36.0671 15288 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

07:18:36.0725 15288 VgaSave - ok

07:18:36.0752 15288 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

07:18:36.0761 15288 vhdmp - ok

07:18:36.0798 15288 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

07:18:36.0807 15288 viaide - ok

07:18:36.0836 15288 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

07:18:36.0847 15288 volmgr - ok

07:18:36.0891 15288 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

07:18:36.0925 15288 volmgrx - ok

07:18:36.0950 15288 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

07:18:36.0981 15288 volsnap - ok

07:18:37.0121 15288 VSApiNt (3a5862d9a4fe4bbb2ffa1700e2b21b9b) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys

07:18:37.0210 15288 VSApiNt - ok

07:18:37.0241 15288 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

07:18:37.0252 15288 vsmraid - ok

07:18:37.0278 15288 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

07:18:37.0316 15288 vwifibus - ok

07:18:37.0349 15288 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

07:18:37.0406 15288 vwififlt - ok

07:18:37.0434 15288 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

07:18:37.0467 15288 vwifimp - ok

07:18:37.0529 15288 wacmoumonitor (f39fc224758290a3193c68c091e6f11a) C:\windows\system32\DRIVERS\wacmoumonitor.sys

07:18:37.0546 15288 wacmoumonitor - ok

07:18:37.0593 15288 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\windows\system32\DRIVERS\wacommousefilter.sys

07:18:37.0611 15288 wacommousefilter - ok

07:18:37.0623 15288 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

07:18:37.0632 15288 WacomPen - ok

07:18:37.0647 15288 wacomvhid (bb9d431c8d025ba13e60adddcff04f1a) C:\windows\system32\DRIVERS\wacomvhid.sys

07:18:37.0651 15288 wacomvhid - ok

07:18:37.0671 15288 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\windows\system32\DRIVERS\WacomVKHid.sys

07:18:37.0676 15288 WacomVKHid - ok

07:18:37.0738 15288 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

07:18:37.0806 15288 WANARP - ok

07:18:37.0829 15288 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

07:18:37.0855 15288 Wanarpv6 - ok

07:18:37.0941 15288 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

07:18:37.0961 15288 Wd - ok

07:18:38.0022 15288 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

07:18:38.0069 15288 Wdf01000 - ok

07:18:38.0115 15288 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\windows\system32\DRIVERS\WDKMD.sys

07:18:38.0122 15288 wdkmd - ok

07:18:38.0185 15288 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

07:18:38.0231 15288 WfpLwf - ok

07:18:38.0243 15288 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

07:18:38.0250 15288 WIMMount - ok

07:18:38.0328 15288 WinUSB (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUSB.sys

07:18:38.0367 15288 WinUSB - ok

07:18:38.0426 15288 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

07:18:38.0453 15288 WmiAcpi - ok

07:18:38.0492 15288 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

07:18:38.0526 15288 ws2ifsl - ok

07:18:38.0582 15288 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

07:18:38.0643 15288 WudfPf - ok

07:18:38.0680 15288 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

07:18:38.0737 15288 WUDFRd - ok

07:18:38.0772 15288 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\windows\system32\DRIVERS\yk62x64.sys

07:18:38.0806 15288 yukonw7 - ok

07:18:38.0852 15288 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

07:18:38.0886 15288 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

07:18:38.0887 15288 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

07:18:38.0951 15288 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

07:18:38.0951 15288 \Device\Harddisk0\DR0 - detected TDSS File System (1)

07:18:38.0992 15288 Boot (0x1200) (de4cfc9a6bceac4db23f9f39b2598578) \Device\Harddisk0\DR0\Partition0

07:18:38.0995 15288 \Device\Harddisk0\DR0\Partition0 - ok

07:18:39.0010 15288 Boot (0x1200) (96dadf33db005bf5e0ed646c868140be) \Device\Harddisk0\DR0\Partition1

07:18:39.0014 15288 \Device\Harddisk0\DR0\Partition1 - ok

07:18:39.0015 15288 ============================================================

07:18:39.0015 15288 Scan finished

07:18:39.0015 15288 ============================================================

07:18:39.0031 18676 Detected object count: 2

07:18:39.0031 18676 Actual detected object count: 2

07:19:11.0604 18676 \Device\Harddisk0\DR0\# - copied to quarantine

07:19:11.0828 18676 \Device\Harddisk0\DR0 - copied to quarantine

07:19:12.0122 18676 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

07:19:12.0132 18676 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

07:19:12.0142 18676 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

07:19:12.0150 18676 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

07:19:12.0916 18676 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

07:19:12.0957 18676 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

07:19:13.0753 18676 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

07:19:13.0779 18676 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

07:19:13.0807 18676 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

07:19:13.0816 18676 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

07:19:13.0851 18676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

07:19:13.0858 18676 \Device\Harddisk0\DR0 - ok

07:19:13.0946 18676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

07:19:13.0948 18676 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

07:19:13.0948 18676 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

07:19:19.0337 23672 Deinitialize success

----------------------------EOF---------------------------------------

GMER:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-02-25 07:59:55

Windows 6.1.7601 Service Pack 1

Running: 9sqr5ckj.exe

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_tmlisten.exe_5ddc655937b816308e74a022976fdca9ff714964_1b0f8199 0 bytes

File C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_tmlisten.exe_5ddc655937b816308e74a022976fdca9ff714964_1b0f8199\Report.wer 13466 bytes

---- EOF - GMER 1.0.15 ----

Silent Runners:

"Silent Runners.vbs", revision 63, http://www.silentrunners.org/

Operating System: Windows 7 SP1

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]

"EA Core" = ""C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent" ["Electronic Arts"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Apoint" = "C:\Program Files\DellTPad\Apoint.exe" ["Alps Electric Co., Ltd."]

"IntelTBRunOnce" = "wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"" [MS]

"FreeFallProtection" = "C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [null data]

"IntelWireless" = ""C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray" ["Intel® Corporation"]

"BTMTrayAgent" = "rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp" [MS]

"DBRMTray" = "C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe" [null data]

"IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"]

"HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"]

"Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"]

"AdobeAAMUpdater-1.0" = ""C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"" ["Adobe Systems Incorporated"]

"SysTrayApp" = "C:\Program Files\IDT\WDM\sttray64.exe"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\(Default) = "Trend Micro NSC BHO"

-> {HKLM...CLSID} = "TmIEPlugInBHO Class"

\InProcServer32\(Default) = "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll" ["Trend Micro Inc."]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live ID Sign-in Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"

-> {HKLM...CLSID} = "SimpleShlExt Class"

\InProcServer32\(Default) = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll" ["Advanced Micro Devices, Inc."]

"{9D843851-50AA-46EE-829A-784DEBA4716C}" = "Bluetooth Property Page Extension"

-> {HKLM...CLSID} = "CPropertySheetExtension Object"

\InProcServer32\(Default) = "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll" ["Intel Corporation"]

"{B8DA2B41-7468-4E82-B62C-CB4A0C9158FE}" = "Bluetooth Context Menu Extension"

-> {HKLM...CLSID} = "CContextMenuHandler Object"

\InProcServer32\(Default) = "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll" ["Intel Corporation"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{872A9397-E0D6-4e28-B64D-52B8D0A7EA35}" = "Display CPL Extension"

-> {HKLM...CLSID} = "DisplayCplExt Class"

\InProcServer32\(Default) = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll" ["Advanced Micro Devices, Inc."]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\

<<!>> "Notification Packages" = "DPPassFilter"|"scecli"

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\

{FD2AB138-F9A8-4ab6-9095-EEE7AF8B6C28}\(Default) = "DigitalPersona Credential Provider Filter"

-> {HKLM...CLSID} = "ProvFilter Class"

\InProcServer32\(Default) = "C:\Windows\system32\dpcrprov.dll" ["DigitalPersona, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{2A16DF2F-490B-4F2B-8C68-21EF46FCCC37}\(Default) = "DigitalPersona Password Credential Provider"

-> {HKLM...CLSID} = "PswWrapProv Class"

\InProcServer32\(Default) = "C:\Windows\system32\dpcrprov.dll" ["DigitalPersona, Inc."]

{3ADC7042-51AF-4D0F-BD1D-4D6965A77323}\(Default) = "DigitalPersona Fingerprint Credential Provider"

-> {HKLM...CLSID} = "FingerProv Class"

\InProcServer32\(Default) = "C:\Windows\system32\dpcrprov.dll" ["DigitalPersona, Inc."]

{4C0F0D42-DA2D-45da-85BC-B7A1AB53BF65}\(Default) = "DigitalPersona CryptoToken Credential Provider"

-> {HKLM...CLSID} = "TokenProv Class"

\InProcServer32\(Default) = "C:\Windows\system32\dpcrprov.dll" ["DigitalPersona, Inc."]

{57E84B57-5533-4624-AB49-E29C8C5489D6}\(Default) = "DigitalPersona External Credential Provider"

-> {HKLM...CLSID} = "ExternalProv Class"

\InProcServer32\(Default) = "C:\Windows\system32\dpcrprov.dll" ["DigitalPersona, Inc."]

{70099717-17C8-4BD0-B3D4-FAF721AB1A62}\(Default) = "DigitalPersona Smartcard Credential Provider"

-> {HKLM...CLSID} = "SCardWrapProv Class"

\InProcServer32\(Default) = "C:\Windows\system32\dpcrprov.dll" ["DigitalPersona, Inc."]

{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = "WLIDCredentialProvider"

-> {HKLM...CLSID} = "WLIDCredentialProvider"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> tmpx\CLSID = "{0E526CB5-7446-41D1-A403-19BFE95E8C23}"

-> {HKLM...CLSID} = "TmIEPlugInAPP Class"

\InProcServer32\(Default) = "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll" ["Trend Micro Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"

-> {HKLM...CLSID} = "SimpleShlExt Class"

\InProcServer32\(Default) = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll" ["Advanced Micro Devices, Inc."]

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"

-> {HKLM...CLSID} = "GraphicsShellExt Class"

\InProcServer32\(Default) = "C:\Windows\system32\igfxpph.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Default executables:

--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"

HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"

<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\windows\system32\Bubbles.scr" [MS]

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

BridgeCS5.1ImportMediaOnArrival\

"Provider" = "Adobe Bridge CS5.1"

"InvokeProgID" = "Adobe.adobebridgeCS5.1"

"InvokeVerb" = "launch"

HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS5.1\shell\launch\command\(Default) = "C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]

iTunesBurnCDOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.BurnCD"

"InvokeVerb" = "burn"

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ImportSongsOnCD"

"InvokeVerb" = "import"

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.PlaySongsOnCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ShowSongsOnCD"

"InvokeVerb" = "showsongs"

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MSLivePhotoAcquireDropHandler\

"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"

"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS]

MSLiveShowPicturesOnArrival\

"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"

"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS]

MSPlayCDAudioOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.AudioCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"" [MS]

MSPlayDVDMovieOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.DVD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"" [MS]

MSPlaySuperVideoCDMovieOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.VCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSPlayVideoCDMovieOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.VCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSWMPBurnCDOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.BurnCD"

"InvokeVerb" = "Burn"

HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L"" [MS]

Picasa2ImportPicturesOnArrival\

"Provider" = "Picasa3"

"InvokeProgID" = "picasa2.autoplay"

"InvokeVerb" = "import"

HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "%1"" ["Google Inc."]

VLCPlayCDAudioOnArrival\