TechSpot

Google redirect\iexplore.exe problem

Solved
By PBRRRRR
Jul 31, 2012
  1. I need help removing the virus that does that occasional redirects from clicking links on a Google Search. There are also two IExplore.exe *32 processes that always run in the background even if I don't have Internet Explorer running. They respawn if I try to kill them. Thanks!

    Here are the mandatory log files:

    Malwarebytes Anti-Malware log
    C Drive

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.24.12

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    reymund :: DORNE [administrator]

    7/25/2012 1:51:04 AM
    mbam-log-2012-07-25 (01-51-04).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 462904
    Time elapsed: 9 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    D Drive
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.24.12

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    reymund :: DORNE [administrator]

    7/25/2012 2:05:08 AM
    mbam-log-2012-07-25 (02-05-08).txt

    Scan type: Full scan (D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 324007
    Time elapsed: 14 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    GMER Log
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-31 20:25:41
    Windows 6.1.7601 Service Pack 1
    Running: 0n88ejnj.exe
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c44610db
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\DNSRegisteredAdapters\{C2876AC9-E6AD-4C7A-B23B-09D30C758EC5}@RegisteredSinceBoot 0
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c44610db (not active ControlSet)
    ---- EOF - GMER 1.0.15 ----
    DDS Logs
    DDS.txt
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by reymund at 20:31:00 on 2012-07-31
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16332.13540 [GMT -4:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe
    d:\Program Files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\sqlservr.exe
    C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Capture.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\OpenSSH\usr\sbin\sshd.exe
    C:\Program Files (x86)\Puppet Labs\Puppet\sys\ruby\bin\rubyw.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\prevhost.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [TUGZip] rundll32.exe C:\Users\reymund\AppData\Local\TUGZip\dzlklmbm.dll,ClInteOp_SetTitle
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://remote2.darcoasp.net/NELX.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{7F1479AA-18CE-4520-9DBD-DB21F7DFF5BD} : NameServer = 192.168.2.154,192.168.2.129
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    Hosts: 192.168.1.78deploy
    Hosts: 192.168.1.139vmscripts01
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-26 89600]
    R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-26 44808]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-26 13336]
    R2 M4-Service;M4-Service;C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-1-16 1007472]
    R2 MSSQL$INWESTEROS;SQL Server (INWESTEROS);D:\Program Files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\sqlservr.exe [2010-4-3 61913952]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-26 2253120]
    R2 OpenSSHd;OpenSSH Server;C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe [2004-4-18 36864]
    R2 puppet;Puppet Agent;C:\Program Files (x86)\Puppet Labs\Puppet\service\daemon.bat [2012-4-10 87]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-26 2655768]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 SSLDrv;SSL-VPN NetExtender Adapter;C:\Windows\system32\DRIVERS\SSLDrv.sys --> C:\Windows\system32\DRIVERS\SSLDrv.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
    S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
    S4 SQLAgent$INWESTEROS;SQL Server Agent (INWESTEROS);D:\Program Files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    .
    =============== Created Last 30 ================
    .
    2012-07-27 09:10:4469000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4CE6C286-3819-4F50-A81B-9BF3C76AD577}\offreg.dll
    2012-07-26 11:39:06958400----a-w-C:\Windows\System32\drivers\aswSnx.sys
    2012-07-26 11:39:0671064----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
    2012-07-26 11:39:0654072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
    2012-07-26 11:38:5741224----a-w-C:\Windows\avastSS.scr
    2012-07-26 11:38:12--------d-sh--w-C:\$RECYCLE.BIN
    2012-07-26 00:37:53--------d-----w-C:\ProgramData\AVAST Software
    2012-07-26 00:37:53--------d-----w-C:\Program Files\AVAST Software
    2012-07-25 23:50:50--------d-----w-C:\TDSSKiller_Quarantine
    2012-07-25 05:46:48--------d-----w-C:\Users\reymund\AppData\Roaming\Malwarebytes
    2012-07-25 05:46:4224904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-07-25 05:46:42--------d-----w-C:\ProgramData\Malwarebytes
    2012-07-25 05:46:42--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-22 02:53:34--------d-----w-C:\Users\reymund\AppData\Roaming\SparkPDF
    2012-07-22 02:53:21--------d-----w-C:\Program Files (x86)\SparkPDF
    2012-07-17 23:44:46--------d-----w-C:\ProgramData\Age of Empires 3
    2012-07-11 04:48:52--------d-----w-C:\ProgramData\PuppetLabs
    2012-07-11 04:48:52--------d-----w-C:\Program Files (x86)\Puppet Labs
    2012-07-04 16:31:23101376----a-w-C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
    .
    ==================== Find3M ====================
    .
    2012-07-21 19:15:4170344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-21 19:15:41426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-01 17:55:31472808----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-06-30 01:17:01955840----a-w-C:\Windows\System32\npDeployJava1.dll
    2012-06-30 01:17:01839096----a-w-C:\Windows\System32\deployJava1.dll
    .
    ============= FINISH: 20:31:13.81 ===============
    Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume3
    Install Date: 11/25/2011 9:50:17 PM
    System Uptime: 7/27/2012 9:24:23 PM (95 hours ago)
    .
    Motherboard: Alienware | | M17xR3
    Processor: Intel(R) Core(TM) i7-2720QM CPU @ 2.20GHz | CPU1 | 2201/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 41.946 GiB free.
    D: is FIXED (NTFS) - 690 GiB total, 417.201 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) Centrino(R) Ultimate-N 6300 AGN
    Device ID: PCI\VEN_8086&DEV_422B&SUBSYS_11218086&REV_35\4&1AA90A9&0&00E2
    Manufacturer: Intel Corporation
    Name: Intel(R) Centrino(R) Ultimate-N 6300 AGN
    PNP Device ID: PCI\VEN_8086&DEV_422B&SUBSYS_11218086&REV_35\4&1AA90A9&0&00E2
    Service: NETwNs64
    .
    ==== System Restore Points ===================
    .
    RP87: 7/9/2012 - Scheduled Checkpoint
    RP88: 7/11/2012 12:48:32 AM - Installed Puppet
    RP89: 7/17/2012 7:43:53 PM - Installed DirectX 9.0
    RP90: 7/25/2012 3:24:28 AM - Scheduled Checkpoint
    RP91: 7/25/2012 8:37:49 PM - avast! Free Antivirus Setup
    RP92: 7/26/2012 7:31:20 AM - avast! Free Antivirus Setup
    RP93: 7/26/2012 7:33:10 AM - Windows Update
    RP94: 7/26/2012 7:38:45 AM - avast! Free Antivirus Setup
    RP95: 7/27/2012 9:22:56 PM - Windows Modules Installer
    .
    ==== Installed Programs ======================
    .
    AccelerometerP11
    Adobe Flash Player 11 ActiveX
    Age of Empires® III: Complete Collection
    Alienware On-Screen Display
    Apache Directory Studio - (remove only)
    Apple Application Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    AutoHotkey 1.0.48.05
    avast! Free Antivirus
    Blitzkrieg Mod
    CanoScan Toolbox Ver4.9
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Command Center
    Company of Heroes
    Company of Heroes - FAKEMSI
    Company of Heroes: Tales of Valor
    DAEMON Tools Lite
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DSmobileSCAN II
    Eastern Front
    EMSC
    Git version 1.7.9-preview20120201
    Google Chrome
    Google Talk Plugin
    GoToMeeting 5.1.0.880
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    IDT Audio
    ImgBurn
    Impulse®
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 25
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word Add-in For MediaWiki
    Microsoft Office Word MUI (English) 2010
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Web Developer 2010 Express - ENU
    Mikogo 4
    Notepad++
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OpenSSH for Windows (remove only)
    PDF Reader
    Puppet
    Realtek PCIE Card Reader
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    Sins of a Solar Empire - Trinity
    SonicWALL SSL-VPN NetExtender
    SourceGear Vault Standard Client
    StarCraft II
    Steam
    TUGZip 3.5
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    WinSCP 4.1.7
    Xming 6.9.0.31
    xplorer² lite 32 bit
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/26/2012 9:29:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    7/26/2012 9:29:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    7/26/2012 9:29:45 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    7/26/2012 9:29:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/26/2012 9:29:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/26/2012 9:29:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/26/2012 9:29:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/26/2012 9:29:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi ctxusbm discache spldr VBoxDrv VBoxUSBMon Wanarpv6
    7/26/2012 9:29:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    7/25/2012 8:19:12 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    7/25/2012 8:15:46 PM, Error: Service Control Manager [7034] - The OpenSSH Server service terminated unexpectedly. It has done this 1 time(s).
    7/25/2012 8:14:59 PM, Error: Service Control Manager [7034] - The M4-Service service terminated unexpectedly. It has done this 1 time(s).
    7/25/2012 7:55:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache spldr VBoxDrv VBoxUSBMon Wanarpv6
    7/25/2012 2:31:53 AM, Error: Service Control Manager [7034] - The Puppet Agent service terminated unexpectedly. It has done this 1 time(s).
    7/25/2012 2:28:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    7/25/2012 2:20:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    7/25/2012 1:08:08 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC ctxusbm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VBoxDrv VBoxUSBMon vwififlt Wanarpv6 WfpLwf ws2ifsl
    7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/24/2012 11:53:37 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    7/24/2012 11:51:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    7/24/2012 11:51:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    7/24/2012 11:24:01 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    7/24/2012 11:23:28 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
    7/24/2012 11:23:03 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. PBRRRRR

    PBRRRRR TS Rookie Topic Starter

    Part 1

    21:04:52.0215 11332TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    21:04:52.0680 11332============================================================
    21:04:52.0680 11332Current date / time: 2012/07/31 21:04:52.0680
    21:04:52.0680 11332SystemInfo:
    21:04:52.0680 11332
    21:04:52.0680 11332OS Version: 6.1.7601 ServicePack: 1.0
    21:04:52.0680 11332Product type: Workstation
    21:04:52.0680 11332ComputerName: DORNE
    21:04:52.0680 11332UserName: reymund
    21:04:52.0680 11332Windows directory: C:\Windows
    21:04:52.0680 11332System windows directory: C:\Windows
    21:04:52.0680 11332Running under WOW64
    21:04:52.0680 11332Processor architecture: Intel x64
    21:04:52.0680 11332Number of processors: 8
    21:04:52.0680 11332Page size: 0x1000
    21:04:52.0680 11332Boot type: Normal boot
    21:04:52.0680 11332============================================================
    21:04:55.0578 11332Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:04:55.0579 11332Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:04:55.0584 11332============================================================
    21:04:55.0584 11332\Device\Harddisk0\DR0:
    21:04:55.0584 11332MBR partitions:
    21:04:55.0584 11332\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x118C000, BlocksNum 0x563B8000
    21:04:55.0584 11332\Device\Harddisk1\DR1:
    21:04:55.0584 11332MBR partitions:
    21:04:55.0584 11332\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    21:04:55.0584 11332\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
    21:04:55.0584 11332============================================================
    21:04:55.0585 11332C: <-> \Device\Harddisk1\DR1\Partition1
    21:04:55.0624 11332D: <-> \Device\Harddisk0\DR0\Partition0
    21:04:55.0624 11332============================================================
    21:04:55.0624 11332Initialize success
    21:04:55.0624 11332============================================================
    21:05:04.0181 9632============================================================
    21:05:04.0181 9632Scan started
    21:05:04.0181 9632Mode: Manual;
    21:05:04.0181 9632============================================================
    21:05:04.0401 96321394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    21:05:04.0406 96321394ohci - ok
    21:05:04.0414 9632Acceler (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys
    21:05:04.0415 9632Acceler - ok
    21:05:04.0435 9632ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    21:05:04.0442 9632ACPI - ok
    21:05:04.0448 9632AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    21:05:04.0450 9632AcpiPmi - ok
    21:05:04.0475 9632adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    21:05:04.0481 9632adp94xx - ok
    21:05:04.0497 9632adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    21:05:04.0502 9632adpahci - ok
    21:05:04.0512 9632adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    21:05:04.0515 9632adpu320 - ok
    21:05:04.0523 9632AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    21:05:04.0525 9632AeLookupSvc - ok
    21:05:04.0534 9632AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
    21:05:04.0535 9632AESTFilters - ok
    21:05:04.0556 9632AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    21:05:04.0562 9632AFD - ok
    21:05:04.0568 9632agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    21:05:04.0570 9632agp440 - ok
    21:05:04.0575 9632ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    21:05:04.0577 9632ALG - ok
    21:05:04.0583 9632AlienFusionService (4cfc72ae6c0ed4a04cb6042ae94024a9) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    21:05:04.0584 9632AlienFusionService - ok
    21:05:04.0588 9632aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    21:05:04.0589 9632aliide - ok
    21:05:04.0594 9632amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    21:05:04.0595 9632amdide - ok
    21:05:04.0600 9632AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    21:05:04.0602 9632AmdK8 - ok
    21:05:04.0607 9632AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    21:05:04.0609 9632AmdPPM - ok
    21:05:04.0615 9632amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    21:05:04.0617 9632amdsata - ok
    21:05:04.0626 9632amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    21:05:04.0629 9632amdsbs - ok
    21:05:04.0631 9632amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    21:05:04.0632 9632amdxata - ok
    21:05:04.0638 9632AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
    21:05:04.0639 9632AppHostSvc - ok
    21:05:04.0643 9632AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    21:05:04.0645 9632AppID - ok
    21:05:04.0648 9632AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    21:05:04.0649 9632AppIDSvc - ok
    21:05:04.0653 9632Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    21:05:04.0654 9632Appinfo - ok
    21:05:04.0661 9632Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:05:04.0662 9632Apple Mobile Device - ok
    21:05:04.0672 9632AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    21:05:04.0674 9632AppMgmt - ok
    21:05:04.0679 9632arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    21:05:04.0681 9632arc - ok
    21:05:04.0686 9632arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    21:05:04.0687 9632arcsas - ok
    21:05:04.0707 9632aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    21:05:04.0708 9632aspnet_state - ok
    21:05:04.0711 9632aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
    21:05:04.0711 9632aswFsBlk - ok
    21:05:04.0716 9632aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
    21:05:04.0717 9632aswMonFlt - ok
    21:05:04.0722 9632aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
    21:05:04.0722 9632aswRdr - ok
    21:05:04.0752 9632aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
    21:05:04.0758 9632aswSnx - ok
    21:05:04.0770 9632aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
    21:05:04.0772 9632aswSP - ok
    21:05:04.0776 9632aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
    21:05:04.0777 9632aswTdi - ok
    21:05:04.0780 9632AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:05:04.0781 9632AsyncMac - ok
    21:05:04.0784 9632atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    21:05:04.0784 9632atapi - ok
    21:05:04.0808 9632AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    21:05:04.0816 9632AudioEndpointBuilder - ok
    21:05:04.0820 9632AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    21:05:04.0824 9632AudioSrv - ok
    21:05:04.0829 9632avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    21:05:04.0830 9632avast! Antivirus - ok
    21:05:04.0836 9632AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    21:05:04.0838 9632AxInstSV - ok
    21:05:04.0856 9632b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    21:05:04.0860 9632b06bdrv - ok
    21:05:04.0871 9632b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:05:04.0873 9632b57nd60a - ok
    21:05:04.0881 9632BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    21:05:04.0882 9632BDESVC - ok
    21:05:04.0885 9632Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    21:05:04.0886 9632Beep - ok
    21:05:04.0911 9632BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    21:05:04.0917 9632BFE - ok
    21:05:04.0946 9632BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    21:05:04.0954 9632BITS - ok
    21:05:04.0962 9632blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    21:05:04.0963 9632blbdrive - ok
    21:05:04.0980 9632Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    21:05:04.0984 9632Bonjour Service - ok
    21:05:04.0989 9632bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    21:05:04.0990 9632bowser - ok
    21:05:04.0993 9632BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:05:04.0993 9632BrFiltLo - ok
    21:05:04.0996 9632BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:05:04.0996 9632BrFiltUp - ok
    21:05:05.0004 9632BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    21:05:05.0005 9632BridgeMP - ok
    21:05:05.0012 9632Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    21:05:05.0014 9632Browser - ok
    21:05:05.0028 9632Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    21:05:05.0030 9632Brserid - ok
    21:05:05.0034 9632BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    21:05:05.0035 9632BrSerWdm - ok
    21:05:05.0038 9632BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:05:05.0039 9632BrUsbMdm - ok
    21:05:05.0041 9632BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    21:05:05.0042 9632BrUsbSer - ok
    21:05:05.0046 9632BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    21:05:05.0048 9632BthEnum - ok
    21:05:05.0052 9632BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    21:05:05.0054 9632BTHMODEM - ok
    21:05:05.0059 9632BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    21:05:05.0060 9632BthPan - ok
    21:05:05.0081 9632BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    21:05:05.0086 9632BTHPORT - ok
    21:05:05.0092 9632bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    21:05:05.0093 9632bthserv - ok
    21:05:05.0098 9632BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    21:05:05.0099 9632BTHUSB - ok
    21:05:05.0101 9632catchme - ok
    21:05:05.0106 9632cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:05:05.0108 9632cdfs - ok
    21:05:05.0116 9632cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    21:05:05.0117 9632cdrom - ok
    21:05:05.0123 9632CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    21:05:05.0124 9632CertPropSvc - ok
    21:05:05.0128 9632circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    21:05:05.0129 9632circlass - ok
    21:05:05.0143 9632CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    21:05:05.0147 9632CLFS - ok
    21:05:05.0156 9632clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:05:05.0158 9632clr_optimization_v2.0.50727_32 - ok
    21:05:05.0165 9632clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:05:05.0167 9632clr_optimization_v2.0.50727_64 - ok
    21:05:05.0180 9632clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:05:05.0182 9632clr_optimization_v4.0.30319_32 - ok
    21:05:05.0195 9632clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:05:05.0197 9632clr_optimization_v4.0.30319_64 - ok
    21:05:05.0200 9632CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:05:05.0200 9632CmBatt - ok
    21:05:05.0203 9632cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    21:05:05.0203 9632cmdide - ok
    21:05:05.0221 9632CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    21:05:05.0225 9632CNG - ok
    21:05:05.0228 9632Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    21:05:05.0229 9632Compbatt - ok
    21:05:05.0232 9632CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    21:05:05.0233 9632CompositeBus - ok
    21:05:05.0235 9632COMSysApp - ok
    21:05:05.0238 9632crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    21:05:05.0239 9632crcdisk - ok
    21:05:05.0248 9632CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    21:05:05.0250 9632CryptSvc - ok
    21:05:05.0269 9632CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    21:05:05.0274 9632CSC - ok
    21:05:05.0297 9632CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
    21:05:05.0302 9632CscService - ok
    21:05:05.0308 9632ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
    21:05:05.0309 9632ctxusbm - ok
    21:05:05.0327 9632DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    21:05:05.0333 9632DcomLaunch - ok
    21:05:05.0345 9632defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    21:05:05.0349 9632defragsvc - ok
    21:05:05.0355 9632DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    21:05:05.0357 9632DfsC - ok
    21:05:05.0368 9632Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    21:05:05.0372 9632Dhcp - ok
    21:05:05.0375 9632discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    21:05:05.0376 9632discache - ok
    21:05:05.0381 9632Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    21:05:05.0382 9632Disk - ok
    21:05:05.0390 9632Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    21:05:05.0392 9632Dnscache - ok
    21:05:05.0403 9632dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    21:05:05.0406 9632dot3svc - ok
    21:05:05.0415 9632DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    21:05:05.0417 9632DPS - ok
    21:05:05.0420 9632drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    21:05:05.0421 9632drmkaud - ok
    21:05:05.0432 9632dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    21:05:05.0433 9632dtsoftbus01 - ok
    21:05:05.0472 9632DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    21:05:05.0478 9632DXGKrnl - ok
    21:05:05.0485 9632EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    21:05:05.0487 9632EapHost - ok
    21:05:05.0602 9632ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    21:05:05.0624 9632ebdrv - ok
    21:05:05.0653 9632EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    21:05:05.0655 9632EFS - ok
    21:05:05.0684 9632ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    21:05:05.0692 9632ehRecvr - ok
    21:05:05.0699 9632ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    21:05:05.0701 9632ehSched - ok
    21:05:05.0726 9632elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    21:05:05.0732 9632elxstor - ok
    21:05:05.0736 9632EMSC (e47d9d7e6e53892fc97282482f4ae307) C:\Windows\system32\DRIVERS\EMSC.SYS
    21:05:05.0737 9632EMSC - ok
    21:05:05.0740 9632ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    21:05:05.0741 9632ErrDev - ok
    21:05:05.0760 9632EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    21:05:05.0765 9632EventSystem - ok
    21:05:05.0821 9632EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    21:05:05.0838 9632EvtEng - ok
    21:05:05.0876 9632exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    21:05:05.0879 9632exfat - ok
    21:05:05.0888 9632fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    21:05:05.0892 9632fastfat - ok
    21:05:05.0918 9632Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    21:05:05.0927 9632Fax - ok
    21:05:05.0931 9632fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    21:05:05.0932 9632fdc - ok
    21:05:05.0936 9632fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    21:05:05.0938 9632fdPHost - ok
    21:05:05.0942 9632FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    21:05:05.0944 9632FDResPub - ok
    21:05:05.0950 9632FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    21:05:05.0951 9632FileInfo - ok
    21:05:05.0955 9632Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    21:05:05.0957 9632Filetrace - ok
    21:05:05.0960 9632flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:05:05.0961 9632flpydisk - ok
    21:05:05.0973 9632FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    21:05:05.0976 9632FltMgr - ok
    21:05:06.0018 9632FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    21:05:06.0031 9632FontCache - ok
    21:05:06.0038 9632FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:05:06.0040 9632FontCache3.0.0.0 - ok
    21:05:06.0049 9632FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    21:05:06.0051 9632FsDepends - ok
    21:05:06.0054 9632Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    21:05:06.0056 9632Fs_Rec - ok
    21:05:06.0067 9632fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    21:05:06.0069 9632fvevol - ok
    21:05:06.0075 9632gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:05:06.0077 9632gagp30kx - ok
    21:05:06.0082 9632GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:05:06.0083 9632GEARAspiWDM - ok
    21:05:06.0111 9632gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    21:05:06.0121 9632gpsvc - ok
    21:05:06.0127 9632hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    21:05:06.0128 9632hcw85cir - ok
    21:05:06.0144 9632HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    21:05:06.0149 9632HdAudAddService - ok
    21:05:06.0159 9632HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    21:05:06.0161 9632HDAudBus - ok
    21:05:06.0165 9632HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    21:05:06.0166 9632HidBatt - ok
    21:05:06.0173 9632HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    21:05:06.0175 9632HidBth - ok
    21:05:06.0181 9632HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    21:05:06.0182 9632HidIr - ok
    21:05:06.0185 9632hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    21:05:06.0187 9632hidserv - ok
    21:05:06.0190 9632HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    21:05:06.0191 9632HidUsb - ok
    21:05:06.0197 9632hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    21:05:06.0200 9632hkmsvc - ok
    21:05:06.0211 9632HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    21:05:06.0216 9632HomeGroupListener - ok
    21:05:06.0226 9632HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    21:05:06.0230 9632HomeGroupProvider - ok
    21:05:06.0235 9632HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    21:05:06.0237 9632HpSAMD - ok
    21:05:06.0262 9632HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    21:05:06.0269 9632HTTP - ok
    21:05:06.0272 9632hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    21:05:06.0273 9632hwpolicy - ok
    21:05:06.0279 9632i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    21:05:06.0280 9632i8042prt - ok
    21:05:06.0296 9632iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
    21:05:06.0298 9632iaStor - ok
    21:05:06.0306 9632IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    21:05:06.0306 9632IAStorDataMgrSvc - ok
    21:05:06.0322 9632iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    21:05:06.0326 9632iaStorV - ok
    21:05:06.0334 9632IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    21:05:06.0336 9632IDriverT - ok
    21:05:06.0365 9632idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:05:06.0372 9632idsvc - ok
    21:05:06.0795 9632igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys
    21:05:06.0874 9632igfx - ok
    21:05:06.0901 9632iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    21:05:06.0902 9632iirsp - ok
    21:05:06.0932 9632IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    21:05:06.0939 9632IKEEXT - ok
    21:05:06.0953 9632IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    21:05:06.0956 9632IntcDAud - ok
    21:05:06.0960 9632intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    21:05:06.0961 9632intelide - ok
    21:05:06.0965 9632intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    21:05:06.0965 9632intelppm - ok
    21:05:06.0971 9632IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    21:05:06.0974 9632IPBusEnum - ok
    21:05:06.0979 9632IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:05:06.0980 9632IpFilterDriver - ok
    21:05:06.0999 9632iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    21:05:07.0004 9632iphlpsvc - ok
    21:05:07.0010 9632IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    21:05:07.0012 9632IPMIDRV - ok
    21:05:07.0017 9632IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    21:05:07.0019 9632IPNAT - ok
    21:05:07.0054 9632iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
    21:05:07.0061 9632iPod Service - ok
    21:05:07.0065 9632IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    21:05:07.0065 9632IRENUM - ok
    21:05:07.0068 9632isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    21:05:07.0069 9632isapnp - ok
    21:05:07.0082 9632iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    21:05:07.0085 9632iScsiPrt - ok
    21:05:07.0090 9632kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:05:07.0090 9632kbdclass - ok
    21:05:07.0095 9632kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    21:05:07.0096 9632kbdhid - ok
    21:05:07.0099 9632KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:05:07.0101 9632KeyIso - ok
    21:05:07.0106 9632KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    21:05:07.0108 9632KSecDD - ok
    21:05:07.0116 9632KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    21:05:07.0117 9632KSecPkg - ok
    21:05:07.0120 9632ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    21:05:07.0121 9632ksthunk - ok
    21:05:07.0134 9632KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    21:05:07.0138 9632KtmRm - ok
    21:05:07.0144 9632L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\Windows\system32\DRIVERS\L1C62x64.sys
    21:05:07.0145 9632L1C - ok
    21:05:07.0155 9632LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    21:05:07.0159 9632LanmanServer - ok
    21:05:07.0164 9632LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    21:05:07.0168 9632LanmanWorkstation - ok
    21:05:07.0173 9632lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    21:05:07.0174 9632lltdio - ok
    21:05:07.0185 9632lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    21:05:07.0189 9632lltdsvc - ok
    21:05:07.0192 9632lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    21:05:07.0194 9632lmhosts - ok
    21:05:07.0210 9632LMS (926eba26a8b49d1597751ced06b50862) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    21:05:07.0212 9632LMS - ok
    21:05:07.0221 9632LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:05:07.0222 9632LSI_FC - ok
    21:05:07.0228 9632LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:05:07.0230 9632LSI_SAS - ok
    21:05:07.0235 9632LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:05:07.0236 9632LSI_SAS2 - ok
    21:05:07.0242 9632LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:05:07.0243 9632LSI_SCSI - ok
    21:05:07.0249 9632luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    21:05:07.0250 9632luafv - ok
    21:05:07.0294 9632M4-Service (f1d72877fa97d617be70aefb3a30cd91) C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe
    21:05:07.0299 9632M4-Service - ok
    21:05:07.0304 9632Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    21:05:07.0307 9632Mcx2Svc - ok
    21:05:07.0310 9632megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    21:05:07.0311 9632megasas - ok
    21:05:07.0322 9632MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    21:05:07.0324 9632MegaSR - ok
    21:05:07.0329 9632MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    21:05:07.0330 9632MEIx64 - ok
    21:05:07.0337 9632Microsoft SharePoint Workspace Audit Service - ok
    21:05:07.0342 9632MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    21:05:07.0345 9632MMCSS - ok
    21:05:07.0348 9632Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    21:05:07.0349 9632Modem - ok
    21:05:07.0352 9632monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    21:05:07.0352 9632monitor - ok
    21:05:07.0356 9632mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    21:05:07.0356 9632mouclass - ok
    21:05:07.0360 9632mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    21:05:07.0361 9632mouhid - ok
    21:05:07.0367 9632mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    21:05:07.0368 9632mountmgr - ok
    21:05:07.0377 9632mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    21:05:07.0379 9632mpio - ok
    21:05:07.0385 9632mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    21:05:07.0386 9632mpsdrv - ok
    21:05:07.0419 9632MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    21:05:07.0427 9632MpsSvc - ok
    21:05:07.0435 9632MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    21:05:07.0437 9632MRxDAV - ok
    21:05:07.0445 9632mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:05:07.0446 9632mrxsmb - ok
    21:05:07.0458 9632mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:05:07.0461 9632mrxsmb10 - ok
    21:05:07.0468 9632mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:05:07.0470 9632mrxsmb20 - ok
    21:05:07.0473 9632msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    21:05:07.0474 9632msahci - ok
    21:05:07.0482 9632msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    21:05:07.0484 9632msdsm - ok
    21:05:07.0491 9632MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    21:05:07.0494 9632MSDTC - ok
    21:05:07.0499 9632Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    21:05:07.0500 9632Msfs - ok
    21:05:07.0503 9632mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    21:05:07.0503 9632mshidkmdf - ok
    21:05:07.0506 9632msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    21:05:07.0507 9632msisadrv - ok
    21:05:07.0514 9632MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    21:05:07.0517 9632MSiSCSI - ok
    21:05:07.0519 9632msiserver - ok
    21:05:07.0522 9632MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    21:05:07.0523 9632MSKSSRV - ok
    21:05:07.0526 9632MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:05:07.0527 9632MSPCLOCK - ok
    21:05:07.0528 9632MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    21:05:07.0529 9632MSPQM - ok
    21:05:07.0544 9632MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    21:05:07.0547 9632MsRPC - ok
    21:05:07.0552 9632mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    21:05:07.0553 9632mssmbios - ok
    21:05:08.0035 9632MSSQL$INWESTEROS - ok
    21:05:08.0048 9632MSSQL$SQLEXPRESS - ok
    21:05:08.0063 9632MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    21:05:08.0066 9632MSSQLServerADHelper100 - ok
    21:05:08.0072 9632MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    21:05:08.0074 9632MSTEE - ok
    21:05:08.0077 9632MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    21:05:08.0079 9632MTConfig - ok
    21:05:08.0084 9632Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    21:05:08.0086 9632Mup - ok
    21:05:08.0100 9632MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    21:05:08.0103 9632MyWiFiDHCPDNS - ok
    21:05:08.0123 9632napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    21:05:08.0129 9632napagent - ok
    21:05:08.0143 9632NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    21:05:08.0146 9632NativeWifiP - ok
    21:05:08.0180 9632NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    21:05:08.0187 9632NDIS - ok
    21:05:08.0191 9632NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    21:05:08.0192 9632NdisCap - ok
    21:05:08.0196 9632NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:05:08.0197 9632NdisTapi - ok
    21:05:08.0201 9632Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:05:08.0202 9632Ndisuio - ok
    21:05:08.0209 9632NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:05:08.0211 9632NdisWan - ok
    21:05:08.0215 9632NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    21:05:08.0216 9632NDProxy - ok
    21:05:08.0219 9632NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    21:05:08.0220 9632NetBIOS - ok
    21:05:08.0229 9632NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    21:05:08.0232 9632NetBT - ok
    21:05:08.0236 9632Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:05:08.0238 9632Netlogon - ok
    21:05:08.0253 9632Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    21:05:08.0258 9632Netman - ok
     
  4. PBRRRRR

    PBRRRRR TS Rookie Topic Starter

    Part 2
    21:05:08.0273 9632NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:05:08.0275 9632NetMsmqActivator - ok
    21:05:08.0277 9632NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:05:08.0278 9632NetPipeActivator - ok
    21:05:08.0298 9632netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    21:05:08.0304 9632netprofm - ok
    21:05:08.0306 9632NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:05:08.0307 9632NetTcpActivator - ok
    21:05:08.0309 9632NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:05:08.0310 9632NetTcpPortSharing - ok
    21:05:08.0597 9632NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
    21:05:08.0656 9632NETwNs64 - ok
    21:05:08.0692 9632nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    21:05:08.0693 9632nfrd960 - ok
    21:05:08.0705 9632NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    21:05:08.0711 9632NlaSvc - ok
    21:05:08.0715 9632Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    21:05:08.0717 9632Npfs - ok
    21:05:08.0720 9632nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    21:05:08.0723 9632nsi - ok
    21:05:08.0726 9632nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    21:05:08.0727 9632nsiproxy - ok
    21:05:08.0791 9632Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    21:05:08.0810 9632Ntfs - ok
    21:05:08.0838 9632Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    21:05:08.0839 9632Null - ok
    21:05:08.0846 9632nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
    21:05:08.0848 9632nusb3hub - ok
    21:05:08.0858 9632nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    21:05:08.0861 9632nusb3xhc - ok
    21:05:09.0298 9632nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    21:05:09.0350 9632nvlddmkm - ok
    21:05:09.0389 9632nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    21:05:09.0391 9632nvraid - ok
    21:05:09.0401 9632nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    21:05:09.0403 9632nvstor - ok
    21:05:09.0466 9632nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
    21:05:09.0484 9632nvsvc - ok
    21:05:09.0571 9632nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    21:05:09.0591 9632nvUpdatusService - ok
    21:05:09.0625 9632nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    21:05:09.0627 9632nv_agp - ok
    21:05:09.0633 9632ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    21:05:09.0635 9632ohci1394 - ok
    21:05:09.0642 9632OpenSSHd (3d70b0630342132ebc1ff5cff483e6c0) C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe
    21:05:09.0643 9632OpenSSHd - ok
    21:05:09.0651 9632ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:05:09.0653 9632ose - ok
    21:05:09.0844 9632osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    21:05:09.0881 9632osppsvc - ok
    21:05:09.0919 9632p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    21:05:09.0923 9632p2pimsvc - ok
    21:05:09.0939 9632p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    21:05:09.0945 9632p2psvc - ok
    21:05:09.0954 9632Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    21:05:09.0956 9632Parport - ok
    21:05:09.0960 9632partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    21:05:09.0962 9632partmgr - ok
    21:05:09.0971 9632PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    21:05:09.0974 9632PcaSvc - ok
    21:05:09.0983 9632pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    21:05:09.0986 9632pci - ok
    21:05:09.0988 9632pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    21:05:09.0989 9632pciide - ok
    21:05:09.0999 9632pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:05:10.0001 9632pcmcia - ok
    21:05:10.0006 9632pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    21:05:10.0007 9632pcw - ok
    21:05:10.0030 9632PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    21:05:10.0035 9632PEAUTH - ok
    21:05:10.0085 9632PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    21:05:10.0103 9632PeerDistSvc - ok
    21:05:10.0135 9632PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    21:05:10.0139 9632PerfHost - ok
    21:05:10.0226 9632pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    21:05:10.0243 9632pla - ok
    21:05:10.0261 9632PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    21:05:10.0269 9632PlugPlay - ok
    21:05:10.0273 9632PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    21:05:10.0277 9632PNRPAutoReg - ok
    21:05:10.0291 9632PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    21:05:10.0296 9632PNRPsvc - ok
    21:05:10.0317 9632PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    21:05:10.0324 9632PolicyAgent - ok
    21:05:10.0335 9632Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    21:05:10.0340 9632Power - ok
    21:05:10.0351 9632PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    21:05:10.0353 9632PptpMiniport - ok
    21:05:10.0358 9632Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    21:05:10.0359 9632Processor - ok
    21:05:10.0370 9632ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    21:05:10.0375 9632ProfSvc - ok
    21:05:10.0379 9632ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:05:10.0382 9632ProtectedStorage - ok
    21:05:10.0391 9632Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    21:05:10.0393 9632Psched - ok
    21:05:10.0398 9632puppet (1303b5084b733d7febc9a2a9ab55195d) C:\Program Files (x86)\Puppet Labs\Puppet\service\daemon.bat
    21:05:10.0399 9632puppet - ok
    21:05:10.0456 9632ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    21:05:10.0473 9632ql2300 - ok
    21:05:10.0511 9632ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    21:05:10.0513 9632ql40xx - ok
    21:05:10.0526 9632QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    21:05:10.0533 9632QWAVE - ok
    21:05:10.0539 9632QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    21:05:10.0541 9632QWAVEdrv - ok
    21:05:10.0545 9632RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    21:05:10.0546 9632RasAcd - ok
    21:05:10.0553 9632RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:05:10.0554 9632RasAgileVpn - ok
    21:05:10.0561 9632RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    21:05:10.0566 9632RasAuto - ok
    21:05:10.0575 9632Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:05:10.0578 9632Rasl2tp - ok
    21:05:10.0593 9632RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    21:05:10.0601 9632RasMan - ok
    21:05:10.0608 9632RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:05:10.0610 9632RasPppoe - ok
    21:05:10.0617 9632RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    21:05:10.0619 9632RasSstp - ok
    21:05:10.0632 9632rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    21:05:10.0636 9632rdbss - ok
    21:05:10.0639 9632rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    21:05:10.0640 9632rdpbus - ok
    21:05:10.0642 9632RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:05:10.0643 9632RDPCDD - ok
    21:05:10.0652 9632RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    21:05:10.0654 9632RDPDR - ok
    21:05:10.0657 9632RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    21:05:10.0657 9632RDPENCDD - ok
    21:05:10.0661 9632RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    21:05:10.0661 9632RDPREFMP - ok
    21:05:10.0666 9632RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    21:05:10.0667 9632RdpVideoMiniport - ok
    21:05:10.0677 9632RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    21:05:10.0679 9632RDPWD - ok
    21:05:10.0690 9632rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    21:05:10.0692 9632rdyboost - ok
    21:05:10.0724 9632RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    21:05:10.0731 9632RegSrvc - ok
    21:05:10.0737 9632RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    21:05:10.0739 9632RemoteAccess - ok
    21:05:10.0747 9632RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    21:05:10.0751 9632RemoteRegistry - ok
    21:05:10.0761 9632RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    21:05:10.0763 9632RFCOMM - ok
    21:05:10.0768 9632RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    21:05:10.0771 9632RpcEptMapper - ok
    21:05:10.0774 9632RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    21:05:10.0776 9632RpcLocator - ok
    21:05:10.0790 9632RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
    21:05:10.0795 9632RpcSs - ok
    21:05:10.0809 9632RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
    21:05:10.0812 9632RsFx0103 - ok
    21:05:10.0824 9632RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
    21:05:10.0827 9632RsFx0150 - ok
    21:05:10.0841 9632RSPCIESTOR (85b325723f67ef80927326fd7eb1cc10) C:\Windows\system32\DRIVERS\RtsPStor.sys
    21:05:10.0843 9632RSPCIESTOR - ok
    21:05:10.0849 9632rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    21:05:10.0850 9632rspndr - ok
    21:05:10.0853 9632s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    21:05:10.0854 9632s3cap - ok
    21:05:10.0857 9632SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:05:10.0859 9632SamSs - ok
    21:05:10.0865 9632sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    21:05:10.0867 9632sbp2port - ok
    21:05:10.0876 9632SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    21:05:10.0880 9632SCardSvr - ok
    21:05:10.0884 9632scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    21:05:10.0885 9632scfilter - ok
    21:05:10.0919 9632Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    21:05:10.0931 9632Schedule - ok
    21:05:10.0939 9632SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    21:05:10.0940 9632SCPolicySvc - ok
    21:05:10.0948 9632sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    21:05:10.0950 9632sdbus - ok
    21:05:10.0960 9632SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    21:05:10.0965 9632SDRSVC - ok
    21:05:10.0969 9632secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    21:05:10.0970 9632secdrv - ok
    21:05:10.0973 9632seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    21:05:10.0977 9632seclogon - ok
    21:05:10.0982 9632SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    21:05:10.0986 9632SENS - ok
    21:05:10.0990 9632SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    21:05:10.0994 9632SensrSvc - ok
    21:05:10.0997 9632Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    21:05:10.0998 9632Serenum - ok
    21:05:11.0004 9632Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    21:05:11.0006 9632Serial - ok
    21:05:11.0010 9632sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    21:05:11.0011 9632sermouse - ok
    21:05:11.0023 9632SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    21:05:11.0027 9632SessionEnv - ok
    21:05:11.0030 9632sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    21:05:11.0032 9632sffdisk - ok
    21:05:11.0035 9632sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    21:05:11.0036 9632sffp_mmc - ok
    21:05:11.0039 9632sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    21:05:11.0040 9632sffp_sd - ok
    21:05:11.0043 9632sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    21:05:11.0044 9632sfloppy - ok
    21:05:11.0057 9632SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    21:05:11.0062 9632SharedAccess - ok
    21:05:11.0075 9632ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    21:05:11.0080 9632ShellHWDetection - ok
    21:05:11.0084 9632SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:05:11.0085 9632SiSRaid2 - ok
    21:05:11.0090 9632SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    21:05:11.0091 9632SiSRaid4 - ok
    21:05:11.0096 9632Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    21:05:11.0098 9632Smb - ok
    21:05:11.0104 9632SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    21:05:11.0107 9632SNMPTRAP - ok
    21:05:11.0129 9632SONICWALL_NetExtender (089185516374ba26193e41aaa559e60e) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
    21:05:11.0133 9632SONICWALL_NetExtender - ok
    21:05:11.0136 9632spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    21:05:11.0137 9632spldr - ok
    21:05:11.0157 9632Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    21:05:11.0164 9632Spooler - ok
    21:05:11.0289 9632sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    21:05:11.0317 9632sppsvc - ok
    21:05:11.0352 9632sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    21:05:11.0355 9632sppuinotify - ok
    21:05:11.0466 9632SQLAgent$INWESTEROS (bea7fea5bb31eb58d78971f821ae6844) d:\Program Files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\SQLAGENT.EXE
    21:05:11.0474 9632SQLAgent$INWESTEROS - ok
    21:05:11.0498 9632SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
    21:05:11.0505 9632SQLAgent$SQLEXPRESS - ok
    21:05:11.0521 9632SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    21:05:11.0525 9632SQLBrowser - ok
    21:05:11.0537 9632SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    21:05:11.0540 9632SQLWriter - ok
    21:05:11.0567 9632srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    21:05:11.0574 9632srv - ok
    21:05:11.0593 9632srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    21:05:11.0598 9632srv2 - ok
    21:05:11.0607 9632srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    21:05:11.0609 9632srvnet - ok
    21:05:11.0619 9632SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    21:05:11.0624 9632SSDPSRV - ok
    21:05:11.0629 9632SSLDrv (4b8cdc023e8a7ebabfefcd2de67fd488) C:\Windows\system32\DRIVERS\SSLDrv.sys
    21:05:11.0630 9632SSLDrv - ok
    21:05:11.0635 9632SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    21:05:11.0639 9632SstpSvc - ok
    21:05:11.0655 9632STacSV (e82994866a370a480607637f28b82835) C:\Program Files\IDT\WDM\STacSV64.exe
    21:05:11.0658 9632STacSV - ok
    21:05:11.0662 9632stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
    21:05:11.0663 9632stdcfltn - ok
    21:05:11.0670 9632Steam Client Service - ok
    21:05:11.0687 9632Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    21:05:11.0691 9632Stereo Service - ok

    21:05:11.0695 9632stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    21:05:11.0697 9632stexstor - ok
    21:05:11.0716 9632STHDA (3ad0ed8b19cd76d2254de5fb298e3c26) C:\Windows\system32\DRIVERS\stwrt64.sys
    21:05:11.0721 9632STHDA - ok
    21:05:11.0744 9632stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    21:05:11.0753 9632stisvc - ok
    21:05:11.0758 9632storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    21:05:11.0759 9632storflt - ok
    21:05:11.0764 9632storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    21:05:11.0765 9632storvsc - ok
    21:05:11.0768 9632swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    21:05:11.0769 9632swenum - ok
    21:05:11.0789 9632swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    21:05:11.0797 9632swprv - ok
    21:05:11.0800 9632Synth3dVsc - ok
    21:05:11.0854 9632SynTP (d8205430cfd64fdb7d691d3bb74fd18f) C:\Windows\system32\DRIVERS\SynTP.sys
    21:05:11.0866 9632SynTP - ok
    21:05:11.0966 9632SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    21:05:11.0989 9632SysMain - ok
    21:05:12.0022 9632TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    21:05:12.0027 9632TabletInputService - ok
    21:05:12.0042 9632TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    21:05:12.0049 9632TapiSrv - ok
    21:05:12.0055 9632TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    21:05:12.0060 9632TBS - ok
    21:05:12.0137 9632Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    21:05:12.0156 9632Tcpip - ok
    21:05:12.0221 9632TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    21:05:12.0229 9632TCPIP6 - ok
    21:05:12.0253 9632tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    21:05:12.0254 9632tcpipreg - ok
    21:05:12.0258 9632TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    21:05:12.0259 9632TDPIPE - ok
    21:05:12.0262 9632TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    21:05:12.0263 9632TDTCP - ok
    21:05:12.0268 9632tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    21:05:12.0269 9632tdx - ok
    21:05:12.0273 9632TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    21:05:12.0274 9632TermDD - ok
    21:05:12.0292 9632TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    21:05:12.0297 9632TermService - ok
    21:05:12.0302 9632Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    21:05:12.0305 9632Themes - ok
    21:05:12.0309 9632THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    21:05:12.0311 9632THREADORDER - ok
    21:05:12.0316 9632TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    21:05:12.0320 9632TrkWks - ok
    21:05:12.0328 9632TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    21:05:12.0330 9632TrustedInstaller - ok
    21:05:12.0335 9632tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:05:12.0336 9632tssecsrv - ok
    21:05:12.0340 9632TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    21:05:12.0341 9632TsUsbFlt - ok
    21:05:12.0343 9632tsusbhub - ok
    21:05:12.0351 9632tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    21:05:12.0352 9632tunnel - ok
    21:05:12.0357 9632uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    21:05:12.0359 9632uagp35 - ok
    21:05:12.0371 9632udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    21:05:12.0375 9632udfs - ok
    21:05:12.0381 9632UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    21:05:12.0384 9632UI0Detect - ok
    21:05:12.0389 9632uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    21:05:12.0390 9632uliagpkx - ok
    21:05:12.0395 9632umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    21:05:12.0396 9632umbus - ok
    21:05:12.0399 9632UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    21:05:12.0400 9632UmPass - ok
    21:05:12.0408 9632UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    21:05:12.0413 9632UmRdpService - ok
    21:05:12.0492 9632UNS (fdf92ec84fecee834fb10a2a0a19bcda) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    21:05:12.0511 9632UNS - ok
    21:05:12.0541 9632upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    21:05:12.0547 9632upnphost - ok
    21:05:12.0554 9632usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:05:12.0555 9632usbccgp - ok
    21:05:12.0560 9632usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    21:05:12.0562 9632usbcir - ok
    21:05:12.0565 9632usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    21:05:12.0566 9632usbehci - ok
    21:05:12.0577 9632usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    21:05:12.0581 9632usbhub - ok
    21:05:12.0584 9632usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    21:05:12.0585 9632usbohci - ok
    21:05:12.0589 9632usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    21:05:12.0590 9632usbprint - ok
    21:05:12.0594 9632usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    21:05:12.0595 9632usbscan - ok
    21:05:12.0600 9632USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:05:12.0601 9632USBSTOR - ok
    21:05:12.0604 9632usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    21:05:12.0605 9632usbuhci - ok
    21:05:12.0612 9632usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    21:05:12.0614 9632usbvideo - ok
    21:05:12.0618 9632UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    21:05:12.0621 9632UxSms - ok
    21:05:12.0624 9632VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:05:12.0626 9632VaultSvc - ok
    21:05:12.0637 9632VBoxDrv (b6437a7c60c817a0d7bea1d994b01612) C:\Windows\system32\DRIVERS\VBoxDrv.sys
    21:05:12.0638 9632VBoxDrv - ok
    21:05:12.0646 9632VBoxNetAdp (9e607f6240eadc4c0b3570f3e5e0358c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
    21:05:12.0648 9632VBoxNetAdp - ok
    21:05:12.0655 9632VBoxNetFlt (9f7bc6d33a3aa4aff35c9dbd69c2bca0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
    21:05:12.0656 9632VBoxNetFlt - ok
    21:05:12.0664 9632VBoxUSBMon (84b57b85a550476456ec5ab32fa99513) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
    21:05:12.0665 9632VBoxUSBMon - ok
    21:05:12.0669 9632vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    21:05:12.0670 9632vdrvroot - ok
    21:05:12.0689 9632vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    21:05:12.0695 9632vds - ok
    21:05:12.0699 9632vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:05:12.0700 9632vga - ok
    21:05:12.0704 9632VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    21:05:12.0705 9632VgaSave - ok
    21:05:12.0708 9632VGPU - ok
    21:05:12.0717 9632vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    21:05:12.0720 9632vhdmp - ok
    21:05:12.0723 9632viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    21:05:12.0724 9632viaide - ok
    21:05:12.0734 9632vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    21:05:12.0737 9632vmbus - ok
    21:05:12.0740 9632VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    21:05:12.0741 9632VMBusHID - ok
    21:05:12.0747 9632volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    21:05:12.0748 9632volmgr - ok
    21:05:12.0762 9632volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    21:05:12.0765 9632volmgrx - ok
    21:05:12.0779 9632volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    21:05:12.0781 9632volsnap - ok
    21:05:12.0790 9632vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    21:05:12.0792 9632vsmraid - ok
    21:05:12.0845 9632VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    21:05:12.0858 9632VSS - ok
    21:05:12.0892 9632vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    21:05:12.0893 9632vwifibus - ok
    21:05:12.0897 9632vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    21:05:12.0898 9632vwififlt - ok
    21:05:12.0901 9632vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    21:05:12.0902 9632vwifimp - ok
    21:05:12.0918 9632W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    21:05:12.0924 9632W32Time - ok
    21:05:12.0943 9632W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
    21:05:12.0947 9632W3SVC - ok
    21:05:12.0951 9632WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    21:05:12.0952 9632WacomPen - ok
    21:05:12.0959 9632WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:05:12.0960 9632WANARP - ok
    21:05:12.0962 9632Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:05:12.0963 9632Wanarpv6 - ok
    21:05:12.0967 9632WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
    21:05:12.0970 9632WAS - ok
    21:05:13.0023 9632wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    21:05:13.0041 9632wbengine - ok
    21:05:13.0068 9632WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    21:05:13.0072 9632WbioSrvc - ok
    21:05:13.0083 9632wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    21:05:13.0089 9632wcncsvc - ok
    21:05:13.0092 9632WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    21:05:13.0095 9632WcsPlugInService - ok
    21:05:13.0101 9632Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    21:05:13.0102 9632Wd - ok
    21:05:13.0119 9632Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    21:05:13.0124 9632Wdf01000 - ok
    21:05:13.0130 9632WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    21:05:13.0133 9632WdiServiceHost - ok
    21:05:13.0135 9632WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    21:05:13.0139 9632WdiSystemHost - ok
    21:05:13.0147 9632WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    21:05:13.0152 9632WebClient - ok
    21:05:13.0160 9632Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    21:05:13.0165 9632Wecsvc - ok
    21:05:13.0169 9632wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    21:05:13.0173 9632wercplsupport - ok
    21:05:13.0178 9632WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    21:05:13.0181 9632WerSvc - ok
    21:05:13.0187 9632WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    21:05:13.0187 9632WfpLwf - ok
    21:05:13.0191 9632WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    21:05:13.0192 9632WIMMount - ok
    21:05:13.0195 9632WinDefend - ok
    21:05:13.0200 9632WinHttpAutoProxySvc - ok
    21:05:13.0214 9632Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    21:05:13.0217 9632Winmgmt - ok
    21:05:13.0302 9632WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    21:05:13.0338 9632WinRM - ok
    21:05:13.0393 9632Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    21:05:13.0404 9632Wlansvc - ok
    21:05:13.0410 9632WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    21:05:13.0411 9632WmiAcpi - ok
    21:05:13.0422 9632wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    21:05:13.0424 9632wmiApSrv - ok
    21:05:13.0428 9632WMPNetworkSvc - ok
    21:05:13.0434 9632WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe
    21:05:13.0435 9632WMSVC - ok
    21:05:13.0438 9632WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    21:05:13.0441 9632WPCSvc - ok
    21:05:13.0446 9632WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    21:05:13.0450 9632WPDBusEnum - ok
    21:05:13.0454 9632ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    21:05:13.0454 9632ws2ifsl - ok
    21:05:13.0459 9632wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    21:05:13.0463 9632wscsvc - ok
    21:05:13.0465 9632WSearch - ok
    21:05:13.0524 9632wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    21:05:13.0544 9632wuauserv - ok
    21:05:13.0580 9632WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    21:05:13.0582 9632WudfPf - ok
    21:05:13.0590 9632WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:05:13.0592 9632WUDFRd - ok
    21:05:13.0598 9632wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    21:05:13.0601 9632wudfsvc - ok
    21:05:13.0611 9632WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    21:05:13.0615 9632WwanSvc - ok
    21:05:13.0685 9632MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    21:05:13.0696 9632\Device\Harddisk0\DR0 - ok
    21:05:13.0703 9632MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    21:05:13.0770 9632\Device\Harddisk1\DR1 - ok
    21:05:13.0773 9632Boot (0x1200) (ef3f47d80af72eb82720da7f7f17b917) \Device\Harddisk0\DR0\Partition0
    21:05:13.0775 9632\Device\Harddisk0\DR0\Partition0 - ok
    21:05:13.0778 9632Boot (0x1200) (ee87a656306a277abd95e669eeeb72d6) \Device\Harddisk1\DR1\Partition0
    21:05:13.0780 9632\Device\Harddisk1\DR1\Partition0 - ok
    21:05:13.0782 9632Boot (0x1200) (bcb5d1658767a69dd74291453a06d57a) \Device\Harddisk1\DR1\Partition1
    21:05:13.0784 9632\Device\Harddisk1\DR1\Partition1 - ok
    21:05:13.0785 9632============================================================
    21:05:13.0785 9632Scan finished
    21:05:13.0785 9632============================================================
    21:05:13.0795 10712Detected object count: 0
    21:05:13.0795 10712Actual detected object count: 0
    21:05:50.0455 7148Deinitialize success
     
  5. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  6. PBRRRRR

    PBRRRRR TS Rookie Topic Starter

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: reymund [Admin rights]
    Mode: Scan -- Date: 07/31/2012 21:38:14

    ¤¤¤ Bad processes: 2 ¤¤¤
    [SUSP PATH] M4-Service.exe -- C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe -> KILLED [TermProc]
    [SUSP PATH] M4-Capture.exe -- C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Capture.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 4 ¤¤¤
    [BLACKLIST DLL] HKCU\[...]\Run : TUGZip (rundll32.exe C:\Users\reymund\AppData\Local\TUGZip\dzlklmbm.dll,ClInteOp_SetTitle) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-21-3316494744-4244092113-3857006852-1000[...]\Run : TUGZip (rundll32.exe C:\Users\reymund\AppData\Local\TUGZip\dzlklmbm.dll,ClInteOp_SetTitle) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9750420AS +++++
    --- User ---
    [MBR] 438aeb0874ee8182aba6b4608acc5eec
    [BSP] 45a57d615983c17b561e94d0d88845a1 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 18399232 | Size: 706416 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: OCZ-AGILITY3 +++++
    --- User ---
    [MBR] b67d7f9b1e859f0a3ed7a11708b2215a
    [BSP] c4322ecaf342794309bfb4ee62a5890f : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt

    aswMBR
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-31 21:43:34
    -----------------------------
    21:43:34.271 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:43:34.271 Number of processors: 8 586 0x2A07
    21:43:34.272 ComputerName: DORNE UserName:
    21:43:34.546 Initialize success
    21:43:34.591 AVAST engine defs: 12073102
    21:43:50.935 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:43:50.940 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 8
    21:43:50.944 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
    21:43:50.946 Disk 1 Vendor: OCZ-AGIL 2.13 Size: 114473MB BusType: 8
    21:43:50.950 Disk 1 MBR read successfully
    21:43:50.953 Disk 1 MBR scan
    21:43:50.958 Disk 1 Windows 7 default MBR code
    21:43:50.962 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    21:43:50.966 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
    21:43:50.973 Disk 1 scanning C:\Windows\system32\drivers
    21:43:51.971 Service scanning
    21:43:55.346 Modules scanning
    21:43:55.364 Disk 1 trace - called modules:
    21:43:55.381 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
    21:43:55.392 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800f1cb060]
    21:43:55.402 3 CLASSPNP.SYS[fffff88001b7343f] -> nt!IofCallDriver -> [0xfffffa800f0c3ba0]
    21:43:55.413 5 stdcfltn.sys[fffff88001ab3c52] -> nt!IofCallDriver -> [0xfffffa800d6916b0]
    21:43:55.419 7 ACPI.sys[fffff88000fa57a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800d69b050]
    21:43:55.696 AVAST engine scan C:\Windows
    21:43:56.056 AVAST engine scan C:\Windows\system32
    21:44:25.818 AVAST engine scan C:\Windows\system32\drivers
    21:44:27.304 AVAST engine scan C:\Users\reymund
    21:44:46.132 AVAST engine scan C:\ProgramData
    21:44:57.468 Scan finished successfully
    21:45:08.471 Disk 1 MBR has been saved successfully to "C:\Users\reymund\Desktop\To Be Reviewed\MBR.dat"
    21:45:08.474 The log file has been saved successfully to "C:\Users\reymund\Desktop\To Be Reviewed\aswMBR.txt"
     
  7. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. PBRRRRR

    PBRRRRR TS Rookie Topic Starter

    ComboFix 12-07-30.03 - reymund 07/31/2012 22:32:34.4.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16332.13192 [GMT -4:00]
    Running from: c:\users\reymund\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-01 02:36 . 2012-08-01 02:36--------d-----w-c:\users\VaultAppPool\AppData\Local\temp
    2012-08-01 02:36 . 2012-08-01 02:36--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-08-01 02:36 . 2012-08-01 02:36--------d-----w-c:\users\svc_inwesteros\AppData\Local\temp
    2012-08-01 02:36 . 2012-08-01 02:36--------d-----w-c:\users\Public\AppData\Local\temp
    2012-08-01 02:36 . 2012-08-01 02:36--------d-----w-c:\users\DefaultAppPool\AppData\Local\temp
    2012-08-01 02:36 . 2012-08-01 02:36--------d-----w-c:\users\Default\AppData\Local\temp
    2012-08-01 02:36 . 2012-08-01 02:36--------d-----w-c:\users\Classic .NET AppPool\AppData\Local\temp
    2012-08-01 02:29 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-08-01 02:29 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-08-01 02:29 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-08-01 02:29 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-08-01 02:29 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-08-01 02:29 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-07-26 11:39 . 2012-07-03 16:21958400----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-07-26 11:39 . 2012-07-03 16:2171064----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-26 11:39 . 2012-07-03 16:2159728----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-07-26 11:39 . 2012-07-03 16:2154072----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-07-26 11:39 . 2012-07-03 16:21355856----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-07-26 11:39 . 2012-07-03 16:2125232----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-26 11:38 . 2012-07-03 16:2141224----a-w-c:\windows\avastSS.scr
    2012-07-26 11:38 . 2012-07-03 16:21227648----a-w-c:\windows\SysWow64\aswBoot.exe
    2012-07-26 00:38 . 2012-07-03 16:21285328----a-w-c:\windows\system32\aswBoot.exe
    2012-07-26 00:37 . 2012-07-26 11:38--------d-----w-c:\programdata\AVAST Software
    2012-07-26 00:37 . 2012-07-26 11:38--------d-----w-c:\program files\AVAST Software
    2012-07-25 23:50 . 2012-07-26 00:11--------d-----w-C:\TDSSKiller_Quarantine
    2012-07-25 05:46 . 2012-07-25 05:46--------d-----w-c:\users\reymund\AppData\Roaming\Malwarebytes
    2012-07-25 05:46 . 2012-07-25 05:46--------d-----w-c:\programdata\Malwarebytes
    2012-07-25 05:46 . 2012-07-25 05:46--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-25 05:46 . 2012-07-03 17:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-22 02:53 . 2012-07-22 02:54--------d-----w-c:\users\reymund\AppData\Roaming\SparkPDF
    2012-07-22 02:53 . 2012-07-22 02:53--------d-----w-c:\program files (x86)\SparkPDF
    2012-07-17 23:44 . 2012-07-17 23:44--------d-----w-c:\programdata\Age of Empires 3
    2012-07-11 04:48 . 2012-07-11 04:48--------d-----w-c:\programdata\PuppetLabs
    2012-07-11 04:48 . 2012-07-11 04:48--------d-----w-c:\program files (x86)\Puppet Labs
    2012-07-04 16:31 . 2009-07-14 01:41101376----a-w-c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-21 19:15 . 2012-03-31 15:37426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-21 19:15 . 2011-11-26 16:4770344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-01 17:55 . 2012-02-02 17:33472808----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-06-30 01:17 . 2012-06-30 01:17955840----a-w-c:\windows\system32\npDeployJava1.dll
    2012-06-30 01:17 . 2012-06-30 01:17839096----a-w-c:\windows\system32\deployJava1.dll
    2012-06-30 01:17 . 2012-06-30 01:17268720----a-w-c:\windows\system32\javaws.exe
    2012-06-30 01:17 . 2012-06-30 01:17189360----a-w-c:\windows\system32\javaw.exe
    2012-06-30 01:17 . 2012-06-30 01:17188840----a-w-c:\windows\system32\java.exe
    2012-05-25 05:06 . 2012-05-25 03:01548800----a-w-c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-25_06.26.37 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2009-07-14 04:5516384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-08-01 01:3416384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2009-07-14 04:5532768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-01 01:3432768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2009-07-14 04:5516384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-01 01:3416384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-11-26 05:21 . 2012-07-28 01:2660410 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-28 01:2630162 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-06-02 19:19 . 2012-06-02 19:1979232 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
    + 2009-07-14 04:46 . 2012-08-01 02:2989640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-11-26 05:21 . 2012-07-28 01:265054 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3316494744-4244092113-3857006852-1000_UserData.bin
    - 2012-07-25 05:47 . 2012-07-25 05:472048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-28 01:24 . 2012-07-28 01:242048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-28 01:24 . 2012-07-28 01:242048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-25 05:47 . 2012-07-25 05:472048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-11-26 14:55 . 2012-07-27 23:18105878 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 02:36 . 2012-07-31 23:52870808 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-07-31 23:52199854 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:01 . 2012-07-28 01:24385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-07-25 05:47385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-12 16:16 . 2009-07-12 16:16223232 c:\windows\Installer\2298cb.msi
    + 2009-07-14 04:45 . 2012-07-28 01:246080020 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-06-01 00:326080020 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2011-11-26 16:19 . 2012-07-28 01:246822488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-8192.dat
    - 2011-11-26 16:19 . 2012-07-25 05:476822488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-8192.dat
    - 2011-11-26 06:26 . 2012-07-25 03:506241755 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-12288.dat
    + 2011-11-26 06:26 . 2012-07-27 02:596241755 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-12288.dat
    + 2012-07-18 20:42 . 2012-07-18 20:427931392 c:\windows\Installer\248dc4b.msi
    - 2009-07-14 02:34 . 2012-04-07 21:1110485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-08-01 02:2910485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2012-08-01 02:31 . 2012-08-01 02:3110485760 c:\windows\erdnt\Hiv-backup\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-26 1242448]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
    "TUGZip"="c:\users\reymund\AppData\Local\TUGZip\dzlklmbm.dll" [2012-07-25 764416]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-09-02 1636208]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 M4-Service;M4-Service;c:\users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-01-16 1007472]
    R2 OpenSSHd;OpenSSH Server;c:\program files (x86)\OpenSSH\bin\cygrunsrv.exe [2004-04-18 36864]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-11-30 326760]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
    R4 SQLAgent$INWESTEROS;SQL Server Agent (INWESTEROS);d:\program files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-11-04 224048]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-11-04 130864]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
    S2 MSSQL$INWESTEROS;SQL Server (INWESTEROS);d:\program files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S2 puppet;Puppet Agent;c:\program files (x86)\Puppet Labs\Puppet\service\daemon.bat [2012-04-10 87]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-09 2655768]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-08-20 27760]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-26 279616]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-05-03 317440]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-30 76912]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-17 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-17 180736]
    S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [2009-02-23 22168]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-11-04 165680]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 17066186
    *Deregistered* - 17066186
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcsREG_MULTI_SZ w3svc was
    apphostREG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3316494744-4244092113-3857006852-1000Core.job
    - c:\users\reymund\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 06:45]
    .
    2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3316494744-4244092113-3857006852-1000UA.job
    - c:\users\reymund\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 06:45]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21133400----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-15 1694016]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2010-11-10 13256]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-27 765552]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: Interfaces\{7F1479AA-18CE-4520-9DBD-DB21F7DFF5BD}: NameServer = 192.168.2.154,192.168.2.129
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\puppet]
    "ImagePath"="\"c:\program files (x86)\Puppet Labs\Puppet\service\daemon.bat\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:22,6a,db,ae,14,3a,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,59,4f,ae,54,3f,66,4b,9b,3d,fb,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,59,4f,ae,54,3f,66,4b,9b,3d,fb,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-07-31 22:38:15
    ComboFix-quarantined-files.txt 2012-08-01 02:38
    ComboFix2.txt 2012-07-26 00:20
    .
    Pre-Run: 46,728,904,704 bytes free
    Post-Run: 46,425,948,160 bytes free
    .
    - - End Of File - - BB32020E710083AE491870B3BC84B57E
     
  9. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\users\reymund\AppData\Local\TUGZip\dzlklmbm.dll
    
    DirLook::
    c:\users\reymund\AppData\Local\TUGZip
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TUGZip"=-
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  10. PBRRRRR

    PBRRRRR TS Rookie Topic Starter

    Hopefully this did it. Don't see any IExplore processes so far.
    ComboFix 12-07-30.03 - reymund 07/31/2012 23:00:37.5.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16332.13147 [GMT -4:00]
    Running from: c:\users\reymund\Desktop\ComboFix.exe
    Command switches used :: c:\users\reymund\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\reymund\AppData\Local\TUGZip\dzlklmbm.dll"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\reymund\AppData\Local\TUGZip\dzlklmbm.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-01 03:04 . 2012-08-01 03:04--------d-----w-c:\users\VaultAppPool\AppData\Local\temp
    2012-08-01 03:04 . 2012-08-01 03:04--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-08-01 03:04 . 2012-08-01 03:04--------d-----w-c:\users\svc_inwesteros\AppData\Local\temp
    2012-08-01 03:04 . 2012-08-01 03:04--------d-----w-c:\users\Public\AppData\Local\temp
    2012-08-01 03:04 . 2012-08-01 03:04--------d-----w-c:\users\DefaultAppPool\AppData\Local\temp
    2012-08-01 03:04 . 2012-08-01 03:04--------d-----w-c:\users\Default\AppData\Local\temp
    2012-08-01 03:04 . 2012-08-01 03:04--------d-----w-c:\users\Classic .NET AppPool\AppData\Local\temp
    2012-08-01 02:29 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-08-01 02:29 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-08-01 02:29 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-08-01 02:29 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-08-01 02:29 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-08-01 02:29 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-08-01 02:29 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-08-01 02:29 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-08-01 02:29 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-07-26 11:39 . 2012-07-03 16:21958400----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-07-26 11:39 . 2012-07-03 16:2171064----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-26 11:39 . 2012-07-03 16:2159728----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-07-26 11:39 . 2012-07-03 16:2154072----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-07-26 11:39 . 2012-07-03 16:21355856----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-07-26 11:39 . 2012-07-03 16:2125232----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-26 11:38 . 2012-07-03 16:2141224----a-w-c:\windows\avastSS.scr
    2012-07-26 11:38 . 2012-07-03 16:21227648----a-w-c:\windows\SysWow64\aswBoot.exe
    2012-07-26 00:38 . 2012-07-03 16:21285328----a-w-c:\windows\system32\aswBoot.exe
    2012-07-26 00:37 . 2012-07-26 11:38--------d-----w-c:\programdata\AVAST Software
    2012-07-26 00:37 . 2012-07-26 11:38--------d-----w-c:\program files\AVAST Software
    2012-07-25 23:50 . 2012-07-26 00:11--------d-----w-C:\TDSSKiller_Quarantine
    2012-07-25 05:46 . 2012-07-25 05:46--------d-----w-c:\users\reymund\AppData\Roaming\Malwarebytes
    2012-07-25 05:46 . 2012-07-25 05:46--------d-----w-c:\programdata\Malwarebytes
    2012-07-25 05:46 . 2012-07-25 05:46--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-25 05:46 . 2012-07-03 17:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-22 02:53 . 2012-07-22 02:54--------d-----w-c:\users\reymund\AppData\Roaming\SparkPDF
    2012-07-22 02:53 . 2012-07-22 02:53--------d-----w-c:\program files (x86)\SparkPDF
    2012-07-17 23:44 . 2012-07-17 23:44--------d-----w-c:\programdata\Age of Empires 3
    2012-07-11 04:48 . 2012-07-11 04:48--------d-----w-c:\programdata\PuppetLabs
    2012-07-11 04:48 . 2012-07-11 04:48--------d-----w-c:\program files (x86)\Puppet Labs
    2012-07-04 16:31 . 2009-07-14 01:41101376----a-w-c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-21 19:15 . 2012-03-31 15:37426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-21 19:15 . 2011-11-26 16:4770344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-01 17:55 . 2012-02-02 17:33472808----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-06-30 01:17 . 2012-06-30 01:17955840----a-w-c:\windows\system32\npDeployJava1.dll
    2012-06-30 01:17 . 2012-06-30 01:17839096----a-w-c:\windows\system32\deployJava1.dll
    2012-06-30 01:17 . 2012-06-30 01:17268720----a-w-c:\windows\system32\javaws.exe
    2012-06-30 01:17 . 2012-06-30 01:17189360----a-w-c:\windows\system32\javaw.exe
    2012-06-30 01:17 . 2012-06-30 01:17188840----a-w-c:\windows\system32\java.exe
    2012-05-25 05:06 . 2012-05-25 03:01548800----a-w-c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\users\reymund\AppData\Local\TUGZip ----
    .
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-25_06.26.37 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2009-07-14 04:5516384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-08-01 03:0516384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2009-07-14 04:5532768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-01 03:0532768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2009-07-14 04:5516384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-01 03:0516384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-11-26 05:21 . 2012-07-28 01:2660410 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-28 01:2630162 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-06-02 19:19 . 2012-06-02 19:1979232 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
    + 2009-07-14 04:46 . 2012-08-01 02:2989640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-11-26 05:21 . 2012-07-28 01:265054 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3316494744-4244092113-3857006852-1000_UserData.bin
    - 2012-07-25 05:47 . 2012-07-25 05:472048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-01 03:05 . 2012-08-01 03:052048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-01 03:05 . 2012-08-01 03:052048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-25 05:47 . 2012-07-25 05:472048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-11-26 14:55 . 2012-07-27 23:18105878 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 02:36 . 2012-07-31 23:52870808 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-07-31 23:52199854 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:01 . 2012-08-01 03:04385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-07-25 05:47385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-12 16:16 . 2009-07-12 16:16223232 c:\windows\Installer\2298cb.msi
    + 2009-07-14 04:45 . 2012-08-01 03:056080020 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-06-01 00:326080020 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2011-11-26 16:19 . 2012-08-01 03:046822488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-8192.dat
    - 2011-11-26 16:19 . 2012-07-25 05:476822488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-8192.dat
    - 2011-11-26 06:26 . 2012-07-25 03:506241755 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-12288.dat
    + 2011-11-26 06:26 . 2012-07-27 02:596241755 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-12288.dat
    + 2012-07-18 20:42 . 2012-07-18 20:427931392 c:\windows\Installer\248dc4b.msi
    - 2009-07-14 02:34 . 2012-04-07 21:1110485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-08-01 02:4010485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-26 1242448]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-09-02 1636208]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-09 2655768]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-11-30 326760]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
    R4 SQLAgent$INWESTEROS;SQL Server Agent (INWESTEROS);d:\program files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-11-04 224048]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-11-04 130864]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 M4-Service;M4-Service;c:\users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-01-16 1007472]
    S2 MSSQL$INWESTEROS;SQL Server (INWESTEROS);d:\program files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]
    S2 OpenSSHd;OpenSSH Server;c:\program files (x86)\OpenSSH\bin\cygrunsrv.exe [2004-04-18 36864]
    S2 puppet;Puppet Agent;c:\program files (x86)\Puppet Labs\Puppet\service\daemon.bat [2012-04-10 87]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-08-20 27760]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-26 279616]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-05-03 317440]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-30 76912]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-17 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-17 180736]
    S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [2009-02-23 22168]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-11-04 165680]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcsREG_MULTI_SZ w3svc was
    apphostREG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3316494744-4244092113-3857006852-1000Core.job
    - c:\users\reymund\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 06:45]
    .
    2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3316494744-4244092113-3857006852-1000UA.job
    - c:\users\reymund\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 06:45]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21133400----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-15 1694016]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2010-11-10 13256]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-27 765552]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: Interfaces\{7F1479AA-18CE-4520-9DBD-DB21F7DFF5BD}: NameServer = 192.168.2.154,192.168.2.129
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\puppet]
    "ImagePath"="\"c:\program files (x86)\Puppet Labs\Puppet\service\daemon.bat\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:22,6a,db,ae,14,3a,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,59,4f,ae,54,3f,66,4b,9b,3d,fb,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,59,4f,ae,54,3f,66,4b,9b,3d,fb,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\users\reymund\AppData\Roaming\Mikogo 4\M4-Capture.exe
    c:\program files (x86)\Puppet Labs\Puppet\sys\ruby\bin\rubyw.exe
    c:\program files (x86)\OpenSSH\usr\sbin\sshd.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-31 23:07:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-01 03:07
    ComboFix2.txt 2012-08-01 02:38
    ComboFix3.txt 2012-07-26 00:20
    .
    Pre-Run: 46,333,128,704 bytes free
    Post-Run: 46,230,515,712 bytes free
    .
    - - End Of File - - 404338326D9EF1995AE5B072241CAF5B
     
  11. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Very good :)

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
     
  12. PBRRRRR

    PBRRRRR TS Rookie Topic Starter

    Still no IExplore process and I haven't been redirect google searches so far.
    The only file that was created was OTL.txt:

    OTL logfile created on: 7/31/2012 11:20:48 PM - Run 3
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\reymund\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.95 Gb Total Physical Memory | 13.35 Gb Available Physical Memory | 83.70% Memory free
    17.95 Gb Paging File | 14.96 Gb Available in Paging File | 83.36% Paging File free
    Paging file location(s): d:\pagefile.sys 2048 16331 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.69 Gb Total Space | 41.88 Gb Free Space | 37.50% Space Free | Partition Type: NTFS
    Drive D: | 689.86 Gb Total Space | 417.20 Gb Free Space | 60.48% Space Free | Partition Type: NTFS

    Computer Name: DORNE | User Name: reymund | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/31 23:19:12 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\reymund\Desktop\OTL.exe
    PRC - [2012/07/31 23:08:56 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/04/14 00:26:46 | 001,592,160 | ---- | M] () -- C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Capture.exe
    PRC - [2012/02/16 14:44:00 | 000,070,737 | ---- | M] () -- C:\Program Files (x86)\Puppet Labs\Puppet\sys\ruby\bin\rubyw.exe
    PRC - [2012/01/16 06:04:46 | 001,007,472 | ---- | M] () -- C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe
    PRC - [2011/11/26 04:11:42 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/09/02 19:24:28 | 001,636,208 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
    PRC - [2010/12/09 15:38:20 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/09 15:38:20 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/16 23:43:30 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/11/10 11:51:20 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
    PRC - [2010/11/10 11:45:08 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    PRC - [2010/11/10 11:40:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    PRC - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/09/13 19:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/08/26 20:37:16 | 000,765,552 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    PRC - [2010/03/11 01:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    PRC - [2010/03/11 01:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    PRC - [2004/04/18 07:11:14 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/31 23:08:56 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/07/31 23:08:55 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/07/31 23:08:55 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/07/31 23:08:55 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/07/31 23:08:55 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/04/07 17:35:37 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
    MOD - [2012/04/07 17:34:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
    MOD - [2012/04/07 17:34:02 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
    MOD - [2012/04/07 17:18:18 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll
    MOD - [2012/04/07 17:18:08 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll
    MOD - [2012/04/07 17:18:07 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
    MOD - [2012/04/07 17:18:07 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
    MOD - [2012/04/07 17:18:04 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
    MOD - [2012/04/07 17:18:01 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
    MOD - [2012/04/07 17:18:00 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
    MOD - [2012/04/07 17:18:00 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
    MOD - [2012/04/07 17:17:59 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
    MOD - [2012/04/07 17:17:58 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
    MOD - [2012/04/07 17:17:54 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
    MOD - [2012/04/07 17:17:54 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
    MOD - [2012/02/25 15:51:06 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c6b914d595e5b00ae540004a71c6c3a2\IAStorUtil.ni.dll
    MOD - [2012/02/25 15:31:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
    MOD - [2012/02/25 15:31:29 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
    MOD - [2012/02/25 15:31:24 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
    MOD - [2012/02/25 15:31:16 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
    MOD - [2012/02/25 15:31:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
    MOD - [2012/02/25 15:31:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
    MOD - [2012/02/25 15:31:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
    MOD - [2011/11/26 04:43:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll
    MOD - [2011/11/26 04:19:20 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/09/02 19:24:28 | 001,636,208 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
    MOD - [2010/11/10 11:40:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    MOD - [2010/08/26 20:37:16 | 000,765,552 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    MOD - [2009/12/18 12:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
    MOD - [2004/04/18 07:11:14 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2011/03/17 04:14:56 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/01/05 14:41:38 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2011/01/05 14:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2011/01/05 14:26:56 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/11/10 11:40:46 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/07/13 21:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
    SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/07/31 23:08:56 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/04/10 16:04:50 | 000,000,087 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Puppet Labs\Puppet\service\daemon.bat -- (puppet)
    SRV - [2012/01/16 06:04:46 | 001,007,472 | ---- | M] () [Auto | Running] -- C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe -- (M4-Service)
    SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/12/09 15:38:20 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/09 15:38:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/11/20 05:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 05:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2010/11/20 05:18:04 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/04/03 11:00:12 | 061,913,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\Program Files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\sqlservr.exe -- (MSSQL$INWESTEROS)
    SRV - [2010/04/03 11:00:10 | 000,428,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- d:\Program Files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$INWESTEROS)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/02 16:13:40 | 000,481,616 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe -- (SONICWALL_NetExtender)
    SRV - [2004/04/18 07:11:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe -- (OpenSSHd)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2011/11/26 04:35:53 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/11/04 13:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
    DRV:64bit: - [2011/10/21 18:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/05/03 19:39:26 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/03/17 04:14:56 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/04 12:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2010/11/30 12:48:38 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010/11/30 12:32:36 | 000,326,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2010/11/29 15:03:06 | 001,395,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 04:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 02:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/16 23:43:32 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/11/16 23:43:32 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/09/13 19:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/08/20 12:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
    DRV:64bit: - [2010/08/20 12:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
    DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
    DRV:64bit: - [2009/09/08 19:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/26 16:43:42 | 000,016,752 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/02/23 17:56:08 | 000,022,168 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SSLDrv.sys -- (SSLDrv)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/06/26 16:43:42 | 000,013,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 9F AE B6 FF AB CC 01 [binary data]
    IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\reymund\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\reymund\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\reymund\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\reymund\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\reymund\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\reymund\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\reymund\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\reymund\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\reymund\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\reymund\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

    O1 HOSTS File: ([2012/07/31 23:05:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\..Trusted Domains: cbipartner.com ([]* in Local intranet)
    O15 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\..Trusted Domains: darcoasp.net ([]* in Local intranet)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.7.0_05)
    O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://remote2.darcoasp.net/NELX.cab (NELaunchCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westeros.net
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F1479AA-18CE-4520-9DBD-DB21F7DFF5BD}: NameServer = 192.168.2.154,192.168.2.129
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
    O18:64bit: - Protocol\Filter\ica - No CLSID value found
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/31 23:19:18 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\reymund\Desktop\OTL.exe
    [2012/07/31 23:05:50 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/31 23:04:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/31 22:18:34 | 004,721,982 | R--- | C] (Swearware) -- C:\Users\reymund\Desktop\ComboFix.exe
    [2012/07/31 21:40:45 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\reymund\Desktop\aswMBR.exe
    [2012/07/31 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\reymund\Desktop\RK_Quarantine
    [2012/07/31 21:04:11 | 000,000,000 | ---D | C] -- C:\Users\reymund\Desktop\tdsskiller
    [2012/07/31 19:51:34 | 000,000,000 | ---D | C] -- C:\Users\reymund\Desktop\To Be Reviewed
    [2012/07/26 07:39:06 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/07/26 07:39:06 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/07/26 07:39:06 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/07/26 07:39:06 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/07/26 07:39:06 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/07/26 07:39:06 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/07/26 07:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/07/26 07:38:57 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/26 07:38:56 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/07/25 20:38:11 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/07/25 20:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/07/25 20:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/07/25 19:50:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/07/25 13:08:34 | 000,000,000 | ---D | C] -- C:\Users\reymund\AppData\Roaming\Mozilla
    [2012/07/25 02:20:15 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/25 01:46:48 | 000,000,000 | ---D | C] -- C:\Users\reymund\AppData\Roaming\Malwarebytes
    [2012/07/25 01:46:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/25 01:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/25 01:46:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/25 01:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/25 00:01:57 | 000,000,000 | ---D | C] -- C:\Users\reymund\Desktop\gggggg
    [2012/07/21 22:53:34 | 000,000,000 | ---D | C] -- C:\Users\reymund\AppData\Roaming\SparkPDF
    [2012/07/21 22:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SparkPDF
    [2012/07/21 22:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SparkPDF
    [2012/07/21 22:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2012/07/17 19:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
    [2012/07/17 19:44:32 | 000,000,000 | ---D | C] -- C:\Users\reymund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2012/07/16 22:47:04 | 000,000,000 | ---D | C] -- C:\Users\reymund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    [2012/07/11 00:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PuppetLabs
    [2012/07/11 00:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Puppet Labs
    [2012/07/11 00:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puppet

    ========== Files - Modified Within 30 Days ==========

    [2012/07/31 23:20:13 | 000,050,786 | ---- | M] () -- C:\Users\reymund\Desktop\Capture4.JPG
    [2012/07/31 23:19:12 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\reymund\Desktop\OTL.exe
    [2012/07/31 23:14:57 | 001,075,312 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/31 23:14:57 | 000,870,808 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/31 23:14:57 | 000,199,854 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/31 23:14:02 | 000,016,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/31 23:14:02 | 000,016,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/31 23:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/31 23:08:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3316494744-4244092113-3857006852-1000UA.job
    [2012/07/31 23:05:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/31 22:58:50 | 000,074,127 | ---- | M] () -- C:\Users\reymund\Desktop\Capture3.JPG
    [2012/07/31 22:21:24 | 000,107,000 | ---- | M] () -- C:\Users\reymund\Desktop\Capture2.JPG
    [2012/07/31 22:20:35 | 000,163,814 | ---- | M] () -- C:\Users\reymund\Desktop\Capture1.JPG
    [2012/07/31 22:18:41 | 004,721,982 | R--- | M] (Swearware) -- C:\Users\reymund\Desktop\ComboFix.exe
    [2012/07/31 21:41:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\reymund\Desktop\aswMBR.exe
    [2012/07/31 21:36:26 | 001,552,384 | ---- | M] () -- C:\Users\reymund\Desktop\RogueKiller.exe
    [2012/07/31 21:03:41 | 002,117,108 | ---- | M] () -- C:\Users\reymund\Desktop\tdsskiller.zip
    [2012/07/31 20:00:28 | 000,302,592 | ---- | M] () -- C:\Users\reymund\Desktop\0n88ejnj.exe
    [2012/07/31 00:14:29 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3316494744-4244092113-3857006852-1000Core.job
    [2012/07/30 00:12:05 | 000,335,126 | ---- | M] () -- C:\Users\reymund\Desktop\CP7672 Digital Multimeter.pdf
    [2012/07/26 07:39:06 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/07/26 07:39:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/07/26 07:34:25 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/25 01:46:42 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/25 00:42:32 | 000,000,599 | ---- | M] () -- C:\Users\reymund\_viminfo
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/07/03 12:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/07/01 23:59:47 | 000,000,600 | ---- | M] () -- C:\Users\reymund\AppData\Roaming\winscp.rnd

    ========== Files Created - No Company Name ==========

    [2012/07/31 23:20:13 | 000,050,786 | ---- | C] () -- C:\Users\reymund\Desktop\Capture4.JPG
    [2012/07/31 22:58:50 | 000,074,127 | ---- | C] () -- C:\Users\reymund\Desktop\Capture3.JPG
    [2012/07/31 22:21:24 | 000,107,000 | ---- | C] () -- C:\Users\reymund\Desktop\Capture2.JPG
    [2012/07/31 22:20:35 | 000,163,814 | ---- | C] () -- C:\Users\reymund\Desktop\Capture1.JPG
    [2012/07/31 21:36:24 | 001,552,384 | ---- | C] () -- C:\Users\reymund\Desktop\RogueKiller.exe
    [2012/07/31 21:03:29 | 002,117,108 | ---- | C] () -- C:\Users\reymund\Desktop\tdsskiller.zip
    [2012/07/31 20:00:27 | 000,302,592 | ---- | C] () -- C:\Users\reymund\Desktop\0n88ejnj.exe
    [2012/07/30 00:12:24 | 000,335,126 | ---- | C] () -- C:\Users\reymund\Desktop\CP7672 Digital Multimeter.pdf
    [2012/07/26 07:39:06 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/07/26 07:34:25 | 000,002,324 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/07/25 20:38:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/07/25 01:46:42 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/25 00:42:32 | 000,000,599 | ---- | C] () -- C:\Users\reymund\_viminfo
    [2012/06/29 21:20:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/29 21:20:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/29 21:20:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/29 21:20:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/29 21:20:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/21 14:36:12 | 000,000,379 | ---- | C] () -- C:\Users\reymund\.bash_history
    [2011/11/26 17:23:40 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
    [2011/11/26 17:23:40 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
    [2011/11/26 04:23:21 | 000,000,600 | ---- | C] () -- C:\Users\reymund\AppData\Roaming\winscp.rnd
    [2011/11/26 02:23:00 | 000,840,204 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/11/26 02:14:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
    [2011/11/26 01:29:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/11/26 01:29:07 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/10/21 18:27:54 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/10/21 18:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/10/21 18:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2010/11/10 11:50:38 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll

    ========== LOP Check ==========

    [2012/02/28 11:50:49 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\Canon
    [2011/11/30 00:22:45 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\Chrome
    [2012/05/24 22:29:46 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\DAEMON Tools Lite
    [2011/11/29 01:30:05 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\ICAClient
    [2012/04/14 05:09:57 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\IDT
    [2012/01/29 13:13:12 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\ImgBurn
    [2012/04/14 00:26:49 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\Mikogo 4
    [2011/11/26 12:28:42 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\Notepad++
    [2012/07/21 22:54:43 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\SparkPDF
    [2012/01/03 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\Stardock
    [2011/12/02 17:54:36 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\TS3Client
    [2009/07/14 01:08:49 | 000,014,208 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    OTL log is clean.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. PBRRRRR

    PBRRRRR TS Rookie Topic Starter

    Security Check
    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 25
    Java version out of Date!
    Google Chrome 20.0.1132.47
    Google Chrome 20.0.1132.57
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 29% Defragment your hard drive soon!
    ````````````````````End of Log``````````````````````

    FSS
    Farbar Service Scanner Version: 26-07-2012
    Ran by reymund (administrator) on 01-08-2012 at 00:14:57
    Running from "C:\Users\reymund\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============

    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    ESET

    C:\TDSSKiller_Quarantine\25.07.2012_19.45.08\mbr0000\tdlfs0000\tsk0000.dtaWin32/Olmarik.AYI trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.07.2012_19.45.08\mbr0000\tdlfs0000\tsk0001.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.07.2012_19.45.08\mbr0000\tdlfs0000\tsk0002.dtaWin32/Olmarik.AWO trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.07.2012_19.45.08\mbr0000\tdlfs0000\tsk0003.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.07.2012_19.45.08\mbr0000\tdlfs0000\tsk0007.dtaWin32/Olmarik.AFK trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.07.2012_19.45.08\mbr0000\tdlfs0000\tsk0008.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.07.2012_20.10.35\tdlfs0000\tsk0000.dtaWin32/Olmarik.AYI trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.07.2012_20.10.35\tdlfs0000\tsk0001.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.07.2012_20.10.35\tdlfs0000\tsk0002.dtaWin32/Olmarik.AWO trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.07.2012_20.10.35\tdlfs0000\tsk0003.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.07.2012_20.10.35\tdlfs0000\tsk0007.dtaWin32/Olmarik.AFK trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.07.2012_20.10.35\tdlfs0000\tsk0008.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
     
  15. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==========================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  16. PBRRRRR

    PBRRRRR TS Rookie Topic Starter

    Still no Google redirects and no rogue IE processes! Computer is running smoothly. Thank you very much! You title as "Malware Annihilator" is well deserved!

    Here was the final log from OTL:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Classic .NET AppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: reymund
    ->Temp folder emptied: 262779 bytes
    ->Temporary Internet Files folder emptied: 91195 bytes
    ->Java cache emptied: 2027 bytes
    ->Google Chrome cache emptied: 72318428 bytes
    ->Flash cache emptied: 2143 bytes

    User: svc_inwesteros
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: VaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1762 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 9990984 bytes

    Total Files Cleaned = 79.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Classic .NET AppPool

    User: Default

    User: Default User

    User: DefaultAppPool

    User: Public

    User: reymund
    ->Flash cache emptied: 0 bytes

    User: svc_inwesteros

    User: UpdatusUser

    User: VaultAppPool

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Classic .NET AppPool

    User: Default

    User: Default User

    User: DefaultAppPool

    User: Public

    User: reymund
    ->Java cache emptied: 0 bytes

    User: svc_inwesteros

    User: UpdatusUser

    User: VaultAppPool

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.55.0 log created on 08032012_005130

    Files\Folders moved on Reboot...
    C:\Users\reymund\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Users\reymund\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    [2012/08/03 01:07:01 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

    Registry entries deleted on Reboot...
     
  17. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Yes!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.