Solved Google redirect\iexplore.exe problem

P

PBRRRRR

Posts: 9   +0
I need help removing the virus that does that occasional redirects from clicking links on a Google Search. There are also two IExplore.exe *32 processes that always run in the background even if I don't have Internet Explorer running. They respawn if I try to kill them. Thanks!

Here are the mandatory log files:

Malwarebytes Anti-Malware log
C Drive

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.24.12

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
reymund :: DORNE [administrator]

7/25/2012 1:51:04 AM
mbam-log-2012-07-25 (01-51-04).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 462904
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

D Drive
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.24.12

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
reymund :: DORNE [administrator]

7/25/2012 2:05:08 AM
mbam-log-2012-07-25 (02-05-08).txt

Scan type: Full scan (D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 324007
Time elapsed: 14 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
GMER Log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-31 20:25:41
Windows 6.1.7601 Service Pack 1
Running: 0n88ejnj.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c44610db
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\DNSRegisteredAdapters\{C2876AC9-E6AD-4C7A-B23B-09D30C758EC5}@RegisteredSinceBoot 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c44610db (not active ControlSet)
---- EOF - GMER 1.0.15 ----
DDS Logs
DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by reymund at 20:31:00 on 2012-07-31
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16332.13540 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe
d:\Program Files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\sqlservr.exe
C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Capture.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\OpenSSH\usr\sbin\sshd.exe
C:\Program Files (x86)\Puppet Labs\Puppet\sys\ruby\bin\rubyw.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\prevhost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [TUGZip] rundll32.exe C:\Users\reymund\AppData\Local\TUGZip\dzlklmbm.dll,ClInteOp_SetTitle
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://remote2.darcoasp.net/NELX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{7F1479AA-18CE-4520-9DBD-DB21F7DFF5BD} : NameServer = 192.168.2.154,192.168.2.129
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 192.168.1.78deploy
Hosts: 192.168.1.139vmscripts01
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-26 89600]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-26 44808]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-26 13336]
R2 M4-Service;M4-Service;C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-1-16 1007472]
R2 MSSQL$INWESTEROS;SQL Server (INWESTEROS);D:\Program Files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\sqlservr.exe [2010-4-3 61913952]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-26 2253120]
R2 OpenSSHd;OpenSSH Server;C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe [2004-4-18 36864]
R2 puppet;Puppet Agent;C:\Program Files (x86)\Puppet Labs\Puppet\service\daemon.bat [2012-4-10 87]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-26 2655768]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 SSLDrv;SSL-VPN NetExtender Adapter;C:\Windows\system32\DRIVERS\SSLDrv.sys --> C:\Windows\system32\DRIVERS\SSLDrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
S4 SQLAgent$INWESTEROS;SQL Server Agent (INWESTEROS);D:\Program Files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-07-27 09:10:4469000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4CE6C286-3819-4F50-A81B-9BF3C76AD577}\offreg.dll
2012-07-26 11:39:06958400----a-w-C:\Windows\System32\drivers\aswSnx.sys
2012-07-26 11:39:0671064----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-26 11:39:0654072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
2012-07-26 11:38:5741224----a-w-C:\Windows\avastSS.scr
2012-07-26 11:38:12--------d-sh--w-C:\$RECYCLE.BIN
2012-07-26 00:37:53--------d-----w-C:\ProgramData\AVAST Software
2012-07-26 00:37:53--------d-----w-C:\Program Files\AVAST Software
2012-07-25 23:50:50--------d-----w-C:\TDSSKiller_Quarantine
2012-07-25 05:46:48--------d-----w-C:\Users\reymund\AppData\Roaming\Malwarebytes
2012-07-25 05:46:4224904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-07-25 05:46:42--------d-----w-C:\ProgramData\Malwarebytes
2012-07-25 05:46:42--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-22 02:53:34--------d-----w-C:\Users\reymund\AppData\Roaming\SparkPDF
2012-07-22 02:53:21--------d-----w-C:\Program Files (x86)\SparkPDF
2012-07-17 23:44:46--------d-----w-C:\ProgramData\Age of Empires 3
2012-07-11 04:48:52--------d-----w-C:\ProgramData\PuppetLabs
2012-07-11 04:48:52--------d-----w-C:\Program Files (x86)\Puppet Labs
2012-07-04 16:31:23101376----a-w-C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
.
==================== Find3M ====================
.
2012-07-21 19:15:4170344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-21 19:15:41426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-01 17:55:31472808----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-06-30 01:17:01955840----a-w-C:\Windows\System32\npDeployJava1.dll
2012-06-30 01:17:01839096----a-w-C:\Windows\System32\deployJava1.dll
.
============= FINISH: 20:31:13.81 ===============
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 11/25/2011 9:50:17 PM
System Uptime: 7/27/2012 9:24:23 PM (95 hours ago)
.
Motherboard: Alienware | | M17xR3
Processor: Intel(R) Core(TM) i7-2720QM CPU @ 2.20GHz | CPU1 | 2201/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 41.946 GiB free.
D: is FIXED (NTFS) - 690 GiB total, 417.201 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Centrino(R) Ultimate-N 6300 AGN
Device ID: PCI\VEN_8086&DEV_422B&SUBSYS_11218086&REV_35\4&1AA90A9&0&00E2
Manufacturer: Intel Corporation
Name: Intel(R) Centrino(R) Ultimate-N 6300 AGN
PNP Device ID: PCI\VEN_8086&DEV_422B&SUBSYS_11218086&REV_35\4&1AA90A9&0&00E2
Service: NETwNs64
.
==== System Restore Points ===================
.
RP87: 7/9/2012 - Scheduled Checkpoint
RP88: 7/11/2012 12:48:32 AM - Installed Puppet
RP89: 7/17/2012 7:43:53 PM - Installed DirectX 9.0
RP90: 7/25/2012 3:24:28 AM - Scheduled Checkpoint
RP91: 7/25/2012 8:37:49 PM - avast! Free Antivirus Setup
RP92: 7/26/2012 7:31:20 AM - avast! Free Antivirus Setup
RP93: 7/26/2012 7:33:10 AM - Windows Update
RP94: 7/26/2012 7:38:45 AM - avast! Free Antivirus Setup
RP95: 7/27/2012 9:22:56 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
AccelerometerP11
Adobe Flash Player 11 ActiveX
Age of Empires® III: Complete Collection
Alienware On-Screen Display
Apache Directory Studio - (remove only)
Apple Application Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AutoHotkey 1.0.48.05
avast! Free Antivirus
Blitzkrieg Mod
CanoScan Toolbox Ver4.9
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Command Center
Company of Heroes
Company of Heroes - FAKEMSI
Company of Heroes: Tales of Valor
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DSmobileSCAN II
Eastern Front
EMSC
Git version 1.7.9-preview20120201
Google Chrome
Google Talk Plugin
GoToMeeting 5.1.0.880
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
IDT Audio
ImgBurn
Impulse®
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 25
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word Add-in For MediaWiki
Microsoft Office Word MUI (English) 2010
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Web Developer 2010 Express - ENU
Mikogo 4
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenSSH for Windows (remove only)
PDF Reader
Puppet
Realtek PCIE Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Sins of a Solar Empire - Trinity
SonicWALL SSL-VPN NetExtender
SourceGear Vault Standard Client
StarCraft II
Steam
TUGZip 3.5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
WinSCP 4.1.7
Xming 6.9.0.31
xplorer² lite 32 bit
.
==== Event Viewer Messages From Past Week ========
.
7/26/2012 9:29:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/26/2012 9:29:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/26/2012 9:29:45 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
7/26/2012 9:29:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/26/2012 9:29:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/26/2012 9:29:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/26/2012 9:29:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/26/2012 9:29:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi ctxusbm discache spldr VBoxDrv VBoxUSBMon Wanarpv6
7/26/2012 9:29:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
7/25/2012 8:19:12 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/25/2012 8:15:46 PM, Error: Service Control Manager [7034] - The OpenSSH Server service terminated unexpectedly. It has done this 1 time(s).
7/25/2012 8:14:59 PM, Error: Service Control Manager [7034] - The M4-Service service terminated unexpectedly. It has done this 1 time(s).
7/25/2012 7:55:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache spldr VBoxDrv VBoxUSBMon Wanarpv6
7/25/2012 2:31:53 AM, Error: Service Control Manager [7034] - The Puppet Agent service terminated unexpectedly. It has done this 1 time(s).
7/25/2012 2:28:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
7/25/2012 2:20:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
7/25/2012 1:08:08 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC ctxusbm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VBoxDrv VBoxUSBMon vwififlt Wanarpv6 WfpLwf ws2ifsl
7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/25/2012 1:08:08 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/24/2012 11:53:37 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/24/2012 11:51:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/24/2012 11:51:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/24/2012 11:24:01 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
7/24/2012 11:23:28 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
7/24/2012 11:23:03 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Part 1

21:04:52.0215 11332TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:04:52.0680 11332============================================================
21:04:52.0680 11332Current date / time: 2012/07/31 21:04:52.0680
21:04:52.0680 11332SystemInfo:
21:04:52.0680 11332
21:04:52.0680 11332OS Version: 6.1.7601 ServicePack: 1.0
21:04:52.0680 11332Product type: Workstation
21:04:52.0680 11332ComputerName: DORNE
21:04:52.0680 11332UserName: reymund
21:04:52.0680 11332Windows directory: C:\Windows
21:04:52.0680 11332System windows directory: C:\Windows
21:04:52.0680 11332Running under WOW64
21:04:52.0680 11332Processor architecture: Intel x64
21:04:52.0680 11332Number of processors: 8
21:04:52.0680 11332Page size: 0x1000
21:04:52.0680 11332Boot type: Normal boot
21:04:52.0680 11332============================================================
21:04:55.0578 11332Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:04:55.0579 11332Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:04:55.0584 11332============================================================
21:04:55.0584 11332\Device\Harddisk0\DR0:
21:04:55.0584 11332MBR partitions:
21:04:55.0584 11332\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x118C000, BlocksNum 0x563B8000
21:04:55.0584 11332\Device\Harddisk1\DR1:
21:04:55.0584 11332MBR partitions:
21:04:55.0584 11332\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:04:55.0584 11332\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
21:04:55.0584 11332============================================================
21:04:55.0585 11332C: <-> \Device\Harddisk1\DR1\Partition1
21:04:55.0624 11332D: <-> \Device\Harddisk0\DR0\Partition0
21:04:55.0624 11332============================================================
21:04:55.0624 11332Initialize success
21:04:55.0624 11332============================================================
21:05:04.0181 9632============================================================
21:05:04.0181 9632Scan started
21:05:04.0181 9632Mode: Manual;
21:05:04.0181 9632============================================================
21:05:04.0401 96321394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:05:04.0406 96321394ohci - ok
21:05:04.0414 9632Acceler (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys
21:05:04.0415 9632Acceler - ok
21:05:04.0435 9632ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:05:04.0442 9632ACPI - ok
21:05:04.0448 9632AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:05:04.0450 9632AcpiPmi - ok
21:05:04.0475 9632adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:05:04.0481 9632adp94xx - ok
21:05:04.0497 9632adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:05:04.0502 9632adpahci - ok
21:05:04.0512 9632adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:05:04.0515 9632adpu320 - ok
21:05:04.0523 9632AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:05:04.0525 9632AeLookupSvc - ok
21:05:04.0534 9632AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
21:05:04.0535 9632AESTFilters - ok
21:05:04.0556 9632AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:05:04.0562 9632AFD - ok
21:05:04.0568 9632agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:05:04.0570 9632agp440 - ok
21:05:04.0575 9632ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:05:04.0577 9632ALG - ok
21:05:04.0583 9632AlienFusionService (4cfc72ae6c0ed4a04cb6042ae94024a9) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
21:05:04.0584 9632AlienFusionService - ok
21:05:04.0588 9632aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:05:04.0589 9632aliide - ok
21:05:04.0594 9632amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:05:04.0595 9632amdide - ok
21:05:04.0600 9632AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:05:04.0602 9632AmdK8 - ok
21:05:04.0607 9632AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:05:04.0609 9632AmdPPM - ok
21:05:04.0615 9632amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:05:04.0617 9632amdsata - ok
21:05:04.0626 9632amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:05:04.0629 9632amdsbs - ok
21:05:04.0631 9632amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:05:04.0632 9632amdxata - ok
21:05:04.0638 9632AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
21:05:04.0639 9632AppHostSvc - ok
21:05:04.0643 9632AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:05:04.0645 9632AppID - ok
21:05:04.0648 9632AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:05:04.0649 9632AppIDSvc - ok
21:05:04.0653 9632Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:05:04.0654 9632Appinfo - ok
21:05:04.0661 9632Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:05:04.0662 9632Apple Mobile Device - ok
21:05:04.0672 9632AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:05:04.0674 9632AppMgmt - ok
21:05:04.0679 9632arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:05:04.0681 9632arc - ok
21:05:04.0686 9632arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:05:04.0687 9632arcsas - ok
21:05:04.0707 9632aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:05:04.0708 9632aspnet_state - ok
21:05:04.0711 9632aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
21:05:04.0711 9632aswFsBlk - ok
21:05:04.0716 9632aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
21:05:04.0717 9632aswMonFlt - ok
21:05:04.0722 9632aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
21:05:04.0722 9632aswRdr - ok
21:05:04.0752 9632aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
21:05:04.0758 9632aswSnx - ok
21:05:04.0770 9632aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
21:05:04.0772 9632aswSP - ok
21:05:04.0776 9632aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
21:05:04.0777 9632aswTdi - ok
21:05:04.0780 9632AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:05:04.0781 9632AsyncMac - ok
21:05:04.0784 9632atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:05:04.0784 9632atapi - ok
21:05:04.0808 9632AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:05:04.0816 9632AudioEndpointBuilder - ok
21:05:04.0820 9632AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:05:04.0824 9632AudioSrv - ok
21:05:04.0829 9632avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:05:04.0830 9632avast! Antivirus - ok
21:05:04.0836 9632AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:05:04.0838 9632AxInstSV - ok
21:05:04.0856 9632b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:05:04.0860 9632b06bdrv - ok
21:05:04.0871 9632b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:05:04.0873 9632b57nd60a - ok
21:05:04.0881 9632BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:05:04.0882 9632BDESVC - ok
21:05:04.0885 9632Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:05:04.0886 9632Beep - ok
21:05:04.0911 9632BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:05:04.0917 9632BFE - ok
21:05:04.0946 9632BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:05:04.0954 9632BITS - ok
21:05:04.0962 9632blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:05:04.0963 9632blbdrive - ok
21:05:04.0980 9632Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:05:04.0984 9632Bonjour Service - ok
21:05:04.0989 9632bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:05:04.0990 9632bowser - ok
21:05:04.0993 9632BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:05:04.0993 9632BrFiltLo - ok
21:05:04.0996 9632BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:05:04.0996 9632BrFiltUp - ok
21:05:05.0004 9632BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:05:05.0005 9632BridgeMP - ok
21:05:05.0012 9632Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:05:05.0014 9632Browser - ok
21:05:05.0028 9632Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:05:05.0030 9632Brserid - ok
21:05:05.0034 9632BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:05:05.0035 9632BrSerWdm - ok
21:05:05.0038 9632BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:05:05.0039 9632BrUsbMdm - ok
21:05:05.0041 9632BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:05:05.0042 9632BrUsbSer - ok
21:05:05.0046 9632BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:05:05.0048 9632BthEnum - ok
21:05:05.0052 9632BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:05:05.0054 9632BTHMODEM - ok
21:05:05.0059 9632BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:05:05.0060 9632BthPan - ok
21:05:05.0081 9632BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:05:05.0086 9632BTHPORT - ok
21:05:05.0092 9632bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:05:05.0093 9632bthserv - ok
21:05:05.0098 9632BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:05:05.0099 9632BTHUSB - ok
21:05:05.0101 9632catchme - ok
21:05:05.0106 9632cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:05:05.0108 9632cdfs - ok
21:05:05.0116 9632cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:05:05.0117 9632cdrom - ok
21:05:05.0123 9632CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:05:05.0124 9632CertPropSvc - ok
21:05:05.0128 9632circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:05:05.0129 9632circlass - ok
21:05:05.0143 9632CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:05:05.0147 9632CLFS - ok
21:05:05.0156 9632clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:05:05.0158 9632clr_optimization_v2.0.50727_32 - ok
21:05:05.0165 9632clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:05:05.0167 9632clr_optimization_v2.0.50727_64 - ok
21:05:05.0180 9632clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:05:05.0182 9632clr_optimization_v4.0.30319_32 - ok
21:05:05.0195 9632clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:05:05.0197 9632clr_optimization_v4.0.30319_64 - ok
21:05:05.0200 9632CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:05:05.0200 9632CmBatt - ok
21:05:05.0203 9632cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:05:05.0203 9632cmdide - ok
21:05:05.0221 9632CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:05:05.0225 9632CNG - ok
21:05:05.0228 9632Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:05:05.0229 9632Compbatt - ok
21:05:05.0232 9632CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:05:05.0233 9632CompositeBus - ok
21:05:05.0235 9632COMSysApp - ok
21:05:05.0238 9632crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:05:05.0239 9632crcdisk - ok
21:05:05.0248 9632CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:05:05.0250 9632CryptSvc - ok
21:05:05.0269 9632CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:05:05.0274 9632CSC - ok
21:05:05.0297 9632CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:05:05.0302 9632CscService - ok
21:05:05.0308 9632ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
21:05:05.0309 9632ctxusbm - ok
21:05:05.0327 9632DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:05:05.0333 9632DcomLaunch - ok
21:05:05.0345 9632defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:05:05.0349 9632defragsvc - ok
21:05:05.0355 9632DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:05:05.0357 9632DfsC - ok
21:05:05.0368 9632Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:05:05.0372 9632Dhcp - ok
21:05:05.0375 9632discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:05:05.0376 9632discache - ok
21:05:05.0381 9632Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:05:05.0382 9632Disk - ok
21:05:05.0390 9632Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:05:05.0392 9632Dnscache - ok
21:05:05.0403 9632dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:05:05.0406 9632dot3svc - ok
21:05:05.0415 9632DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:05:05.0417 9632DPS - ok
21:05:05.0420 9632drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:05:05.0421 9632drmkaud - ok
21:05:05.0432 9632dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:05:05.0433 9632dtsoftbus01 - ok
21:05:05.0472 9632DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:05:05.0478 9632DXGKrnl - ok
21:05:05.0485 9632EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:05:05.0487 9632EapHost - ok
21:05:05.0602 9632ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:05:05.0624 9632ebdrv - ok
21:05:05.0653 9632EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:05:05.0655 9632EFS - ok
21:05:05.0684 9632ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:05:05.0692 9632ehRecvr - ok
21:05:05.0699 9632ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:05:05.0701 9632ehSched - ok
21:05:05.0726 9632elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:05:05.0732 9632elxstor - ok
21:05:05.0736 9632EMSC (e47d9d7e6e53892fc97282482f4ae307) C:\Windows\system32\DRIVERS\EMSC.SYS
21:05:05.0737 9632EMSC - ok
21:05:05.0740 9632ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:05:05.0741 9632ErrDev - ok
21:05:05.0760 9632EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:05:05.0765 9632EventSystem - ok
21:05:05.0821 9632EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:05:05.0838 9632EvtEng - ok
21:05:05.0876 9632exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:05:05.0879 9632exfat - ok
21:05:05.0888 9632fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:05:05.0892 9632fastfat - ok
21:05:05.0918 9632Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:05:05.0927 9632Fax - ok
21:05:05.0931 9632fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:05:05.0932 9632fdc - ok
21:05:05.0936 9632fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:05:05.0938 9632fdPHost - ok
21:05:05.0942 9632FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:05:05.0944 9632FDResPub - ok
21:05:05.0950 9632FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:05:05.0951 9632FileInfo - ok
21:05:05.0955 9632Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:05:05.0957 9632Filetrace - ok
21:05:05.0960 9632flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:05:05.0961 9632flpydisk - ok
21:05:05.0973 9632FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:05:05.0976 9632FltMgr - ok
21:05:06.0018 9632FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:05:06.0031 9632FontCache - ok
21:05:06.0038 9632FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:05:06.0040 9632FontCache3.0.0.0 - ok
21:05:06.0049 9632FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:05:06.0051 9632FsDepends - ok
21:05:06.0054 9632Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:05:06.0056 9632Fs_Rec - ok
21:05:06.0067 9632fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:05:06.0069 9632fvevol - ok
21:05:06.0075 9632gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:05:06.0077 9632gagp30kx - ok
21:05:06.0082 9632GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:05:06.0083 9632GEARAspiWDM - ok
21:05:06.0111 9632gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:05:06.0121 9632gpsvc - ok
21:05:06.0127 9632hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:05:06.0128 9632hcw85cir - ok
21:05:06.0144 9632HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:05:06.0149 9632HdAudAddService - ok
21:05:06.0159 9632HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:05:06.0161 9632HDAudBus - ok
21:05:06.0165 9632HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:05:06.0166 9632HidBatt - ok
21:05:06.0173 9632HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:05:06.0175 9632HidBth - ok
21:05:06.0181 9632HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:05:06.0182 9632HidIr - ok
21:05:06.0185 9632hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:05:06.0187 9632hidserv - ok
21:05:06.0190 9632HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:05:06.0191 9632HidUsb - ok
21:05:06.0197 9632hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:05:06.0200 9632hkmsvc - ok
21:05:06.0211 9632HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:05:06.0216 9632HomeGroupListener - ok
21:05:06.0226 9632HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:05:06.0230 9632HomeGroupProvider - ok
21:05:06.0235 9632HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:05:06.0237 9632HpSAMD - ok
21:05:06.0262 9632HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:05:06.0269 9632HTTP - ok
21:05:06.0272 9632hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:05:06.0273 9632hwpolicy - ok
21:05:06.0279 9632i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:05:06.0280 9632i8042prt - ok
21:05:06.0296 9632iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
21:05:06.0298 9632iaStor - ok
21:05:06.0306 9632IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:05:06.0306 9632IAStorDataMgrSvc - ok
21:05:06.0322 9632iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:05:06.0326 9632iaStorV - ok
21:05:06.0334 9632IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:05:06.0336 9632IDriverT - ok
21:05:06.0365 9632idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:05:06.0372 9632idsvc - ok
21:05:06.0795 9632igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:05:06.0874 9632igfx - ok
21:05:06.0901 9632iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:05:06.0902 9632iirsp - ok
21:05:06.0932 9632IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:05:06.0939 9632IKEEXT - ok
21:05:06.0953 9632IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:05:06.0956 9632IntcDAud - ok
21:05:06.0960 9632intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:05:06.0961 9632intelide - ok
21:05:06.0965 9632intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:05:06.0965 9632intelppm - ok
21:05:06.0971 9632IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:05:06.0974 9632IPBusEnum - ok
21:05:06.0979 9632IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:05:06.0980 9632IpFilterDriver - ok
21:05:06.0999 9632iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:05:07.0004 9632iphlpsvc - ok
21:05:07.0010 9632IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:05:07.0012 9632IPMIDRV - ok
21:05:07.0017 9632IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:05:07.0019 9632IPNAT - ok
21:05:07.0054 9632iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
21:05:07.0061 9632iPod Service - ok
21:05:07.0065 9632IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:05:07.0065 9632IRENUM - ok
21:05:07.0068 9632isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:05:07.0069 9632isapnp - ok
21:05:07.0082 9632iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:05:07.0085 9632iScsiPrt - ok
21:05:07.0090 9632kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:05:07.0090 9632kbdclass - ok
21:05:07.0095 9632kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:05:07.0096 9632kbdhid - ok
21:05:07.0099 9632KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:05:07.0101 9632KeyIso - ok
21:05:07.0106 9632KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:05:07.0108 9632KSecDD - ok
21:05:07.0116 9632KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:05:07.0117 9632KSecPkg - ok
21:05:07.0120 9632ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:05:07.0121 9632ksthunk - ok
21:05:07.0134 9632KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:05:07.0138 9632KtmRm - ok
21:05:07.0144 9632L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\Windows\system32\DRIVERS\L1C62x64.sys
21:05:07.0145 9632L1C - ok
21:05:07.0155 9632LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:05:07.0159 9632LanmanServer - ok
21:05:07.0164 9632LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:05:07.0168 9632LanmanWorkstation - ok
21:05:07.0173 9632lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:05:07.0174 9632lltdio - ok
21:05:07.0185 9632lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:05:07.0189 9632lltdsvc - ok
21:05:07.0192 9632lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:05:07.0194 9632lmhosts - ok
21:05:07.0210 9632LMS (926eba26a8b49d1597751ced06b50862) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:05:07.0212 9632LMS - ok
21:05:07.0221 9632LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:05:07.0222 9632LSI_FC - ok
21:05:07.0228 9632LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:05:07.0230 9632LSI_SAS - ok
21:05:07.0235 9632LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:05:07.0236 9632LSI_SAS2 - ok
21:05:07.0242 9632LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:05:07.0243 9632LSI_SCSI - ok
21:05:07.0249 9632luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:05:07.0250 9632luafv - ok
21:05:07.0294 9632M4-Service (f1d72877fa97d617be70aefb3a30cd91) C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe
21:05:07.0299 9632M4-Service - ok
21:05:07.0304 9632Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:05:07.0307 9632Mcx2Svc - ok
21:05:07.0310 9632megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:05:07.0311 9632megasas - ok
21:05:07.0322 9632MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:05:07.0324 9632MegaSR - ok
21:05:07.0329 9632MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:05:07.0330 9632MEIx64 - ok
21:05:07.0337 9632Microsoft SharePoint Workspace Audit Service - ok
21:05:07.0342 9632MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:05:07.0345 9632MMCSS - ok
21:05:07.0348 9632Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:05:07.0349 9632Modem - ok
21:05:07.0352 9632monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:05:07.0352 9632monitor - ok
21:05:07.0356 9632mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:05:07.0356 9632mouclass - ok
21:05:07.0360 9632mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:05:07.0361 9632mouhid - ok
21:05:07.0367 9632mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:05:07.0368 9632mountmgr - ok
21:05:07.0377 9632mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:05:07.0379 9632mpio - ok
21:05:07.0385 9632mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:05:07.0386 9632mpsdrv - ok
21:05:07.0419 9632MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:05:07.0427 9632MpsSvc - ok
21:05:07.0435 9632MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:05:07.0437 9632MRxDAV - ok
21:05:07.0445 9632mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:05:07.0446 9632mrxsmb - ok
21:05:07.0458 9632mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:05:07.0461 9632mrxsmb10 - ok
21:05:07.0468 9632mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:05:07.0470 9632mrxsmb20 - ok
21:05:07.0473 9632msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:05:07.0474 9632msahci - ok
21:05:07.0482 9632msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:05:07.0484 9632msdsm - ok
21:05:07.0491 9632MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:05:07.0494 9632MSDTC - ok
21:05:07.0499 9632Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:05:07.0500 9632Msfs - ok
21:05:07.0503 9632mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:05:07.0503 9632mshidkmdf - ok
21:05:07.0506 9632msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:05:07.0507 9632msisadrv - ok
21:05:07.0514 9632MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:05:07.0517 9632MSiSCSI - ok
21:05:07.0519 9632msiserver - ok
21:05:07.0522 9632MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:05:07.0523 9632MSKSSRV - ok
21:05:07.0526 9632MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:05:07.0527 9632MSPCLOCK - ok
21:05:07.0528 9632MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:05:07.0529 9632MSPQM - ok
21:05:07.0544 9632MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:05:07.0547 9632MsRPC - ok
21:05:07.0552 9632mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:05:07.0553 9632mssmbios - ok
21:05:08.0035 9632MSSQL$INWESTEROS - ok
21:05:08.0048 9632MSSQL$SQLEXPRESS - ok
21:05:08.0063 9632MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
21:05:08.0066 9632MSSQLServerADHelper100 - ok
21:05:08.0072 9632MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:05:08.0074 9632MSTEE - ok
21:05:08.0077 9632MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:05:08.0079 9632MTConfig - ok
21:05:08.0084 9632Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:05:08.0086 9632Mup - ok
21:05:08.0100 9632MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:05:08.0103 9632MyWiFiDHCPDNS - ok
21:05:08.0123 9632napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:05:08.0129 9632napagent - ok
21:05:08.0143 9632NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:05:08.0146 9632NativeWifiP - ok
21:05:08.0180 9632NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:05:08.0187 9632NDIS - ok
21:05:08.0191 9632NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:05:08.0192 9632NdisCap - ok
21:05:08.0196 9632NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:05:08.0197 9632NdisTapi - ok
21:05:08.0201 9632Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:05:08.0202 9632Ndisuio - ok
21:05:08.0209 9632NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:05:08.0211 9632NdisWan - ok
21:05:08.0215 9632NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:05:08.0216 9632NDProxy - ok
21:05:08.0219 9632NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:05:08.0220 9632NetBIOS - ok
21:05:08.0229 9632NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:05:08.0232 9632NetBT - ok
21:05:08.0236 9632Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:05:08.0238 9632Netlogon - ok
21:05:08.0253 9632Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:05:08.0258 9632Netman - ok
 
Part 2
21:05:08.0273 9632NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:08.0275 9632NetMsmqActivator - ok
21:05:08.0277 9632NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:08.0278 9632NetPipeActivator - ok
21:05:08.0298 9632netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:05:08.0304 9632netprofm - ok
21:05:08.0306 9632NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:08.0307 9632NetTcpActivator - ok
21:05:08.0309 9632NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:08.0310 9632NetTcpPortSharing - ok
21:05:08.0597 9632NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
21:05:08.0656 9632NETwNs64 - ok
21:05:08.0692 9632nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:05:08.0693 9632nfrd960 - ok
21:05:08.0705 9632NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:05:08.0711 9632NlaSvc - ok
21:05:08.0715 9632Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:05:08.0717 9632Npfs - ok
21:05:08.0720 9632nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:05:08.0723 9632nsi - ok
21:05:08.0726 9632nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:05:08.0727 9632nsiproxy - ok
21:05:08.0791 9632Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:05:08.0810 9632Ntfs - ok
21:05:08.0838 9632Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:05:08.0839 9632Null - ok
21:05:08.0846 9632nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:05:08.0848 9632nusb3hub - ok
21:05:08.0858 9632nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:05:08.0861 9632nusb3xhc - ok
21:05:09.0298 9632nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:05:09.0350 9632nvlddmkm - ok
21:05:09.0389 9632nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:05:09.0391 9632nvraid - ok
21:05:09.0401 9632nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:05:09.0403 9632nvstor - ok
21:05:09.0466 9632nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
21:05:09.0484 9632nvsvc - ok
21:05:09.0571 9632nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:05:09.0591 9632nvUpdatusService - ok
21:05:09.0625 9632nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:05:09.0627 9632nv_agp - ok
21:05:09.0633 9632ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:05:09.0635 9632ohci1394 - ok
21:05:09.0642 9632OpenSSHd (3d70b0630342132ebc1ff5cff483e6c0) C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe
21:05:09.0643 9632OpenSSHd - ok
21:05:09.0651 9632ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:05:09.0653 9632ose - ok
21:05:09.0844 9632osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:05:09.0881 9632osppsvc - ok
21:05:09.0919 9632p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:05:09.0923 9632p2pimsvc - ok
21:05:09.0939 9632p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:05:09.0945 9632p2psvc - ok
21:05:09.0954 9632Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:05:09.0956 9632Parport - ok
21:05:09.0960 9632partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:05:09.0962 9632partmgr - ok
21:05:09.0971 9632PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:05:09.0974 9632PcaSvc - ok
21:05:09.0983 9632pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:05:09.0986 9632pci - ok
21:05:09.0988 9632pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:05:09.0989 9632pciide - ok
21:05:09.0999 9632pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:05:10.0001 9632pcmcia - ok
21:05:10.0006 9632pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:05:10.0007 9632pcw - ok
21:05:10.0030 9632PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:05:10.0035 9632PEAUTH - ok
21:05:10.0085 9632PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:05:10.0103 9632PeerDistSvc - ok
21:05:10.0135 9632PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:05:10.0139 9632PerfHost - ok
21:05:10.0226 9632pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:05:10.0243 9632pla - ok
21:05:10.0261 9632PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:05:10.0269 9632PlugPlay - ok
21:05:10.0273 9632PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:05:10.0277 9632PNRPAutoReg - ok
21:05:10.0291 9632PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:05:10.0296 9632PNRPsvc - ok
21:05:10.0317 9632PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:05:10.0324 9632PolicyAgent - ok
21:05:10.0335 9632Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:05:10.0340 9632Power - ok
21:05:10.0351 9632PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:05:10.0353 9632PptpMiniport - ok
21:05:10.0358 9632Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:05:10.0359 9632Processor - ok
21:05:10.0370 9632ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:05:10.0375 9632ProfSvc - ok
21:05:10.0379 9632ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:05:10.0382 9632ProtectedStorage - ok
21:05:10.0391 9632Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:05:10.0393 9632Psched - ok
21:05:10.0398 9632puppet (1303b5084b733d7febc9a2a9ab55195d) C:\Program Files (x86)\Puppet Labs\Puppet\service\daemon.bat
21:05:10.0399 9632puppet - ok
21:05:10.0456 9632ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:05:10.0473 9632ql2300 - ok
21:05:10.0511 9632ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:05:10.0513 9632ql40xx - ok
21:05:10.0526 9632QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:05:10.0533 9632QWAVE - ok
21:05:10.0539 9632QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:05:10.0541 9632QWAVEdrv - ok
21:05:10.0545 9632RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:05:10.0546 9632RasAcd - ok
21:05:10.0553 9632RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:05:10.0554 9632RasAgileVpn - ok
21:05:10.0561 9632RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:05:10.0566 9632RasAuto - ok
21:05:10.0575 9632Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:05:10.0578 9632Rasl2tp - ok
21:05:10.0593 9632RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:05:10.0601 9632RasMan - ok
21:05:10.0608 9632RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:05:10.0610 9632RasPppoe - ok
21:05:10.0617 9632RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:05:10.0619 9632RasSstp - ok
21:05:10.0632 9632rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:05:10.0636 9632rdbss - ok
21:05:10.0639 9632rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:05:10.0640 9632rdpbus - ok
21:05:10.0642 9632RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:05:10.0643 9632RDPCDD - ok
21:05:10.0652 9632RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:05:10.0654 9632RDPDR - ok
21:05:10.0657 9632RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:05:10.0657 9632RDPENCDD - ok
21:05:10.0661 9632RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:05:10.0661 9632RDPREFMP - ok
21:05:10.0666 9632RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:05:10.0667 9632RdpVideoMiniport - ok
21:05:10.0677 9632RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:05:10.0679 9632RDPWD - ok
21:05:10.0690 9632rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:05:10.0692 9632rdyboost - ok
21:05:10.0724 9632RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:05:10.0731 9632RegSrvc - ok
21:05:10.0737 9632RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:05:10.0739 9632RemoteAccess - ok
21:05:10.0747 9632RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:05:10.0751 9632RemoteRegistry - ok
21:05:10.0761 9632RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:05:10.0763 9632RFCOMM - ok
21:05:10.0768 9632RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:05:10.0771 9632RpcEptMapper - ok
21:05:10.0774 9632RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:05:10.0776 9632RpcLocator - ok
21:05:10.0790 9632RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
21:05:10.0795 9632RpcSs - ok
21:05:10.0809 9632RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
21:05:10.0812 9632RsFx0103 - ok
21:05:10.0824 9632RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
21:05:10.0827 9632RsFx0150 - ok
21:05:10.0841 9632RSPCIESTOR (85b325723f67ef80927326fd7eb1cc10) C:\Windows\system32\DRIVERS\RtsPStor.sys
21:05:10.0843 9632RSPCIESTOR - ok
21:05:10.0849 9632rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:05:10.0850 9632rspndr - ok
21:05:10.0853 9632s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:05:10.0854 9632s3cap - ok
21:05:10.0857 9632SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:05:10.0859 9632SamSs - ok
21:05:10.0865 9632sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:05:10.0867 9632sbp2port - ok
21:05:10.0876 9632SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:05:10.0880 9632SCardSvr - ok
21:05:10.0884 9632scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:05:10.0885 9632scfilter - ok
21:05:10.0919 9632Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:05:10.0931 9632Schedule - ok
21:05:10.0939 9632SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:05:10.0940 9632SCPolicySvc - ok
21:05:10.0948 9632sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:05:10.0950 9632sdbus - ok
21:05:10.0960 9632SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:05:10.0965 9632SDRSVC - ok
21:05:10.0969 9632secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:05:10.0970 9632secdrv - ok
21:05:10.0973 9632seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:05:10.0977 9632seclogon - ok
21:05:10.0982 9632SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:05:10.0986 9632SENS - ok
21:05:10.0990 9632SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:05:10.0994 9632SensrSvc - ok
21:05:10.0997 9632Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:05:10.0998 9632Serenum - ok
21:05:11.0004 9632Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:05:11.0006 9632Serial - ok
21:05:11.0010 9632sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:05:11.0011 9632sermouse - ok
21:05:11.0023 9632SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:05:11.0027 9632SessionEnv - ok
21:05:11.0030 9632sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:05:11.0032 9632sffdisk - ok
21:05:11.0035 9632sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:05:11.0036 9632sffp_mmc - ok
21:05:11.0039 9632sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:05:11.0040 9632sffp_sd - ok
21:05:11.0043 9632sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:05:11.0044 9632sfloppy - ok
21:05:11.0057 9632SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:05:11.0062 9632SharedAccess - ok
21:05:11.0075 9632ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:05:11.0080 9632ShellHWDetection - ok
21:05:11.0084 9632SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:05:11.0085 9632SiSRaid2 - ok
21:05:11.0090 9632SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:05:11.0091 9632SiSRaid4 - ok
21:05:11.0096 9632Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:05:11.0098 9632Smb - ok
21:05:11.0104 9632SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:05:11.0107 9632SNMPTRAP - ok
21:05:11.0129 9632SONICWALL_NetExtender (089185516374ba26193e41aaa559e60e) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
21:05:11.0133 9632SONICWALL_NetExtender - ok
21:05:11.0136 9632spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:05:11.0137 9632spldr - ok
21:05:11.0157 9632Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:05:11.0164 9632Spooler - ok
21:05:11.0289 9632sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:05:11.0317 9632sppsvc - ok
21:05:11.0352 9632sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:05:11.0355 9632sppuinotify - ok
21:05:11.0466 9632SQLAgent$INWESTEROS (bea7fea5bb31eb58d78971f821ae6844) d:\Program Files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\SQLAGENT.EXE
21:05:11.0474 9632SQLAgent$INWESTEROS - ok
21:05:11.0498 9632SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
21:05:11.0505 9632SQLAgent$SQLEXPRESS - ok
21:05:11.0521 9632SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:05:11.0525 9632SQLBrowser - ok
21:05:11.0537 9632SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:05:11.0540 9632SQLWriter - ok
21:05:11.0567 9632srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:05:11.0574 9632srv - ok
21:05:11.0593 9632srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:05:11.0598 9632srv2 - ok
21:05:11.0607 9632srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:05:11.0609 9632srvnet - ok
21:05:11.0619 9632SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:05:11.0624 9632SSDPSRV - ok
21:05:11.0629 9632SSLDrv (4b8cdc023e8a7ebabfefcd2de67fd488) C:\Windows\system32\DRIVERS\SSLDrv.sys
21:05:11.0630 9632SSLDrv - ok
21:05:11.0635 9632SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:05:11.0639 9632SstpSvc - ok
21:05:11.0655 9632STacSV (e82994866a370a480607637f28b82835) C:\Program Files\IDT\WDM\STacSV64.exe
21:05:11.0658 9632STacSV - ok
21:05:11.0662 9632stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
21:05:11.0663 9632stdcfltn - ok
21:05:11.0670 9632Steam Client Service - ok
21:05:11.0687 9632Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:05:11.0691 9632Stereo Service - ok

21:05:11.0695 9632stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:05:11.0697 9632stexstor - ok
21:05:11.0716 9632STHDA (3ad0ed8b19cd76d2254de5fb298e3c26) C:\Windows\system32\DRIVERS\stwrt64.sys
21:05:11.0721 9632STHDA - ok
21:05:11.0744 9632stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:05:11.0753 9632stisvc - ok
21:05:11.0758 9632storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:05:11.0759 9632storflt - ok
21:05:11.0764 9632storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:05:11.0765 9632storvsc - ok
21:05:11.0768 9632swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:05:11.0769 9632swenum - ok
21:05:11.0789 9632swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:05:11.0797 9632swprv - ok
21:05:11.0800 9632Synth3dVsc - ok
21:05:11.0854 9632SynTP (d8205430cfd64fdb7d691d3bb74fd18f) C:\Windows\system32\DRIVERS\SynTP.sys
21:05:11.0866 9632SynTP - ok
21:05:11.0966 9632SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:05:11.0989 9632SysMain - ok
21:05:12.0022 9632TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:05:12.0027 9632TabletInputService - ok
21:05:12.0042 9632TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:05:12.0049 9632TapiSrv - ok
21:05:12.0055 9632TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:05:12.0060 9632TBS - ok
21:05:12.0137 9632Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:05:12.0156 9632Tcpip - ok
21:05:12.0221 9632TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:05:12.0229 9632TCPIP6 - ok
21:05:12.0253 9632tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:05:12.0254 9632tcpipreg - ok
21:05:12.0258 9632TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:05:12.0259 9632TDPIPE - ok
21:05:12.0262 9632TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:05:12.0263 9632TDTCP - ok
21:05:12.0268 9632tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:05:12.0269 9632tdx - ok
21:05:12.0273 9632TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:05:12.0274 9632TermDD - ok
21:05:12.0292 9632TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:05:12.0297 9632TermService - ok
21:05:12.0302 9632Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:05:12.0305 9632Themes - ok
21:05:12.0309 9632THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:05:12.0311 9632THREADORDER - ok
21:05:12.0316 9632TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:05:12.0320 9632TrkWks - ok
21:05:12.0328 9632TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:05:12.0330 9632TrustedInstaller - ok
21:05:12.0335 9632tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:05:12.0336 9632tssecsrv - ok
21:05:12.0340 9632TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:05:12.0341 9632TsUsbFlt - ok
21:05:12.0343 9632tsusbhub - ok
21:05:12.0351 9632tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:05:12.0352 9632tunnel - ok
21:05:12.0357 9632uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:05:12.0359 9632uagp35 - ok
21:05:12.0371 9632udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:05:12.0375 9632udfs - ok
21:05:12.0381 9632UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:05:12.0384 9632UI0Detect - ok
21:05:12.0389 9632uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:05:12.0390 9632uliagpkx - ok
21:05:12.0395 9632umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:05:12.0396 9632umbus - ok
21:05:12.0399 9632UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:05:12.0400 9632UmPass - ok
21:05:12.0408 9632UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:05:12.0413 9632UmRdpService - ok
21:05:12.0492 9632UNS (fdf92ec84fecee834fb10a2a0a19bcda) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:05:12.0511 9632UNS - ok
21:05:12.0541 9632upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:05:12.0547 9632upnphost - ok
21:05:12.0554 9632usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:05:12.0555 9632usbccgp - ok
21:05:12.0560 9632usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:05:12.0562 9632usbcir - ok
21:05:12.0565 9632usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:05:12.0566 9632usbehci - ok
21:05:12.0577 9632usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:05:12.0581 9632usbhub - ok
21:05:12.0584 9632usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:05:12.0585 9632usbohci - ok
21:05:12.0589 9632usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:05:12.0590 9632usbprint - ok
21:05:12.0594 9632usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:05:12.0595 9632usbscan - ok
21:05:12.0600 9632USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:05:12.0601 9632USBSTOR - ok
21:05:12.0604 9632usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:05:12.0605 9632usbuhci - ok
21:05:12.0612 9632usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:05:12.0614 9632usbvideo - ok
21:05:12.0618 9632UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:05:12.0621 9632UxSms - ok
21:05:12.0624 9632VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:05:12.0626 9632VaultSvc - ok
21:05:12.0637 9632VBoxDrv (b6437a7c60c817a0d7bea1d994b01612) C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:05:12.0638 9632VBoxDrv - ok
21:05:12.0646 9632VBoxNetAdp (9e607f6240eadc4c0b3570f3e5e0358c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:05:12.0648 9632VBoxNetAdp - ok
21:05:12.0655 9632VBoxNetFlt (9f7bc6d33a3aa4aff35c9dbd69c2bca0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
21:05:12.0656 9632VBoxNetFlt - ok
21:05:12.0664 9632VBoxUSBMon (84b57b85a550476456ec5ab32fa99513) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:05:12.0665 9632VBoxUSBMon - ok
21:05:12.0669 9632vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:05:12.0670 9632vdrvroot - ok
21:05:12.0689 9632vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:05:12.0695 9632vds - ok
21:05:12.0699 9632vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:05:12.0700 9632vga - ok
21:05:12.0704 9632VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:05:12.0705 9632VgaSave - ok
21:05:12.0708 9632VGPU - ok
21:05:12.0717 9632vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:05:12.0720 9632vhdmp - ok
21:05:12.0723 9632viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:05:12.0724 9632viaide - ok
21:05:12.0734 9632vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:05:12.0737 9632vmbus - ok
21:05:12.0740 9632VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:05:12.0741 9632VMBusHID - ok
21:05:12.0747 9632volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:05:12.0748 9632volmgr - ok
21:05:12.0762 9632volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:05:12.0765 9632volmgrx - ok
21:05:12.0779 9632volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:05:12.0781 9632volsnap - ok
21:05:12.0790 9632vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:05:12.0792 9632vsmraid - ok
21:05:12.0845 9632VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:05:12.0858 9632VSS - ok
21:05:12.0892 9632vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:05:12.0893 9632vwifibus - ok
21:05:12.0897 9632vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:05:12.0898 9632vwififlt - ok
21:05:12.0901 9632vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:05:12.0902 9632vwifimp - ok
21:05:12.0918 9632W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:05:12.0924 9632W32Time - ok
21:05:12.0943 9632W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
21:05:12.0947 9632W3SVC - ok
21:05:12.0951 9632WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:05:12.0952 9632WacomPen - ok
21:05:12.0959 9632WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:05:12.0960 9632WANARP - ok
21:05:12.0962 9632Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:05:12.0963 9632Wanarpv6 - ok
21:05:12.0967 9632WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
21:05:12.0970 9632WAS - ok
21:05:13.0023 9632wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:05:13.0041 9632wbengine - ok
21:05:13.0068 9632WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:05:13.0072 9632WbioSrvc - ok
21:05:13.0083 9632wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:05:13.0089 9632wcncsvc - ok
21:05:13.0092 9632WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:05:13.0095 9632WcsPlugInService - ok
21:05:13.0101 9632Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:05:13.0102 9632Wd - ok
21:05:13.0119 9632Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:05:13.0124 9632Wdf01000 - ok
21:05:13.0130 9632WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:05:13.0133 9632WdiServiceHost - ok
21:05:13.0135 9632WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:05:13.0139 9632WdiSystemHost - ok
21:05:13.0147 9632WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:05:13.0152 9632WebClient - ok
21:05:13.0160 9632Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:05:13.0165 9632Wecsvc - ok
21:05:13.0169 9632wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:05:13.0173 9632wercplsupport - ok
21:05:13.0178 9632WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:05:13.0181 9632WerSvc - ok
21:05:13.0187 9632WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:05:13.0187 9632WfpLwf - ok
21:05:13.0191 9632WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:05:13.0192 9632WIMMount - ok
21:05:13.0195 9632WinDefend - ok
21:05:13.0200 9632WinHttpAutoProxySvc - ok
21:05:13.0214 9632Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:05:13.0217 9632Winmgmt - ok
21:05:13.0302 9632WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:05:13.0338 9632WinRM - ok
21:05:13.0393 9632Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:05:13.0404 9632Wlansvc - ok
21:05:13.0410 9632WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:05:13.0411 9632WmiAcpi - ok
21:05:13.0422 9632wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:05:13.0424 9632wmiApSrv - ok
21:05:13.0428 9632WMPNetworkSvc - ok
21:05:13.0434 9632WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe
21:05:13.0435 9632WMSVC - ok
21:05:13.0438 9632WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:05:13.0441 9632WPCSvc - ok
21:05:13.0446 9632WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:05:13.0450 9632WPDBusEnum - ok
21:05:13.0454 9632ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:05:13.0454 9632ws2ifsl - ok
21:05:13.0459 9632wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:05:13.0463 9632wscsvc - ok
21:05:13.0465 9632WSearch - ok
21:05:13.0524 9632wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:05:13.0544 9632wuauserv - ok
21:05:13.0580 9632WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:05:13.0582 9632WudfPf - ok
21:05:13.0590 9632WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:05:13.0592 9632WUDFRd - ok
21:05:13.0598 9632wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:05:13.0601 9632wudfsvc - ok
21:05:13.0611 9632WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:05:13.0615 9632WwanSvc - ok
21:05:13.0685 9632MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:05:13.0696 9632\Device\Harddisk0\DR0 - ok
21:05:13.0703 9632MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:05:13.0770 9632\Device\Harddisk1\DR1 - ok
21:05:13.0773 9632Boot (0x1200) (ef3f47d80af72eb82720da7f7f17b917) \Device\Harddisk0\DR0\Partition0
21:05:13.0775 9632\Device\Harddisk0\DR0\Partition0 - ok
21:05:13.0778 9632Boot (0x1200) (ee87a656306a277abd95e669eeeb72d6) \Device\Harddisk1\DR1\Partition0
21:05:13.0780 9632\Device\Harddisk1\DR1\Partition0 - ok
21:05:13.0782 9632Boot (0x1200) (bcb5d1658767a69dd74291453a06d57a) \Device\Harddisk1\DR1\Partition1
21:05:13.0784 9632\Device\Harddisk1\DR1\Partition1 - ok
21:05:13.0785 9632============================================================
21:05:13.0785 9632Scan finished
21:05:13.0785 9632============================================================
21:05:13.0795 10712Detected object count: 0
21:05:13.0795 10712Actual detected object count: 0
21:05:50.0455 7148Deinitialize success
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: reymund [Admin rights]
Mode: Scan -- Date: 07/31/2012 21:38:14

¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] M4-Service.exe -- C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe -> KILLED [TermProc]
[SUSP PATH] M4-Capture.exe -- C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Capture.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : TUGZip (rundll32.exe C:\Users\reymund\AppData\Local\TUGZip\dzlklmbm.dll,ClInteOp_SetTitle) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-3316494744-4244092113-3857006852-1000[...]\Run : TUGZip (rundll32.exe C:\Users\reymund\AppData\Local\TUGZip\dzlklmbm.dll,ClInteOp_SetTitle) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] 438aeb0874ee8182aba6b4608acc5eec
[BSP] 45a57d615983c17b561e94d0d88845a1 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 18399232 | Size: 706416 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: OCZ-AGILITY3 +++++
--- User ---
[MBR] b67d7f9b1e859f0a3ed7a11708b2215a
[BSP] c4322ecaf342794309bfb4ee62a5890f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

aswMBR
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-31 21:43:34
-----------------------------
21:43:34.271 OS Version: Windows x64 6.1.7601 Service Pack 1
21:43:34.271 Number of processors: 8 586 0x2A07
21:43:34.272 ComputerName: DORNE UserName:
21:43:34.546 Initialize success
21:43:34.591 AVAST engine defs: 12073102
21:43:50.935 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:43:50.940 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 8
21:43:50.944 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
21:43:50.946 Disk 1 Vendor: OCZ-AGIL 2.13 Size: 114473MB BusType: 8
21:43:50.950 Disk 1 MBR read successfully
21:43:50.953 Disk 1 MBR scan
21:43:50.958 Disk 1 Windows 7 default MBR code
21:43:50.962 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:43:50.966 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
21:43:50.973 Disk 1 scanning C:\Windows\system32\drivers
21:43:51.971 Service scanning
21:43:55.346 Modules scanning
21:43:55.364 Disk 1 trace - called modules:
21:43:55.381 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
21:43:55.392 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800f1cb060]
21:43:55.402 3 CLASSPNP.SYS[fffff88001b7343f] -> nt!IofCallDriver -> [0xfffffa800f0c3ba0]
21:43:55.413 5 stdcfltn.sys[fffff88001ab3c52] -> nt!IofCallDriver -> [0xfffffa800d6916b0]
21:43:55.419 7 ACPI.sys[fffff88000fa57a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800d69b050]
21:43:55.696 AVAST engine scan C:\Windows
21:43:56.056 AVAST engine scan C:\Windows\system32
21:44:25.818 AVAST engine scan C:\Windows\system32\drivers
21:44:27.304 AVAST engine scan C:\Users\reymund
21:44:46.132 AVAST engine scan C:\ProgramData
21:44:57.468 Scan finished successfully
21:45:08.471 Disk 1 MBR has been saved successfully to "C:\Users\reymund\Desktop\To Be Reviewed\MBR.dat"
21:45:08.474 The log file has been saved successfully to "C:\Users\reymund\Desktop\To Be Reviewed\aswMBR.txt"
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-07-30.03 - reymund 07/31/2012 22:32:34.4.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16332.13192 [GMT -4:00]
Running from: c:\users\reymund\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 02:36 . 2012-08-01 02:36--------d-----w-c:\users\VaultAppPool\AppData\Local\temp
2012-08-01 02:36 . 2012-08-01 02:36--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-08-01 02:36 . 2012-08-01 02:36--------d-----w-c:\users\svc_inwesteros\AppData\Local\temp
2012-08-01 02:36 . 2012-08-01 02:36--------d-----w-c:\users\Public\AppData\Local\temp
2012-08-01 02:36 . 2012-08-01 02:36--------d-----w-c:\users\DefaultAppPool\AppData\Local\temp
2012-08-01 02:36 . 2012-08-01 02:36--------d-----w-c:\users\Default\AppData\Local\temp
2012-08-01 02:36 . 2012-08-01 02:36--------d-----w-c:\users\Classic .NET AppPool\AppData\Local\temp
2012-08-01 02:29 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-08-01 02:29 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-08-01 02:29 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-08-01 02:29 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-08-01 02:29 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-08-01 02:29 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
2012-07-26 11:39 . 2012-07-03 16:21958400----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-07-26 11:39 . 2012-07-03 16:2171064----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-07-26 11:39 . 2012-07-03 16:2159728----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-07-26 11:39 . 2012-07-03 16:2154072----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-07-26 11:39 . 2012-07-03 16:21355856----a-w-c:\windows\system32\drivers\aswSP.sys
2012-07-26 11:39 . 2012-07-03 16:2125232----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-07-26 11:38 . 2012-07-03 16:2141224----a-w-c:\windows\avastSS.scr
2012-07-26 11:38 . 2012-07-03 16:21227648----a-w-c:\windows\SysWow64\aswBoot.exe
2012-07-26 00:38 . 2012-07-03 16:21285328----a-w-c:\windows\system32\aswBoot.exe
2012-07-26 00:37 . 2012-07-26 11:38--------d-----w-c:\programdata\AVAST Software
2012-07-26 00:37 . 2012-07-26 11:38--------d-----w-c:\program files\AVAST Software
2012-07-25 23:50 . 2012-07-26 00:11--------d-----w-C:\TDSSKiller_Quarantine
2012-07-25 05:46 . 2012-07-25 05:46--------d-----w-c:\users\reymund\AppData\Roaming\Malwarebytes
2012-07-25 05:46 . 2012-07-25 05:46--------d-----w-c:\programdata\Malwarebytes
2012-07-25 05:46 . 2012-07-25 05:46--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-25 05:46 . 2012-07-03 17:4624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-07-22 02:53 . 2012-07-22 02:54--------d-----w-c:\users\reymund\AppData\Roaming\SparkPDF
2012-07-22 02:53 . 2012-07-22 02:53--------d-----w-c:\program files (x86)\SparkPDF
2012-07-17 23:44 . 2012-07-17 23:44--------d-----w-c:\programdata\Age of Empires 3
2012-07-11 04:48 . 2012-07-11 04:48--------d-----w-c:\programdata\PuppetLabs
2012-07-11 04:48 . 2012-07-11 04:48--------d-----w-c:\program files (x86)\Puppet Labs
2012-07-04 16:31 . 2009-07-14 01:41101376----a-w-c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-21 19:15 . 2012-03-31 15:37426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-21 19:15 . 2011-11-26 16:4770344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-01 17:55 . 2012-02-02 17:33472808----a-w-c:\windows\SysWow64\deployJava1.dll
2012-06-30 01:17 . 2012-06-30 01:17955840----a-w-c:\windows\system32\npDeployJava1.dll
2012-06-30 01:17 . 2012-06-30 01:17839096----a-w-c:\windows\system32\deployJava1.dll
2012-06-30 01:17 . 2012-06-30 01:17268720----a-w-c:\windows\system32\javaws.exe
2012-06-30 01:17 . 2012-06-30 01:17189360----a-w-c:\windows\system32\javaw.exe
2012-06-30 01:17 . 2012-06-30 01:17188840----a-w-c:\windows\system32\java.exe
2012-05-25 05:06 . 2012-05-25 03:01548800----a-w-c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-25_06.26.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2009-07-14 04:5516384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-01 01:3416384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2009-07-14 04:5532768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-01 01:3432768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2009-07-14 04:5516384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-01 01:3416384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-26 05:21 . 2012-07-28 01:2660410 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-28 01:2630162 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-02 19:19 . 2012-06-02 19:1979232 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2009-07-14 04:46 . 2012-08-01 02:2989640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-26 05:21 . 2012-07-28 01:265054 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3316494744-4244092113-3857006852-1000_UserData.bin
- 2012-07-25 05:47 . 2012-07-25 05:472048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-28 01:24 . 2012-07-28 01:242048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-28 01:24 . 2012-07-28 01:242048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-25 05:47 . 2012-07-25 05:472048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-26 14:55 . 2012-07-27 23:18105878 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-07-31 23:52870808 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-31 23:52199854 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-28 01:24385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-25 05:47385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-12 16:16 . 2009-07-12 16:16223232 c:\windows\Installer\2298cb.msi
+ 2009-07-14 04:45 . 2012-07-28 01:246080020 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-01 00:326080020 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-11-26 16:19 . 2012-07-28 01:246822488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-8192.dat
- 2011-11-26 16:19 . 2012-07-25 05:476822488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-8192.dat
- 2011-11-26 06:26 . 2012-07-25 03:506241755 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-12288.dat
+ 2011-11-26 06:26 . 2012-07-27 02:596241755 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-12288.dat
+ 2012-07-18 20:42 . 2012-07-18 20:427931392 c:\windows\Installer\248dc4b.msi
- 2009-07-14 02:34 . 2012-04-07 21:1110485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-08-01 02:2910485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-08-01 02:31 . 2012-08-01 02:3110485760 c:\windows\erdnt\Hiv-backup\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-26 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"TUGZip"="c:\users\reymund\AppData\Local\TUGZip\dzlklmbm.dll" [2012-07-25 764416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-09-02 1636208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 M4-Service;M4-Service;c:\users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-01-16 1007472]
R2 OpenSSHd;OpenSSH Server;c:\program files (x86)\OpenSSH\bin\cygrunsrv.exe [2004-04-18 36864]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-11-30 326760]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$INWESTEROS;SQL Server Agent (INWESTEROS);d:\program files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-11-04 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-11-04 130864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 MSSQL$INWESTEROS;SQL Server (INWESTEROS);d:\program files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 puppet;Puppet Agent;c:\program files (x86)\Puppet Labs\Puppet\service\daemon.bat [2012-04-10 87]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-09 2655768]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-08-20 27760]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-26 279616]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-05-03 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-30 76912]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-17 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-17 180736]
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [2009-02-23 22168]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-11-04 165680]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 17066186
*Deregistered* - 17066186
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcsREG_MULTI_SZ w3svc was
apphostREG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3316494744-4244092113-3857006852-1000Core.job
- c:\users\reymund\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 06:45]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3316494744-4244092113-3857006852-1000UA.job
- c:\users\reymund\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 06:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21133400----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-15 1694016]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2010-11-10 13256]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-27 765552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: Interfaces\{7F1479AA-18CE-4520-9DBD-DB21F7DFF5BD}: NameServer = 192.168.2.154,192.168.2.129
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\puppet]
"ImagePath"="\"c:\program files (x86)\Puppet Labs\Puppet\service\daemon.bat\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:22,6a,db,ae,14,3a,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,59,4f,ae,54,3f,66,4b,9b,3d,fb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,59,4f,ae,54,3f,66,4b,9b,3d,fb,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-31 22:38:15
ComboFix-quarantined-files.txt 2012-08-01 02:38
ComboFix2.txt 2012-07-26 00:20
.
Pre-Run: 46,728,904,704 bytes free
Post-Run: 46,425,948,160 bytes free
.
- - End Of File - - BB32020E710083AE491870B3BC84B57E
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\users\reymund\AppData\Local\TUGZip\dzlklmbm.dll

DirLook::
c:\users\reymund\AppData\Local\TUGZip

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TUGZip"=-

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Hopefully this did it. Don't see any IExplore processes so far.
ComboFix 12-07-30.03 - reymund 07/31/2012 23:00:37.5.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16332.13147 [GMT -4:00]
Running from: c:\users\reymund\Desktop\ComboFix.exe
Command switches used :: c:\users\reymund\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\reymund\AppData\Local\TUGZip\dzlklmbm.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\reymund\AppData\Local\TUGZip\dzlklmbm.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 03:04 . 2012-08-01 03:04--------d-----w-c:\users\VaultAppPool\AppData\Local\temp
2012-08-01 03:04 . 2012-08-01 03:04--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-08-01 03:04 . 2012-08-01 03:04--------d-----w-c:\users\svc_inwesteros\AppData\Local\temp
2012-08-01 03:04 . 2012-08-01 03:04--------d-----w-c:\users\Public\AppData\Local\temp
2012-08-01 03:04 . 2012-08-01 03:04--------d-----w-c:\users\DefaultAppPool\AppData\Local\temp
2012-08-01 03:04 . 2012-08-01 03:04--------d-----w-c:\users\Default\AppData\Local\temp
2012-08-01 03:04 . 2012-08-01 03:04--------d-----w-c:\users\Classic .NET AppPool\AppData\Local\temp
2012-08-01 02:29 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-08-01 02:29 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-08-01 02:29 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-08-01 02:29 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-08-01 02:29 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-08-01 02:29 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-08-01 02:29 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-08-01 02:29 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-08-01 02:29 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
2012-07-26 11:39 . 2012-07-03 16:21958400----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-07-26 11:39 . 2012-07-03 16:2171064----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-07-26 11:39 . 2012-07-03 16:2159728----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-07-26 11:39 . 2012-07-03 16:2154072----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-07-26 11:39 . 2012-07-03 16:21355856----a-w-c:\windows\system32\drivers\aswSP.sys
2012-07-26 11:39 . 2012-07-03 16:2125232----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-07-26 11:38 . 2012-07-03 16:2141224----a-w-c:\windows\avastSS.scr
2012-07-26 11:38 . 2012-07-03 16:21227648----a-w-c:\windows\SysWow64\aswBoot.exe
2012-07-26 00:38 . 2012-07-03 16:21285328----a-w-c:\windows\system32\aswBoot.exe
2012-07-26 00:37 . 2012-07-26 11:38--------d-----w-c:\programdata\AVAST Software
2012-07-26 00:37 . 2012-07-26 11:38--------d-----w-c:\program files\AVAST Software
2012-07-25 23:50 . 2012-07-26 00:11--------d-----w-C:\TDSSKiller_Quarantine
2012-07-25 05:46 . 2012-07-25 05:46--------d-----w-c:\users\reymund\AppData\Roaming\Malwarebytes
2012-07-25 05:46 . 2012-07-25 05:46--------d-----w-c:\programdata\Malwarebytes
2012-07-25 05:46 . 2012-07-25 05:46--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-25 05:46 . 2012-07-03 17:4624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-07-22 02:53 . 2012-07-22 02:54--------d-----w-c:\users\reymund\AppData\Roaming\SparkPDF
2012-07-22 02:53 . 2012-07-22 02:53--------d-----w-c:\program files (x86)\SparkPDF
2012-07-17 23:44 . 2012-07-17 23:44--------d-----w-c:\programdata\Age of Empires 3
2012-07-11 04:48 . 2012-07-11 04:48--------d-----w-c:\programdata\PuppetLabs
2012-07-11 04:48 . 2012-07-11 04:48--------d-----w-c:\program files (x86)\Puppet Labs
2012-07-04 16:31 . 2009-07-14 01:41101376----a-w-c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-21 19:15 . 2012-03-31 15:37426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-21 19:15 . 2011-11-26 16:4770344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-01 17:55 . 2012-02-02 17:33472808----a-w-c:\windows\SysWow64\deployJava1.dll
2012-06-30 01:17 . 2012-06-30 01:17955840----a-w-c:\windows\system32\npDeployJava1.dll
2012-06-30 01:17 . 2012-06-30 01:17839096----a-w-c:\windows\system32\deployJava1.dll
2012-06-30 01:17 . 2012-06-30 01:17268720----a-w-c:\windows\system32\javaws.exe
2012-06-30 01:17 . 2012-06-30 01:17189360----a-w-c:\windows\system32\javaw.exe
2012-06-30 01:17 . 2012-06-30 01:17188840----a-w-c:\windows\system32\java.exe
2012-05-25 05:06 . 2012-05-25 03:01548800----a-w-c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\reymund\AppData\Local\TUGZip ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-25_06.26.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2009-07-14 04:5516384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-01 03:0516384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2009-07-14 04:5532768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-01 03:0532768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2009-07-14 04:5516384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-01 03:0516384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-26 05:21 . 2012-07-28 01:2660410 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-28 01:2630162 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-02 19:19 . 2012-06-02 19:1979232 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2009-07-14 04:46 . 2012-08-01 02:2989640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-26 05:21 . 2012-07-28 01:265054 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3316494744-4244092113-3857006852-1000_UserData.bin
- 2012-07-25 05:47 . 2012-07-25 05:472048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-01 03:05 . 2012-08-01 03:052048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-01 03:05 . 2012-08-01 03:052048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-25 05:47 . 2012-07-25 05:472048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-26 14:55 . 2012-07-27 23:18105878 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-07-31 23:52870808 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-31 23:52199854 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-08-01 03:04385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-25 05:47385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-12 16:16 . 2009-07-12 16:16223232 c:\windows\Installer\2298cb.msi
+ 2009-07-14 04:45 . 2012-08-01 03:056080020 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-01 00:326080020 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-11-26 16:19 . 2012-08-01 03:046822488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-8192.dat
- 2011-11-26 16:19 . 2012-07-25 05:476822488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-8192.dat
- 2011-11-26 06:26 . 2012-07-25 03:506241755 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-12288.dat
+ 2011-11-26 06:26 . 2012-07-27 02:596241755 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316494744-4244092113-3857006852-1000-12288.dat
+ 2012-07-18 20:42 . 2012-07-18 20:427931392 c:\windows\Installer\248dc4b.msi
- 2009-07-14 02:34 . 2012-04-07 21:1110485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-08-01 02:4010485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-26 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-09-02 1636208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-09 2655768]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-11-30 326760]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$INWESTEROS;SQL Server Agent (INWESTEROS);d:\program files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-11-04 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-11-04 130864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 M4-Service;M4-Service;c:\users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-01-16 1007472]
S2 MSSQL$INWESTEROS;SQL Server (INWESTEROS);d:\program files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]
S2 OpenSSHd;OpenSSH Server;c:\program files (x86)\OpenSSH\bin\cygrunsrv.exe [2004-04-18 36864]
S2 puppet;Puppet Agent;c:\program files (x86)\Puppet Labs\Puppet\service\daemon.bat [2012-04-10 87]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-08-20 27760]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-26 279616]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-05-03 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-30 76912]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-17 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-17 180736]
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [2009-02-23 22168]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-11-04 165680]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcsREG_MULTI_SZ w3svc was
apphostREG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3316494744-4244092113-3857006852-1000Core.job
- c:\users\reymund\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 06:45]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3316494744-4244092113-3857006852-1000UA.job
- c:\users\reymund\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 06:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21133400----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-15 1694016]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2010-11-10 13256]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-27 765552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: Interfaces\{7F1479AA-18CE-4520-9DBD-DB21F7DFF5BD}: NameServer = 192.168.2.154,192.168.2.129
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\puppet]
"ImagePath"="\"c:\program files (x86)\Puppet Labs\Puppet\service\daemon.bat\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:22,6a,db,ae,14,3a,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,59,4f,ae,54,3f,66,4b,9b,3d,fb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,59,4f,ae,54,3f,66,4b,9b,3d,fb,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\users\reymund\AppData\Roaming\Mikogo 4\M4-Capture.exe
c:\program files (x86)\Puppet Labs\Puppet\sys\ruby\bin\rubyw.exe
c:\program files (x86)\OpenSSH\usr\sbin\sshd.exe
.
**************************************************************************
.
Completion time: 2012-07-31 23:07:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-01 03:07
ComboFix2.txt 2012-08-01 02:38
ComboFix3.txt 2012-07-26 00:20
.
Pre-Run: 46,333,128,704 bytes free
Post-Run: 46,230,515,712 bytes free
.
- - End Of File - - 404338326D9EF1995AE5B072241CAF5B
 
Very good :)

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Still no IExplore process and I haven't been redirect google searches so far.
The only file that was created was OTL.txt:

OTL logfile created on: 7/31/2012 11:20:48 PM - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\reymund\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.95 Gb Total Physical Memory | 13.35 Gb Available Physical Memory | 83.70% Memory free
17.95 Gb Paging File | 14.96 Gb Available in Paging File | 83.36% Paging File free
Paging file location(s): d:\pagefile.sys 2048 16331 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 41.88 Gb Free Space | 37.50% Space Free | Partition Type: NTFS
Drive D: | 689.86 Gb Total Space | 417.20 Gb Free Space | 60.48% Space Free | Partition Type: NTFS

Computer Name: DORNE | User Name: reymund | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/31 23:19:12 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\reymund\Desktop\OTL.exe
PRC - [2012/07/31 23:08:56 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/14 00:26:46 | 001,592,160 | ---- | M] () -- C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Capture.exe
PRC - [2012/02/16 14:44:00 | 000,070,737 | ---- | M] () -- C:\Program Files (x86)\Puppet Labs\Puppet\sys\ruby\bin\rubyw.exe
PRC - [2012/01/16 06:04:46 | 001,007,472 | ---- | M] () -- C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe
PRC - [2011/11/26 04:11:42 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/02 19:24:28 | 001,636,208 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
PRC - [2010/12/09 15:38:20 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/09 15:38:20 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/16 23:43:30 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/10 11:51:20 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/10 11:45:08 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/10 11:40:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 19:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/08/26 20:37:16 | 000,765,552 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/03/11 01:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/03/11 01:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2004/04/18 07:11:14 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/31 23:08:56 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/07/31 23:08:55 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/07/31 23:08:55 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/07/31 23:08:55 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/07/31 23:08:55 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/04/07 17:35:37 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
MOD - [2012/04/07 17:34:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
MOD - [2012/04/07 17:34:02 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012/04/07 17:18:18 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll
MOD - [2012/04/07 17:18:08 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll
MOD - [2012/04/07 17:18:07 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
MOD - [2012/04/07 17:18:07 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
MOD - [2012/04/07 17:18:04 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012/04/07 17:18:01 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012/04/07 17:18:00 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
MOD - [2012/04/07 17:18:00 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
MOD - [2012/04/07 17:17:59 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MOD - [2012/04/07 17:17:58 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/04/07 17:17:54 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2012/04/07 17:17:54 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
MOD - [2012/02/25 15:51:06 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c6b914d595e5b00ae540004a71c6c3a2\IAStorUtil.ni.dll
MOD - [2012/02/25 15:31:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/25 15:31:29 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/25 15:31:24 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/25 15:31:16 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/25 15:31:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/25 15:31:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/25 15:31:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2011/11/26 04:43:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll
MOD - [2011/11/26 04:19:20 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/02 19:24:28 | 001,636,208 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
MOD - [2010/11/10 11:40:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2010/08/26 20:37:16 | 000,765,552 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2009/12/18 12:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
MOD - [2004/04/18 07:11:14 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/03/17 04:14:56 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/05 14:41:38 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/01/05 14:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 14:26:56 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/11/10 11:40:46 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/07/31 23:08:56 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/10 16:04:50 | 000,000,087 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Puppet Labs\Puppet\service\daemon.bat -- (puppet)
SRV - [2012/01/16 06:04:46 | 001,007,472 | ---- | M] () [Auto | Running] -- C:\Users\reymund\AppData\Roaming\Mikogo 4\M4-Service.exe -- (M4-Service)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/09 15:38:20 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/09 15:38:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/20 05:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 05:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 05:18:04 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 11:00:12 | 061,913,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\Program Files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\sqlservr.exe -- (MSSQL$INWESTEROS)
SRV - [2010/04/03 11:00:10 | 000,428,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- d:\Program Files\Microsoft SQL Server\MSSQL10_50.INWESTEROS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$INWESTEROS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 16:13:40 | 000,481,616 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe -- (SONICWALL_NetExtender)
SRV - [2004/04/18 07:11:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe -- (OpenSSHd)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/11/26 04:35:53 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/04 13:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/10/21 18:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/03 19:39:26 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/03/17 04:14:56 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/04 12:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/11/30 12:48:38 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/11/30 12:32:36 | 000,326,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/29 15:03:06 | 001,395,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 02:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/16 23:43:32 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/16 23:43:32 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/13 19:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/08/20 12:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/08/20 12:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2009/09/08 19:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/26 16:43:42 | 000,016,752 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/23 17:56:08 | 000,022,168 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 16:43:42 | 000,013,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 9F AE B6 FF AB CC 01 [binary data]
IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\reymund\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\reymund\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\reymund\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\reymund\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\reymund\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\reymund\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\reymund\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\reymund\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\reymund\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\reymund\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

O1 HOSTS File: ([2012/07/31 23:05:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\..Trusted Domains: cbipartner.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-3316494744-4244092113-3857006852-1000\..Trusted Domains: darcoasp.net ([]* in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://remote2.darcoasp.net/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westeros.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F1479AA-18CE-4520-9DBD-DB21F7DFF5BD}: NameServer = 192.168.2.154,192.168.2.129
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/31 23:19:18 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\reymund\Desktop\OTL.exe
[2012/07/31 23:05:50 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/31 23:04:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/31 22:18:34 | 004,721,982 | R--- | C] (Swearware) -- C:\Users\reymund\Desktop\ComboFix.exe
[2012/07/31 21:40:45 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\reymund\Desktop\aswMBR.exe
[2012/07/31 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\reymund\Desktop\RK_Quarantine
[2012/07/31 21:04:11 | 000,000,000 | ---D | C] -- C:\Users\reymund\Desktop\tdsskiller
[2012/07/31 19:51:34 | 000,000,000 | ---D | C] -- C:\Users\reymund\Desktop\To Be Reviewed
[2012/07/26 07:39:06 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/26 07:39:06 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/26 07:39:06 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/26 07:39:06 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/26 07:39:06 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/26 07:39:06 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/26 07:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/26 07:38:57 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/26 07:38:56 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/25 20:38:11 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/25 20:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/25 20:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/25 19:50:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/25 13:08:34 | 000,000,000 | ---D | C] -- C:\Users\reymund\AppData\Roaming\Mozilla
[2012/07/25 02:20:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/25 01:46:48 | 000,000,000 | ---D | C] -- C:\Users\reymund\AppData\Roaming\Malwarebytes
[2012/07/25 01:46:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/25 01:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/25 01:46:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/25 01:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/25 00:01:57 | 000,000,000 | ---D | C] -- C:\Users\reymund\Desktop\gggggg
[2012/07/21 22:53:34 | 000,000,000 | ---D | C] -- C:\Users\reymund\AppData\Roaming\SparkPDF
[2012/07/21 22:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SparkPDF
[2012/07/21 22:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SparkPDF
[2012/07/21 22:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/07/17 19:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2012/07/17 19:44:32 | 000,000,000 | ---D | C] -- C:\Users\reymund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/07/16 22:47:04 | 000,000,000 | ---D | C] -- C:\Users\reymund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/11 00:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PuppetLabs
[2012/07/11 00:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Puppet Labs
[2012/07/11 00:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puppet

========== Files - Modified Within 30 Days ==========

[2012/07/31 23:20:13 | 000,050,786 | ---- | M] () -- C:\Users\reymund\Desktop\Capture4.JPG
[2012/07/31 23:19:12 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\reymund\Desktop\OTL.exe
[2012/07/31 23:14:57 | 001,075,312 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/31 23:14:57 | 000,870,808 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/31 23:14:57 | 000,199,854 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/31 23:14:02 | 000,016,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 23:14:02 | 000,016,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 23:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/31 23:08:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3316494744-4244092113-3857006852-1000UA.job
[2012/07/31 23:05:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/31 22:58:50 | 000,074,127 | ---- | M] () -- C:\Users\reymund\Desktop\Capture3.JPG
[2012/07/31 22:21:24 | 000,107,000 | ---- | M] () -- C:\Users\reymund\Desktop\Capture2.JPG
[2012/07/31 22:20:35 | 000,163,814 | ---- | M] () -- C:\Users\reymund\Desktop\Capture1.JPG
[2012/07/31 22:18:41 | 004,721,982 | R--- | M] (Swearware) -- C:\Users\reymund\Desktop\ComboFix.exe
[2012/07/31 21:41:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\reymund\Desktop\aswMBR.exe
[2012/07/31 21:36:26 | 001,552,384 | ---- | M] () -- C:\Users\reymund\Desktop\RogueKiller.exe
[2012/07/31 21:03:41 | 002,117,108 | ---- | M] () -- C:\Users\reymund\Desktop\tdsskiller.zip
[2012/07/31 20:00:28 | 000,302,592 | ---- | M] () -- C:\Users\reymund\Desktop\0n88ejnj.exe
[2012/07/31 00:14:29 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3316494744-4244092113-3857006852-1000Core.job
[2012/07/30 00:12:05 | 000,335,126 | ---- | M] () -- C:\Users\reymund\Desktop\CP7672 Digital Multimeter.pdf
[2012/07/26 07:39:06 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/26 07:39:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/26 07:34:25 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/25 01:46:42 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/25 00:42:32 | 000,000,599 | ---- | M] () -- C:\Users\reymund\_viminfo
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 12:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/01 23:59:47 | 000,000,600 | ---- | M] () -- C:\Users\reymund\AppData\Roaming\winscp.rnd

========== Files Created - No Company Name ==========

[2012/07/31 23:20:13 | 000,050,786 | ---- | C] () -- C:\Users\reymund\Desktop\Capture4.JPG
[2012/07/31 22:58:50 | 000,074,127 | ---- | C] () -- C:\Users\reymund\Desktop\Capture3.JPG
[2012/07/31 22:21:24 | 000,107,000 | ---- | C] () -- C:\Users\reymund\Desktop\Capture2.JPG
[2012/07/31 22:20:35 | 000,163,814 | ---- | C] () -- C:\Users\reymund\Desktop\Capture1.JPG
[2012/07/31 21:36:24 | 001,552,384 | ---- | C] () -- C:\Users\reymund\Desktop\RogueKiller.exe
[2012/07/31 21:03:29 | 002,117,108 | ---- | C] () -- C:\Users\reymund\Desktop\tdsskiller.zip
[2012/07/31 20:00:27 | 000,302,592 | ---- | C] () -- C:\Users\reymund\Desktop\0n88ejnj.exe
[2012/07/30 00:12:24 | 000,335,126 | ---- | C] () -- C:\Users\reymund\Desktop\CP7672 Digital Multimeter.pdf
[2012/07/26 07:39:06 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/26 07:34:25 | 000,002,324 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/25 20:38:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/07/25 01:46:42 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/25 00:42:32 | 000,000,599 | ---- | C] () -- C:\Users\reymund\_viminfo
[2012/06/29 21:20:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/29 21:20:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/29 21:20:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/29 21:20:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/29 21:20:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/21 14:36:12 | 000,000,379 | ---- | C] () -- C:\Users\reymund\.bash_history
[2011/11/26 17:23:40 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/11/26 17:23:40 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/11/26 04:23:21 | 000,000,600 | ---- | C] () -- C:\Users\reymund\AppData\Roaming\winscp.rnd
[2011/11/26 02:23:00 | 000,840,204 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/26 02:14:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/11/26 01:29:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/11/26 01:29:07 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/21 18:27:54 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/21 18:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/21 18:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/11/10 11:50:38 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll

========== LOP Check ==========

[2012/02/28 11:50:49 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\Canon
[2011/11/30 00:22:45 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\Chrome
[2012/05/24 22:29:46 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\DAEMON Tools Lite
[2011/11/29 01:30:05 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\ICAClient
[2012/04/14 05:09:57 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\IDT
[2012/01/29 13:13:12 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\ImgBurn
[2012/04/14 00:26:49 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\Mikogo 4
[2011/11/26 12:28:42 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\Notepad++
[2012/07/21 22:54:43 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\SparkPDF
[2012/01/03 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\Stardock
[2011/12/02 17:54:36 | 000,000,000 | ---D | M] -- C:\Users\reymund\AppData\Roaming\TS3Client
[2009/07/14 01:08:49 | 000,014,208 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 
OTL log is clean.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Security Check
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 25
Java version out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 29% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

FSS
Farbar Service Scanner Version: 26-07-2012
Ran by reymund (administrator) on 01-08-2012 at 00:14:57
Running from "C:\Users\reymund\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

ESET

C:\TDSSKiller_Quarantine\25.07.2012_19.45.08\mbr0000\tdlfs0000\tsk0000.dtaWin32/Olmarik.AYI trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.07.2012_19.45.08\mbr0000\tdlfs0000\tsk0001.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.07.2012_19.45.08\mbr0000\tdlfs0000\tsk0002.dtaWin32/Olmarik.AWO trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.07.2012_19.45.08\mbr0000\tdlfs0000\tsk0003.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.07.2012_19.45.08\mbr0000\tdlfs0000\tsk0007.dtaWin32/Olmarik.AFK trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.07.2012_19.45.08\mbr0000\tdlfs0000\tsk0008.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.07.2012_20.10.35\tdlfs0000\tsk0000.dtaWin32/Olmarik.AYI trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.07.2012_20.10.35\tdlfs0000\tsk0001.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.07.2012_20.10.35\tdlfs0000\tsk0002.dtaWin32/Olmarik.AWO trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.07.2012_20.10.35\tdlfs0000\tsk0003.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.07.2012_20.10.35\tdlfs0000\tsk0007.dtaWin32/Olmarik.AFK trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.07.2012_20.10.35\tdlfs0000\tsk0008.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

==========================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Still no Google redirects and no rogue IE processes! Computer is running smoothly. Thank you very much! You title as "Malware Annihilator" is well deserved!

Here was the final log from OTL:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: reymund
->Temp folder emptied: 262779 bytes
->Temporary Internet Files folder emptied: 91195 bytes
->Java cache emptied: 2027 bytes
->Google Chrome cache emptied: 72318428 bytes
->Flash cache emptied: 2143 bytes

User: svc_inwesteros
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: VaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1762 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 9990984 bytes

Total Files Cleaned = 79.00 mb


[EMPTYFLASH]

User: All Users

User: Classic .NET AppPool

User: Default

User: Default User

User: DefaultAppPool

User: Public

User: reymund
->Flash cache emptied: 0 bytes

User: svc_inwesteros

User: UpdatusUser

User: VaultAppPool

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Classic .NET AppPool

User: Default

User: Default User

User: DefaultAppPool

User: Public

User: reymund
->Java cache emptied: 0 bytes

User: svc_inwesteros

User: UpdatusUser

User: VaultAppPool

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 08032012_005130

Files\Folders moved on Reboot...
C:\Users\reymund\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\reymund\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/08/03 01:07:01 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back