Solved Need help removing malware

Nathan Dauth

Posts: 21   +0
I need help removing some malware that redirects search results and changes my windows security settings. Windows defender has found Sirefef and Alureon on my machine if that helps.

Here are my logs:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.11.14
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
aliu :: ALVIN-LAPTOP [administrator]
10/11/2012 2:18:29 PM
mbam-log-2012-10-11 (14-18-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200233
Time elapsed: 1 minute(s), 28 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2780 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)

GMER.log was blank...

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by aliu at 14:35:27 on 2012-10-11
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.3978.1898 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Microsoft Lync\communicator.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft Lync\UcMapi64.exe
C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe
C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: af0.Adblock.BHO: {90eff544-3981-4d46-85c9-c0361d0931d6} - mscoree.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
StartupFolder: C:\Users\Aliu\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.100.106 192.168.100.115
TCP: Interfaces\{6EB251FE-37B1-4AA5-BC07-DEAE96051880} : DhcpNameServer = 192.168.100.106 192.168.100.115
TCP: Interfaces\{6EB251FE-37B1-4AA5-BC07-DEAE96051880}\14E64627F69646455647865627 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{6EB251FE-37B1-4AA5-BC07-DEAE96051880}\24C6575644F6C6078696E6D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
TCP: Interfaces\{6EB251FE-37B1-4AA5-BC07-DEAE96051880}\763736 : DhcpNameServer = 192.168.2.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO-X64: Lync add-on BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: af0.Adblock.BHO: {90EFF544-3981-4d46-85C9-C0361D0931D6} - mscoree.dll
BHO-X64: AdblockIE - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 MpKsl0ee0524c;MpKsl0ee0524c;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E27EF75-FF19-4D10-8EAC-47B1836BA710}\MpKsl0ee0524c.sys [2012-10-11 35664]
R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-12-27 514048]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-9-10 101736]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-9-10 133992]
R2 MR2012ApplicationService;Management Reporter 2012 Application Service;C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe [2012-7-24 19544]
R2 MR2012ProcessService;Management Reporter 2012 Process Service;C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe [2012-7-24 19544]
R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-7-10 214040]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-8-17 2024864]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-7-10 2045464]
R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2012-9-9 446592]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-3-7 382272]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-3-5 284696]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-9-10 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-9-10 142696]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-12-27 979456]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\Netwsw00.sys --> C:\Windows\system32\DRIVERS\Netwsw00.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 SmbDrvI;SmbDrvI;C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys --> C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 SWIPsec;SonicWALL IPsec Driver;\??\C:\Windows\system32\Drivers\SWIPsec.sys --> C:\Windows\system32\Drivers\SWIPsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-10 250808]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\system32\DRIVERS\swvnic.sys --> C:\Windows\system32\DRIVERS\swvnic.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-9 61976]
S4 RsFx0102;RsFx0102 Driver;C:\Windows\system32\DRIVERS\RsFx0102.sys --> C:\Windows\system32\DRIVERS\RsFx0102.sys [?]
.
=============== Created Last 30 ================
.
2012-10-11 21:24:49 20480 ----a-w- C:\Windows\svchost.exe
2012-10-11 21:23:59 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E27EF75-FF19-4D10-8EAC-47B1836BA710}\offreg.dll
2012-10-11 21:23:54 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E27EF75-FF19-4D10-8EAC-47B1836BA710}\MpKsl0ee0524c.sys
2012-10-11 21:17:37 -------- d-----w- C:\Users\Aliu\AppData\Roaming\Malwarebytes
2012-10-11 21:17:21 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-11 21:17:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-11 21:17:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-11 21:14:53 -------- d-----w- C:\Users\Aliu\AppData\Roaming\DAEMON Tools Lite
2012-10-11 20:39:32 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4605B198-7224-4C4F-BE49-CCCA7084A801}\gapaengine.dll
2012-10-11 20:39:30 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E27EF75-FF19-4D10-8EAC-47B1836BA710}\mpengine.dll
2012-10-11 20:36:41 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-10-11 20:36:39 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-10-11 17:33:36 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8039718-9CCD-414D-B6EB-FD80FC8E220D}\mpengine.dll
2012-10-10 16:31:33 -------- d-----w- C:\Program Files (x86)\Citrix
2012-10-09 23:18:06 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\8ED5.tmp
2012-10-09 23:18:06 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\8ED4.tmp
2012-10-09 21:46:05 -------- d-----w- C:\Windows\SysWow64\%APPDATA%
2012-10-08 20:55:31 -------- d-----w- C:\Users\Aliu\AppData\Local\Cisco
2012-10-08 20:49:52 -------- d-----w- C:\ProgramData\Cisco
2012-10-05 01:50:49 -------- d-----w- C:\Program Files\Microsoft Lync
2012-10-05 01:50:48 -------- d-----w- C:\Program Files (x86)\Microsoft Lync
2012-10-05 01:48:24 -------- d-----w- C:\Users\Aliu\Tracing
2012-10-05 01:48:24 -------- d-----w- C:\Program Files (x86)\OCSetup
2012-09-28 21:29:03 -------- d-----w- C:\Users\Aliu\VSWebCache
2012-09-28 03:04:54 -------- d-----w- C:\Program Files\Ventrilo
2012-09-28 03:04:25 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-09-26 22:09:31 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-26 19:01:59 -------- d-----w- C:\Program Files (x86)\af0.net
2012-09-26 16:20:13 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-24 20:43:19 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-09-24 20:43:19 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2012-09-24 20:43:19 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-09-24 20:42:30 -------- d-----w- C:\ProgramData\Battle.net
2012-09-24 17:39:59 -------- d-----w- C:\Users\Aliu\AppData\Roaming\Microsoft Business Solutions
2012-09-19 23:20:47 -------- d-----w- C:\Users\Aliu\AppData\Local\IsolatedStorage
2012-09-19 17:02:08 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-09-18 23:46:12 -------- d-----w- C:\Program Files\VideoLAN
2012-09-18 19:46:31 -------- d-----w- C:\Users\Aliu\AppData\Roaming\SonicWALL
2012-09-18 19:46:16 99352 ----a-w- C:\Windows\System32\drivers\SWIPsec.sys
2012-09-18 19:46:11 -------- d-----w- C:\Program Files\SonicWALL
2012-09-18 00:37:55 -------- d-----w- C:\Program Files\Common Files\Deterministic Networks
2012-09-18 00:37:54 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2012-09-17 18:02:28 -------- d-----w- C:\Users\Aliu\AppData\Local\Microsoft Games
2012-09-15 17:07:58 -------- d-----w- C:\Users\Aliu\AppData\Local\Bomgar
2012-09-14 23:29:01 -------- d-----w- C:\Windows\System32\appmgmt
2012-09-14 02:14:05 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-09-14 02:14:05 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-09-14 02:14:05 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-09-12 20:45:51 -------- d-----w- C:\Users\Aliu\AppData\Local\Diagnostics
2012-09-12 18:57:52 -------- d-----w- C:\Users\Aliu\AppData\Roaming\Samsung
2012-09-12 18:54:02 -------- d-----w- C:\Windows\SysWow64\Wat
2012-09-12 18:54:02 -------- d-----w- C:\Windows\System32\Wat
2012-09-12 18:54:00 -------- d-----w- C:\Windows\SysWow64\LogFiles
2012-09-12 18:54:00 -------- d-----w- C:\Program Files\Windows Portable Devices
2012-09-12 18:54:00 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2012-09-12 18:37:01 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-09-12 18:24:33 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-09-12 18:24:33 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-09-12 18:24:33 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-09-12 18:24:33 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-09-12 18:24:33 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-09-12 18:24:33 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-09-12 18:24:33 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-09-12 18:11:41 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-09-12 18:08:00 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-09-12 18:05:03 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2012-09-12 18:05:03 -------- d-----w- C:\Program Files (x86)\MarkAny
2012-09-12 18:02:25 -------- d-----w- C:\Users\Aliu\AppData\Local\Downloaded Installations
2012-09-12 17:21:37 -------- d-----w- C:\Windows\SysWow64\NV
2012-09-12 17:21:37 -------- d-----w- C:\Windows\System32\NV
2012-09-12 17:06:18 -------- d-----w- C:\Users\Aliu\AppData\Local\ElevatedDiagnostics
2012-09-12 16:46:55 -------- d-----w- C:\Program Files\SAMSUNG
2012-09-12 16:46:42 -------- d-----w- C:\ProgramData\Samsung
2012-09-12 16:33:36 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 16:33:36 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 16:33:36 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 16:33:36 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 16:33:36 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 16:33:36 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 16:33:36 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-10-11 19:38:22 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-11 19:38:22 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-10 01:05:48 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-08-31 05:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 05:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-30 20:32:08 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 14:35:50.45 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate N
Boot Device: \Device\HarddiskVolume1
Install Date: 9/9/2012 3:17:29 PM
System Uptime: 10/11/2012 2:23:39 PM (0 hours ago)
.
Motherboard: LENOVO | | 4170CTO
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 132 GiB total, 51.39 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 5.583 GiB free.
E: is CDROM ()
G: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SonicWALL IPsec Driver
Device ID: ROOT\LEGACY_SWIPSEC\0000
Manufacturer:
Name: SonicWALL IPsec Driver
PNP Device ID: ROOT\LEGACY_SWIPSEC\0000
Service: SWIPsec
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: SonicWALL Virtual NIC
Device ID: ROOT\SWVNIC\0000
Manufacturer: SonicWALL
Name: SonicWALL Virtual NIC
PNP Device ID: ROOT\SWVNIC\0000
Service: SWVNIC
.
==== System Restore Points ===================
.
RP37: 10/4/2012 6:56:36 PM - Installed Microsoft Online Services Sign-in Assistant
RP38: 10/4/2012 7:54:19 PM - Installed Microsoft Office Professional Plus 2010 Subscription
RP39: 10/8/2012 12:24:40 PM - Windows Update
RP40: 10/8/2012 1:49:36 PM - Installed Cisco AnyConnect VPN Client
RP41: 10/10/2012 4:44:28 PM - Removed AdblockIE
RP42: 10/11/2012 10:31:22 AM - Restore Operation
RP44: 10/11/2012 11:43:08 AM - Windows Defender Checkpoint
RP45: 10/11/2012 1:39:21 PM - Windows Update
RP46: 10/11/2012 2:20:43 PM - Removed Java(TM) 6 Update 25
.
==== Installed Programs ======================
.
AdblockIE
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Amazon Kindle
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
DAEMON Tools Lite
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Integrated Camera Driver Installer Package Ver.1.1.0.1147
Integrated Camera TWAIN
Intel(R) Processor Graphics
Lenovo Patch Utility
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Dynamics GP 2010
Microsoft Lync 2010 SDK Runtime
Microsoft Office 2003 Web Components
Microsoft Silverlight
Microsoft SQL Server 2008 Books Online (English)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Policies
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
NVIDIA Stereoscopic 3D Driver
Open XML SDK 2.0 for Microsoft Office
Pidgin
Renesas Electronics USB 3.0 Host Controller Driver
RICOH_Media_Driver_v2.14.18.01
Samsung Kies
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.10
SnagIt 8
ThinkPad Wireless LAN Adapter Software
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WinRAR archiver
WinZip
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
10/9/2012 2:38:42 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/4/2012 10:32:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
10/11/2012 2:23:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SWIPsec
10/11/2012 2:23:50 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain DM0 due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
10/11/2012 2:00:42 PM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "2477037E4215" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
10/11/2012 12:22:14 PM, Error: nvlddmkm [14] -
10/11/2012 10:48:15 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
10/10/2012 7:44:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/10/2012 7:41:54 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/10/2012 7:41:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
10/10/2012 7:41:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/10/2012 7:41:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/10/2012 7:41:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/10/2012 7:41:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/10/2012 7:41:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/10/2012 7:41:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/10/2012 7:41:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/10/2012 7:41:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss spldr SWIPsec tdx vwififlt Wanarpv6 WfpLwf
10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
10/10/2012 7:37:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
10/10/2012 6:58:13 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
10/10/2012 6:58:13 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
10/10/2012 6:57:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa80049be010, 0xfffff8800f1b8928, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101012-9391-01.
.
==== End Of File ===========================

Thank you in advance for your help.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
There was one item to 'Cure'. Here is the log:

17:10:17.0766 4320 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:10:18.0450 4320 ============================================================
17:10:18.0450 4320 Current date / time: 2012/10/11 17:10:18.0450
17:10:18.0450 4320 SystemInfo:
17:10:18.0450 4320
17:10:18.0450 4320 OS Version: 6.1.7601 ServicePack: 1.0
17:10:18.0450 4320 Product type: Workstation
17:10:18.0450 4320 ComputerName: ALVIN-LAPTOP
17:10:18.0451 4320 UserName: aliu
17:10:18.0451 4320 Windows directory: C:\Windows
17:10:18.0451 4320 System windows directory: C:\Windows
17:10:18.0451 4320 Running under WOW64
17:10:18.0451 4320 Processor architecture: Intel x64
17:10:18.0451 4320 Number of processors: 4
17:10:18.0451 4320 Page size: 0x1000
17:10:18.0451 4320 Boot type: Normal boot
17:10:18.0451 4320 ============================================================
17:10:18.0828 4320 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:10:18.0879 4320 ============================================================
17:10:18.0879 4320 \Device\Harddisk0\DR0:
17:10:18.0880 4320 MBR partitions:
17:10:18.0880 4320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
17:10:18.0880 4320 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x107EA800
17:10:18.0880 4320 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x10AD9000, BlocksNum 0x1F40000
17:10:18.0880 4320 ============================================================
17:10:18.0881 4320 C: <-> \Device\Harddisk0\DR0\Partition2
17:10:18.0883 4320 D: <-> \Device\Harddisk0\DR0\Partition3
17:10:18.0883 4320 ============================================================
17:10:18.0883 4320 Initialize success
17:10:18.0883 4320 ============================================================
17:10:23.0626 4712 ============================================================
17:10:23.0626 4712 Scan started
17:10:23.0626 4712 Mode: Manual;
17:10:23.0626 4712 ============================================================
17:10:23.0746 4712 ================ Scan system memory ========================
17:10:23.0746 4712 System memory - ok
17:10:23.0747 4712 ================ Scan services =============================
17:10:23.0795 4712 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:10:23.0799 4712 1394ohci - ok
17:10:23.0805 4712 [ F4AF97702BAD85BFEF64B9A557F11B6F ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
17:10:23.0807 4712 5U877 - ok
17:10:23.0813 4712 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:10:23.0818 4712 ACPI - ok
17:10:23.0821 4712 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:10:23.0822 4712 AcpiPmi - ok
17:10:23.0828 4712 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:10:23.0829 4712 AdobeARMservice - ok
17:10:23.0852 4712 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:10:23.0855 4712 AdobeFlashPlayerUpdateSvc - ok
17:10:23.0865 4712 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:10:23.0871 4712 adp94xx - ok
17:10:23.0882 4712 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:10:23.0886 4712 adpahci - ok
17:10:23.0892 4712 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:10:23.0897 4712 adpu320 - ok
17:10:23.0905 4712 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:10:23.0906 4712 AeLookupSvc - ok
17:10:23.0917 4712 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:10:23.0922 4712 AFD - ok
17:10:23.0926 4712 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:10:23.0927 4712 agp440 - ok
17:10:23.0932 4712 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:10:23.0934 4712 ALG - ok
17:10:23.0937 4712 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:10:23.0938 4712 aliide - ok
17:10:23.0942 4712 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:10:23.0944 4712 amdide - ok
17:10:23.0947 4712 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:10:23.0949 4712 AmdK8 - ok
17:10:23.0954 4712 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:10:23.0957 4712 AmdPPM - ok
17:10:23.0961 4712 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:10:23.0963 4712 amdsata - ok
17:10:23.0971 4712 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:10:23.0974 4712 amdsbs - ok
17:10:23.0980 4712 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:10:23.0983 4712 amdxata - ok
17:10:23.0988 4712 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:10:23.0990 4712 AppID - ok
17:10:23.0993 4712 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:10:23.0994 4712 AppIDSvc - ok
17:10:24.0002 4712 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:10:24.0004 4712 Appinfo - ok
17:10:24.0011 4712 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:10:24.0013 4712 AppMgmt - ok
17:10:24.0019 4712 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:10:24.0021 4712 arc - ok
17:10:24.0025 4712 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:10:24.0027 4712 arcsas - ok
17:10:24.0047 4712 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:10:24.0048 4712 aspnet_state - ok
17:10:24.0052 4712 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:10:24.0054 4712 AsyncMac - ok
17:10:24.0057 4712 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:10:24.0058 4712 atapi - ok
17:10:24.0070 4712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:10:24.0079 4712 AudioEndpointBuilder - ok
17:10:24.0091 4712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:10:24.0094 4712 AudioSrv - ok
17:10:24.0100 4712 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:10:24.0103 4712 AxInstSV - ok
17:10:24.0114 4712 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:10:24.0120 4712 b06bdrv - ok
17:10:24.0127 4712 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:10:24.0130 4712 b57nd60a - ok
17:10:24.0138 4712 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:10:24.0139 4712 BDESVC - ok
17:10:24.0143 4712 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:10:24.0144 4712 Beep - ok
17:10:24.0159 4712 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:10:24.0168 4712 BFE - ok
17:10:24.0183 4712 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:10:24.0191 4712 BITS - ok
17:10:24.0195 4712 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:10:24.0197 4712 blbdrive - ok
17:10:24.0205 4712 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:10:24.0207 4712 bowser - ok
17:10:24.0211 4712 [ 409F3CC53ED16F9813ACA394821C82A5 ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
17:10:24.0213 4712 bpenum - ok
17:10:24.0218 4712 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:10:24.0220 4712 BrFiltLo - ok
17:10:24.0223 4712 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:10:24.0224 4712 BrFiltUp - ok
17:10:24.0229 4712 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:10:24.0231 4712 Browser - ok
17:10:24.0240 4712 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:10:24.0243 4712 Brserid - ok
17:10:24.0247 4712 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:10:24.0249 4712 BrSerWdm - ok
17:10:24.0252 4712 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:10:24.0254 4712 BrUsbMdm - ok
17:10:24.0257 4712 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:10:24.0259 4712 BrUsbSer - ok
17:10:24.0262 4712 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:10:24.0264 4712 BTHMODEM - ok
17:10:24.0272 4712 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:10:24.0273 4712 bthserv - ok
17:10:24.0280 4712 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:10:24.0283 4712 cdfs - ok
17:10:24.0288 4712 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:10:24.0291 4712 cdrom - ok
17:10:24.0295 4712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:10:24.0297 4712 CertPropSvc - ok
17:10:24.0305 4712 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:10:24.0306 4712 circlass - ok
17:10:24.0314 4712 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:10:24.0318 4712 CLFS - ok
17:10:24.0323 4712 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:10:24.0325 4712 clr_optimization_v2.0.50727_32 - ok
17:10:24.0330 4712 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:10:24.0332 4712 clr_optimization_v2.0.50727_64 - ok
17:10:24.0341 4712 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:10:24.0343 4712 clr_optimization_v4.0.30319_32 - ok
17:10:24.0348 4712 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:10:24.0350 4712 clr_optimization_v4.0.30319_64 - ok
17:10:24.0354 4712 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:10:24.0355 4712 CmBatt - ok
17:10:24.0360 4712 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:10:24.0361 4712 cmdide - ok
17:10:24.0371 4712 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:10:24.0377 4712 CNG - ok
17:10:24.0396 4712 [ 5BEC441B6B91E874C987C06F98176D90 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
17:10:24.0413 4712 CnxtHdAudService - ok
17:10:24.0418 4712 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:10:24.0419 4712 Compbatt - ok
17:10:24.0423 4712 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:10:24.0425 4712 CompositeBus - ok
17:10:24.0428 4712 COMSysApp - ok
17:10:24.0433 4712 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:10:24.0436 4712 crcdisk - ok
17:10:24.0443 4712 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:10:24.0445 4712 CryptSvc - ok
17:10:24.0458 4712 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:10:24.0465 4712 CSC - ok
17:10:24.0478 4712 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:10:24.0487 4712 CscService - ok
17:10:24.0490 4712 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
17:10:24.0492 4712 CVirtA - ok
17:10:24.0511 4712 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
17:10:24.0667 4712 CVPND - ok
17:10:24.0675 4712 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
17:10:24.0696 4712 CVPNDRVA - ok
17:10:24.0705 4712 [ 9D0D050170D47E778B624A28C90F23DE ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
17:10:24.0991 4712 CxAudMsg - ok
17:10:25.0001 4712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:10:25.0007 4712 DcomLaunch - ok
17:10:25.0014 4712 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:10:25.0018 4712 defragsvc - ok
17:10:25.0023 4712 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:10:25.0026 4712 DfsC - ok
17:10:25.0031 4712 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
17:10:25.0034 4712 dg_ssudbus - ok
17:10:25.0042 4712 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:10:25.0046 4712 Dhcp - ok
17:10:25.0053 4712 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:10:25.0054 4712 discache - ok
17:10:25.0059 4712 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:10:25.0061 4712 Disk - ok
17:10:25.0074 4712 [ DA386F821EEF05F96C38E104FD8004AC ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
17:10:25.0159 4712 DMAgent - ok
17:10:25.0164 4712 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
17:10:25.0165 4712 dmvsc - ok
17:10:25.0171 4712 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
17:10:25.0173 4712 DNE - ok
17:10:25.0179 4712 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:10:25.0182 4712 Dnscache - ok
17:10:25.0189 4712 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:10:25.0192 4712 dot3svc - ok
17:10:25.0198 4712 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:10:25.0202 4712 DPS - ok
17:10:25.0208 4712 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:10:25.0209 4712 drmkaud - ok
17:10:25.0217 4712 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:10:25.0220 4712 dtsoftbus01 - ok
17:10:25.0237 4712 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:10:25.0248 4712 DXGKrnl - ok
17:10:25.0260 4712 [ 03F4C5C12FC1C69F838DA723475EF650 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
17:10:25.0264 4712 e1cexpress - ok
17:10:25.0270 4712 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:10:25.0272 4712 EapHost - ok
17:10:25.0308 4712 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:10:25.0340 4712 ebdrv - ok
17:10:25.0344 4712 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:10:25.0346 4712 EFS - ok
17:10:25.0357 4712 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:10:25.0365 4712 elxstor - ok
17:10:25.0369 4712 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:10:25.0370 4712 ErrDev - ok
17:10:25.0383 4712 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:10:25.0388 4712 EventSystem - ok
17:10:25.0401 4712 [ 6EB16C7286FBCD3AB206743BA813EC48 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:10:25.0429 4712 EvtEng - ok
17:10:25.0438 4712 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:10:25.0440 4712 exfat - ok
17:10:25.0446 4712 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:10:25.0450 4712 fastfat - ok
17:10:25.0461 4712 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:10:25.0470 4712 Fax - ok
17:10:25.0473 4712 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:10:25.0475 4712 fdc - ok
17:10:25.0479 4712 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:10:25.0481 4712 fdPHost - ok
17:10:25.0485 4712 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:10:25.0487 4712 FDResPub - ok
17:10:25.0491 4712 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:10:25.0492 4712 FileInfo - ok
17:10:25.0495 4712 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:10:25.0497 4712 Filetrace - ok
17:10:25.0504 4712 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:10:25.0506 4712 flpydisk - ok
17:10:25.0515 4712 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:10:25.0518 4712 FltMgr - ok
17:10:25.0537 4712 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:10:25.0549 4712 FontCache - ok
17:10:25.0555 4712 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:10:25.0556 4712 FontCache3.0.0.0 - ok
17:10:25.0560 4712 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:10:25.0562 4712 FsDepends - ok
17:10:25.0569 4712 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:10:25.0570 4712 Fs_Rec - ok
17:10:25.0576 4712 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:10:25.0580 4712 fvevol - ok
17:10:25.0584 4712 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:10:25.0586 4712 gagp30kx - ok
17:10:25.0598 4712 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:10:25.0609 4712 gpsvc - ok
17:10:25.0614 4712 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:10:25.0616 4712 hcw85cir - ok
17:10:25.0623 4712 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:10:25.0627 4712 HdAudAddService - ok
17:10:25.0634 4712 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:10:25.0636 4712 HDAudBus - ok
17:10:25.0640 4712 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:10:25.0642 4712 HidBatt - ok
17:10:25.0647 4712 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:10:25.0649 4712 HidBth - ok
17:10:25.0654 4712 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:10:25.0656 4712 HidIr - ok
17:10:25.0659 4712 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:10:25.0661 4712 hidserv - ok
17:10:25.0667 4712 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:10:25.0668 4712 HidUsb - ok
17:10:25.0676 4712 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:10:25.0678 4712 hkmsvc - ok
17:10:25.0685 4712 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:10:25.0688 4712 HomeGroupListener - ok
17:10:25.0694 4712 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:10:25.0699 4712 HomeGroupProvider - ok
17:10:25.0703 4712 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:10:25.0705 4712 HpSAMD - ok
17:10:25.0716 4712 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:10:25.0726 4712 HTTP - ok
17:10:25.0730 4712 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:10:25.0731 4712 hwpolicy - ok
17:10:25.0738 4712 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:10:25.0740 4712 i8042prt - ok
17:10:25.0752 4712 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:10:25.0757 4712 iaStorV - ok
17:10:25.0761 4712 [ 22FEF6D8DDC3452EE5EC6FBD9920C74D ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
17:10:25.0763 4712 IBMPMDRV - ok
17:10:25.0767 4712 [ 8D61BB5A7D6E08E278C84F852D07D516 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
17:10:25.0769 4712 IBMPMSVC - ok
17:10:25.0783 4712 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:10:25.0792 4712 idsvc - ok
17:10:25.0942 4712 [ 978D876A581D57E0DE6437674EB0014D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:10:26.0100 4712 igfx - ok
17:10:26.0109 4712 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:10:26.0111 4712 iirsp - ok
17:10:26.0126 4712 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:10:26.0136 4712 IKEEXT - ok
17:10:26.0142 4712 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:10:26.0144 4712 intelide - ok
17:10:26.0149 4712 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:10:26.0152 4712 intelppm - ok
17:10:26.0156 4712 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:10:26.0159 4712 IPBusEnum - ok
17:10:26.0165 4712 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:10:26.0167 4712 IpFilterDriver - ok
17:10:26.0178 4712 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:10:26.0185 4712 iphlpsvc - ok
17:10:26.0190 4712 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:10:26.0191 4712 IPMIDRV - ok
17:10:26.0197 4712 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:10:26.0200 4712 IPNAT - ok
17:10:26.0207 4712 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:10:26.0209 4712 IRENUM - ok
17:10:26.0212 4712 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:10:26.0214 4712 isapnp - ok
17:10:26.0221 4712 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:10:26.0224 4712 iScsiPrt - ok
17:10:26.0228 4712 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:10:26.0231 4712 kbdclass - ok
17:10:26.0236 4712 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:10:26.0237 4712 kbdhid - ok
17:10:26.0241 4712 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:10:26.0242 4712 KeyIso - ok
17:10:26.0247 4712 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:10:26.0249 4712 KSecDD - ok
17:10:26.0254 4712 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:10:26.0257 4712 KSecPkg - ok
17:10:26.0262 4712 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:10:26.0264 4712 ksthunk - ok
17:10:26.0272 4712 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:10:26.0277 4712 KtmRm - ok
17:10:26.0284 4712 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:10:26.0287 4712 LanmanServer - ok
17:10:26.0292 4712 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:10:26.0295 4712 LanmanWorkstation - ok
17:10:26.0307 4712 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
17:10:26.0309 4712 LENOVO.MICMUTE - ok
17:10:26.0313 4712 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
17:10:26.0315 4712 lenovo.smi - ok
17:10:26.0319 4712 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
17:10:26.0321 4712 Lenovo.VIRTSCRLSVC - ok
17:10:26.0326 4712 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:10:26.0327 4712 lltdio - ok
17:10:26.0338 4712 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:10:26.0341 4712 lltdsvc - ok
17:10:26.0347 4712 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:10:26.0349 4712 lmhosts - ok
17:10:26.0354 4712 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:10:26.0356 4712 LSI_FC - ok
17:10:26.0361 4712 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:10:26.0365 4712 LSI_SAS - ok
17:10:26.0369 4712 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:10:26.0371 4712 LSI_SAS2 - ok
17:10:26.0375 4712 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:10:26.0377 4712 LSI_SCSI - ok
17:10:26.0383 4712 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:10:26.0385 4712 luafv - ok
17:10:26.0389 4712 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:10:26.0390 4712 megasas - ok
17:10:26.0397 4712 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:10:26.0402 4712 MegaSR - ok
17:10:26.0408 4712 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:10:26.0410 4712 MEIx64 - ok
17:10:26.0421 4712 Microsoft SharePoint Workspace Audit Service - ok
17:10:26.0426 4712 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:10:26.0428 4712 MMCSS - ok
17:10:26.0435 4712 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:10:26.0436 4712 Modem - ok
17:10:26.0440 4712 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:10:26.0441 4712 monitor - ok
17:10:26.0445 4712 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:10:26.0447 4712 mouclass - ok
17:10:26.0452 4712 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:10:26.0454 4712 mouhid - ok
17:10:26.0458 4712 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:10:26.0460 4712 mountmgr - ok
17:10:26.0468 4712 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:10:26.0470 4712 MpFilter - ok
17:10:26.0475 4712 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:10:26.0477 4712 mpio - ok
17:10:26.0484 4712 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKsl927113ab c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{33FF4951-7618-4653-AAFD-652A786A71CE}\MpKsl927113ab.sys
17:10:26.0484 4712 MpKsl927113ab - ok
17:10:26.0488 4712 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:10:26.0490 4712 mpsdrv - ok
17:10:26.0505 4712 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:10:26.0515 4712 MpsSvc - ok
17:10:26.0520 4712 [ B3FE07D214446BBFD1D91D0723A0AB11 ] MR2012ApplicationService C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe
17:10:26.0521 4712 MR2012ApplicationService - ok
17:10:26.0524 4712 [ B3FE07D214446BBFD1D91D0723A0AB11 ] MR2012ProcessService C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe
17:10:26.0525 4712 MR2012ProcessService - ok
17:10:26.0531 4712 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:10:26.0534 4712 MRxDAV - ok
17:10:26.0539 4712 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:10:26.0541 4712 mrxsmb - ok
17:10:26.0549 4712 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:10:26.0553 4712 mrxsmb10 - ok
17:10:26.0558 4712 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:10:26.0560 4712 mrxsmb20 - ok
17:10:26.0567 4712 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:10:26.0568 4712 msahci - ok
17:10:26.0573 4712 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:10:26.0575 4712 msdsm - ok
17:10:26.0580 4712 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:10:26.0583 4712 MSDTC - ok
17:10:26.0593 4712 [ 0C02096E686E9EB2A3D37DFF9B42D946 ] MsDtsServer100 C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
17:10:26.0596 4712 MsDtsServer100 - ok
17:10:26.0603 4712 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:10:26.0605 4712 Msfs - ok
17:10:26.0609 4712 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:10:26.0610 4712 mshidkmdf - ok
17:10:26.0614 4712 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:10:26.0615 4712 msisadrv - ok
17:10:26.0620 4712 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:10:26.0623 4712 MSiSCSI - ok
17:10:26.0625 4712 msiserver - ok
17:10:26.0633 4712 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:10:26.0634 4712 MSKSSRV - ok
17:10:26.0640 4712 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:10:26.0640 4712 MsMpSvc - ok
17:10:26.0674 4712 [ B0F062A952DA37DA2ED5DFE40F57E9E8 ] msoidsvc C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
17:10:26.0696 4712 msoidsvc - ok
17:10:26.0701 4712 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:10:26.0702 4712 MSPCLOCK - ok
17:10:26.0706 4712 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:10:26.0707 4712 MSPQM - ok
17:10:26.0715 4712 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:10:26.0719 4712 MsRPC - ok
17:10:26.0729 4712 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:10:26.0730 4712 mssmbios - ok
17:10:26.0736 4712 [ 6286605FE7C87DDC628E3CE41A15FFA6 ] MSSQLFDLauncher C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
17:10:26.0738 4712 MSSQLFDLauncher - ok
17:10:26.0741 4712 MSSQLSERVER - ok
17:10:26.0748 4712 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
17:10:26.0750 4712 MSSQLServerADHelper100 - ok
17:10:26.0755 4712 MSSQLServerOLAPService - ok
17:10:26.0760 4712 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:10:26.0762 4712 MSTEE - ok
17:10:26.0766 4712 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:10:26.0768 4712 MTConfig - ok
17:10:26.0772 4712 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:10:26.0773 4712 Mup - ok
17:10:26.0783 4712 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:10:26.0790 4712 napagent - ok
17:10:26.0799 4712 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:10:26.0803 4712 NativeWifiP - ok
17:10:26.0819 4712 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:10:26.0831 4712 NDIS - ok
17:10:26.0835 4712 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
 
17:10:26.0836 4712 NdisCap - ok
17:10:26.0840 4712 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:10:26.0841 4712 NdisTapi - ok
17:10:26.0846 4712 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:10:26.0848 4712 Ndisuio - ok
17:10:26.0855 4712 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:10:26.0857 4712 NdisWan - ok
17:10:26.0862 4712 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:10:26.0864 4712 NDProxy - ok
17:10:26.0868 4712 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:10:26.0870 4712 NetBIOS - ok
17:10:26.0877 4712 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:10:26.0880 4712 NetBT - ok
17:10:26.0884 4712 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:10:26.0885 4712 Netlogon - ok
17:10:26.0894 4712 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:10:26.0901 4712 Netman - ok
17:10:26.0907 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:26.0909 4712 NetMsmqActivator - ok
17:10:26.0913 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:26.0914 4712 NetPipeActivator - ok
17:10:26.0924 4712 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:10:26.0932 4712 netprofm - ok
17:10:26.0936 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:26.0937 4712 NetTcpActivator - ok
17:10:26.0941 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:26.0942 4712 NetTcpPortSharing - ok
17:10:27.0076 4712 [ 219A40EEEA50D638BA9D08680C354A0C ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
17:10:27.0222 4712 NETwNs64 - ok
17:10:27.0229 4712 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:10:27.0231 4712 nfrd960 - ok
17:10:27.0236 4712 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:10:27.0238 4712 NisDrv - ok
17:10:27.0246 4712 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:10:27.0250 4712 NisSrv - ok
17:10:27.0259 4712 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:10:27.0265 4712 NlaSvc - ok
17:10:27.0270 4712 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:10:27.0272 4712 Npfs - ok
17:10:27.0275 4712 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:10:27.0277 4712 nsi - ok
17:10:27.0281 4712 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:10:27.0282 4712 nsiproxy - ok
17:10:27.0306 4712 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:10:27.0322 4712 Ntfs - ok
17:10:27.0328 4712 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:10:27.0331 4712 Null - ok
17:10:27.0337 4712 [ 69FCDECD0215195261EC5362AB4A1520 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
17:10:27.0339 4712 nusb3hub - ok
17:10:27.0345 4712 [ F813EA99DA158FB4079622D882873D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:10:27.0348 4712 nusb3xhc - ok
17:10:27.0355 4712 [ C51EF670D03394BEAF0C3F46FD658082 ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
17:10:27.0358 4712 nvkflt - ok
17:10:27.0509 4712 [ FB48D71925996ACA512F0B63BCEC80B8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:10:27.0647 4712 nvlddmkm - ok
17:10:27.0655 4712 [ CC67D12C1B8127B77AAA846264C80F56 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
17:10:27.0658 4712 nvpciflt - ok
17:10:27.0665 4712 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:10:27.0667 4712 nvraid - ok
17:10:27.0673 4712 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:10:27.0675 4712 nvstor - ok
17:10:27.0692 4712 [ 3EEF9BB446E6FD0B1AAB02329638A540 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:10:27.0704 4712 nvsvc - ok
17:10:27.0710 4712 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:10:27.0712 4712 nv_agp - ok
17:10:27.0717 4712 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:10:27.0719 4712 ohci1394 - ok
17:10:27.0724 4712 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:10:27.0727 4712 ose64 - ok
17:10:27.0784 4712 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:10:27.0837 4712 osppsvc - ok
17:10:27.0849 4712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:10:27.0854 4712 p2pimsvc - ok
17:10:27.0864 4712 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:10:27.0869 4712 p2psvc - ok
17:10:27.0874 4712 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
17:10:27.0876 4712 Parport - ok
17:10:27.0882 4712 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:10:27.0883 4712 partmgr - ok
17:10:27.0890 4712 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:10:27.0894 4712 PcaSvc - ok
17:10:27.0901 4712 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:10:27.0904 4712 pci - ok
17:10:27.0909 4712 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:10:27.0911 4712 pciide - ok
17:10:27.0916 4712 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:10:27.0919 4712 pcmcia - ok
17:10:27.0923 4712 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:10:27.0925 4712 pcw - ok
17:10:27.0938 4712 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:10:27.0949 4712 PEAUTH - ok
17:10:27.0969 4712 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:10:27.0985 4712 PeerDistSvc - ok
17:10:28.0006 4712 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:10:28.0007 4712 PerfHost - ok
17:10:28.0029 4712 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:10:28.0044 4712 pla - ok
17:10:28.0053 4712 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:10:28.0060 4712 PlugPlay - ok
17:10:28.0066 4712 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:10:28.0068 4712 PNRPAutoReg - ok
17:10:28.0075 4712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:10:28.0078 4712 PNRPsvc - ok
17:10:28.0082 4712 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
17:10:28.0083 4712 Point64 - ok
17:10:28.0093 4712 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:10:28.0101 4712 PolicyAgent - ok
17:10:28.0110 4712 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:10:28.0113 4712 Power - ok
17:10:28.0118 4712 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:10:28.0120 4712 PptpMiniport - ok
17:10:28.0125 4712 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:10:28.0130 4712 Processor - ok
17:10:28.0136 4712 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:10:28.0139 4712 ProfSvc - ok
17:10:28.0143 4712 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:10:28.0144 4712 ProtectedStorage - ok
17:10:28.0150 4712 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:10:28.0152 4712 Psched - ok
17:10:28.0170 4712 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:10:28.0185 4712 ql2300 - ok
17:10:28.0190 4712 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:10:28.0193 4712 ql40xx - ok
17:10:28.0203 4712 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:10:28.0207 4712 QWAVE - ok
17:10:28.0212 4712 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:10:28.0213 4712 QWAVEdrv - ok
17:10:28.0216 4712 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:10:28.0218 4712 RasAcd - ok
17:10:28.0222 4712 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:10:28.0224 4712 RasAgileVpn - ok
17:10:28.0229 4712 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:10:28.0233 4712 RasAuto - ok
17:10:28.0237 4712 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:10:28.0239 4712 Rasl2tp - ok
17:10:28.0247 4712 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:10:28.0252 4712 RasMan - ok
17:10:28.0257 4712 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:10:28.0261 4712 RasPppoe - ok
17:10:28.0266 4712 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:10:28.0268 4712 RasSstp - ok
17:10:28.0274 4712 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:10:28.0278 4712 rdbss - ok
17:10:28.0282 4712 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:10:28.0283 4712 rdpbus - ok
17:10:28.0286 4712 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:10:28.0287 4712 RDPCDD - ok
17:10:28.0297 4712 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:10:28.0301 4712 RDPDR - ok
17:10:28.0307 4712 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:10:28.0307 4712 RDPENCDD - ok
17:10:28.0313 4712 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:10:28.0313 4712 RDPREFMP - ok
17:10:28.0319 4712 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:10:28.0320 4712 RdpVideoMiniport - ok
17:10:28.0326 4712 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:10:28.0330 4712 RDPWD - ok
17:10:28.0336 4712 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:10:28.0339 4712 rdyboost - ok
17:10:28.0345 4712 [ F09087C51C6AE42AE7DABE1EB3E44C17 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:10:28.0364 4712 RegSrvc - ok
17:10:28.0369 4712 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:10:28.0371 4712 RemoteAccess - ok
17:10:28.0377 4712 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:10:28.0380 4712 RemoteRegistry - ok
17:10:28.0410 4712 [ 54E230D1E2D0AB724A5402632784539B ] ReportServer C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
17:10:28.0431 4712 ReportServer - ok
17:10:28.0436 4712 [ 5A227511ED22DDFEDF7EF7323C8F7D2F ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys
17:10:28.0439 4712 risdxc - ok
17:10:28.0443 4712 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:10:28.0446 4712 RpcEptMapper - ok
17:10:28.0450 4712 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:10:28.0452 4712 RpcLocator - ok
17:10:28.0460 4712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:10:28.0465 4712 RpcSs - ok
17:10:28.0473 4712 [ 21EB2B83702285594DE893734A56B008 ] RsFx0102 C:\Windows\system32\DRIVERS\RsFx0102.sys
17:10:28.0477 4712 RsFx0102 - ok
17:10:28.0481 4712 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:10:28.0483 4712 rspndr - ok
17:10:28.0487 4712 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:10:28.0488 4712 s3cap - ok
17:10:28.0491 4712 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:10:28.0492 4712 SamSs - ok
17:10:28.0497 4712 SAService - ok
17:10:28.0506 4712 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:10:28.0509 4712 sbp2port - ok
17:10:28.0515 4712 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:10:28.0519 4712 SCardSvr - ok
17:10:28.0522 4712 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:10:28.0523 4712 scfilter - ok
17:10:28.0541 4712 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:10:28.0553 4712 Schedule - ok
17:10:28.0558 4712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:10:28.0560 4712 SCPolicySvc - ok
17:10:28.0567 4712 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:10:28.0570 4712 SDRSVC - ok
17:10:28.0574 4712 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:10:28.0576 4712 secdrv - ok
17:10:28.0580 4712 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:10:28.0582 4712 seclogon - ok
17:10:28.0586 4712 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:10:28.0588 4712 SENS - ok
17:10:28.0594 4712 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:10:28.0597 4712 SensrSvc - ok
17:10:28.0604 4712 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:10:28.0607 4712 Serenum - ok
17:10:28.0612 4712 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:10:28.0614 4712 Serial - ok
17:10:28.0617 4712 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:10:28.0619 4712 sermouse - ok
17:10:28.0630 4712 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:10:28.0634 4712 SessionEnv - ok
17:10:28.0637 4712 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:10:28.0638 4712 sffdisk - ok
17:10:28.0642 4712 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:10:28.0644 4712 sffp_mmc - ok
17:10:28.0648 4712 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:10:28.0649 4712 sffp_sd - ok
17:10:28.0653 4712 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:10:28.0655 4712 sfloppy - ok
17:10:28.0662 4712 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:10:28.0668 4712 SharedAccess - ok
17:10:28.0676 4712 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:10:28.0681 4712 ShellHWDetection - ok
17:10:28.0685 4712 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:10:28.0687 4712 SiSRaid2 - ok
17:10:28.0691 4712 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:10:28.0694 4712 SiSRaid4 - ok
17:10:28.0704 4712 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:10:28.0706 4712 SkypeUpdate - ok
17:10:28.0711 4712 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:10:28.0713 4712 Smb - ok
17:10:28.0717 4712 [ 8B4B5E4C0382D7ECBB48DC989AE20FA6 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
17:10:28.0718 4712 SmbDrvI - ok
17:10:28.0725 4712 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:10:28.0729 4712 SNMPTRAP - ok
17:10:28.0733 4712 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:10:28.0735 4712 spldr - ok
17:10:28.0745 4712 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:10:28.0752 4712 Spooler - ok
17:10:28.0795 4712 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:10:28.0838 4712 sppsvc - ok
17:10:28.0843 4712 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:10:28.0845 4712 sppuinotify - ok
17:10:28.0852 4712 [ 99DE6ACFA5CA83FAD6A765C81C6F129F ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:10:28.0856 4712 SQLBrowser - ok
17:10:28.0866 4712 [ 95F9538A05857307E73348AEAE00C1E0 ] SQLSERVERAGENT C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
17:10:28.0872 4712 SQLSERVERAGENT - ok
17:10:28.0879 4712 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:10:28.0882 4712 SQLWriter - ok
17:10:28.0892 4712 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:10:28.0899 4712 srv - ok
17:10:28.0911 4712 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:10:28.0916 4712 srv2 - ok
17:10:28.0921 4712 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:10:28.0924 4712 srvnet - ok
17:10:28.0933 4712 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:10:28.0936 4712 SSDPSRV - ok
17:10:28.0940 4712 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:10:28.0944 4712 SstpSvc - ok
17:10:28.0950 4712 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
17:10:28.0952 4712 ssudmdm - ok
17:10:28.0960 4712 [ 031D7EA82EC111F9B15B63F2EF1DEE8D ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:10:28.0967 4712 Stereo Service - ok
17:10:28.0971 4712 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:10:28.0972 4712 stexstor - ok
17:10:28.0984 4712 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:10:28.0993 4712 stisvc - ok
17:10:28.0998 4712 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:10:29.0000 4712 storflt - ok
17:10:29.0007 4712 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:10:29.0009 4712 storvsc - ok
17:10:29.0013 4712 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:10:29.0015 4712 swenum - ok
17:10:29.0022 4712 [ BA41A448446FDF839A32E27A8DCB7C9D ] SWGVCSvc C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
17:10:29.0067 4712 SWGVCSvc - ok
17:10:29.0072 4712 [ 1E036F98E6C780DD7669F516E8BE0CEA ] SWIPsec C:\Windows\system32\Drivers\SWIPsec.sys
17:10:29.0086 4712 SWIPsec - ok
17:10:29.0097 4712 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:10:29.0106 4712 swprv - ok
17:10:29.0110 4712 [ DCF11E08A8524B19EC47515C22BE492E ] SWVNIC C:\Windows\system32\DRIVERS\swvnic.sys
17:10:29.0111 4712 SWVNIC - ok
17:10:29.0115 4712 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
17:10:29.0117 4712 Synth3dVsc - ok
17:10:29.0127 4712 [ 9A17BF37F3B2FB9B686214780E4F8223 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:10:29.0133 4712 SynTP - ok
17:10:29.0154 4712 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:10:29.0173 4712 SysMain - ok
17:10:29.0178 4712 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:10:29.0180 4712 TabletInputService - ok
17:10:29.0188 4712 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:10:29.0193 4712 TapiSrv - ok
17:10:29.0200 4712 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:10:29.0204 4712 TBS - ok
17:10:29.0230 4712 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:10:29.0248 4712 Tcpip - ok
17:10:29.0272 4712 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:10:29.0283 4712 TCPIP6 - ok
17:10:29.0289 4712 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:10:29.0293 4712 tcpipreg - ok
17:10:29.0301 4712 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:10:29.0304 4712 TDPIPE - ok
17:10:29.0309 4712 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:10:29.0311 4712 TDTCP - ok
17:10:29.0315 4712 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:10:29.0317 4712 tdx - ok
17:10:29.0321 4712 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:10:29.0323 4712 TermDD - ok
17:10:29.0330 4712 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
17:10:29.0332 4712 terminpt - ok
17:10:29.0345 4712 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:10:29.0354 4712 TermService - ok
17:10:29.0358 4712 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:10:29.0362 4712 Themes - ok
17:10:29.0367 4712 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:10:29.0368 4712 THREADORDER - ok
17:10:29.0374 4712 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
17:10:29.0377 4712 TPHKLOAD - ok
17:10:29.0381 4712 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
17:10:29.0383 4712 TPHKSVC - ok
17:10:29.0388 4712 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
17:10:29.0391 4712 TPM - ok
17:10:29.0400 4712 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:10:29.0404 4712 TrkWks - ok
17:10:29.0413 4712 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:10:29.0436 4712 TrustedInstaller - ok
17:10:29.0444 4712 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:10:29.0446 4712 tssecsrv - ok
17:10:29.0450 4712 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:10:29.0452 4712 TsUsbFlt - ok
17:10:29.0457 4712 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:10:29.0459 4712 TsUsbGD - ok
17:10:29.0465 4712 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
17:10:29.0468 4712 tsusbhub - ok
17:10:29.0474 4712 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:10:29.0477 4712 tunnel - ok
17:10:29.0481 4712 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:10:29.0482 4712 uagp35 - ok
17:10:29.0491 4712 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:10:29.0496 4712 udfs - ok
17:10:29.0509 4712 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:10:29.0511 4712 UI0Detect - ok
17:10:29.0516 4712 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:10:29.0518 4712 uliagpkx - ok
17:10:29.0523 4712 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:10:29.0525 4712 umbus - ok
17:10:29.0531 4712 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
17:10:29.0533 4712 UmPass - ok
17:10:29.0539 4712 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:10:29.0543 4712 UmRdpService - ok
17:10:29.0551 4712 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:10:29.0557 4712 upnphost - ok
17:10:29.0564 4712 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:10:29.0566 4712 usbccgp - ok
17:10:29.0571 4712 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:10:29.0573 4712 usbcir - ok
17:10:29.0578 4712 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:10:29.0579 4712 usbehci - ok
17:10:29.0587 4712 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:10:29.0592 4712 usbhub - ok
17:10:29.0599 4712 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:10:29.0602 4712 usbohci - ok
17:10:29.0606 4712 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
17:10:29.0607 4712 usbprint - ok
17:10:29.0612 4712 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
17:10:29.0614 4712 USBSTOR - ok
17:10:29.0618 4712 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:10:29.0619 4712 usbuhci - ok
17:10:29.0627 4712 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:10:29.0630 4712 usbvideo - ok
17:10:29.0634 4712 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:10:29.0637 4712 UxSms - ok
17:10:29.0641 4712 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:10:29.0642 4712 VaultSvc - ok
17:10:29.0646 4712 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:10:29.0648 4712 vdrvroot - ok
17:10:29.0659 4712 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:10:29.0667 4712 vds - ok
17:10:29.0670 4712 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:10:29.0672 4712 vga - ok
17:10:29.0676 4712 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:10:29.0677 4712 VgaSave - ok
17:10:29.0680 4712 VGPU - ok
17:10:29.0687 4712 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:10:29.0690 4712 vhdmp - ok
17:10:29.0696 4712 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:10:29.0699 4712 viaide - ok
17:10:29.0707 4712 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:10:29.0710 4712 vmbus - ok
17:10:29.0714 4712 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:10:29.0715 4712 VMBusHID - ok
17:10:29.0719 4712 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:10:29.0721 4712 volmgr - ok
17:10:29.0730 4712 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:10:29.0734 4712 volmgrx - ok
17:10:29.0742 4712 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:10:29.0745 4712 volsnap - ok
17:10:29.0751 4712 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:10:29.0754 4712 vsmraid - ok
17:10:29.0777 4712 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:10:29.0797 4712 VSS - ok
17:10:29.0803 4712 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:10:29.0804 4712 vwifibus - ok
17:10:29.0809 4712 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:10:29.0811 4712 vwififlt - ok
17:10:29.0814 4712 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:10:29.0816 4712 vwifimp - ok
17:10:29.0824 4712 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:10:29.0832 4712 W32Time - ok
17:10:29.0838 4712 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:10:29.0839 4712 WacomPen - ok
17:10:29.0844 4712 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:10:29.0846 4712 WANARP - ok
17:10:29.0850 4712 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:10:29.0851 4712 Wanarpv6 - ok
17:10:29.0870 4712 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:10:29.0883 4712 WatAdminSvc - ok
17:10:29.0907 4712 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:10:29.0925 4712 wbengine - ok
17:10:29.0931 4712 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:10:29.0935 4712 WbioSrvc - ok
17:10:29.0944 4712 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:10:29.0951 4712 wcncsvc - ok
17:10:29.0955 4712 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:10:29.0957 4712 WcsPlugInService - ok
17:10:29.0962 4712 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:10:29.0964 4712 Wd - ok
17:10:29.0976 4712 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:10:29.0985 4712 Wdf01000 - ok
17:10:29.0991 4712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:10:29.0994 4712 WdiServiceHost - ok
17:10:29.0997 4712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:10:29.0999 4712 WdiSystemHost - ok
17:10:30.0006 4712 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:10:30.0013 4712 WebClient - ok
17:10:30.0020 4712 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:10:30.0024 4712 Wecsvc - ok
17:10:30.0028 4712 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:10:30.0030 4712 wercplsupport - ok
17:10:30.0035 4712 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:10:30.0037 4712 WerSvc - ok
17:10:30.0041 4712 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:10:30.0043 4712 WfpLwf - ok
17:10:30.0057 4712 [ 25BDE93A976ECEDF36432E39BD275150 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
17:10:30.0118 4712 WiMAXAppSrv - ok
17:10:30.0123 4712 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:10:30.0124 4712 WIMMount - ok
17:10:30.0126 4712 WinDefend - ok
17:10:30.0134 4712 WinHttpAutoProxySvc - ok
17:10:30.0146 4712 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:10:30.0172 4712 Winmgmt - ok
17:10:30.0199 4712 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:10:30.0224 4712 WinRM - ok
17:10:30.0232 4712 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
17:10:30.0234 4712 WinUSB - ok
17:10:30.0248 4712 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:10:30.0257 4712 Wlansvc - ok
17:10:30.0267 4712 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:10:30.0270 4712 WmiAcpi - ok
17:10:30.0281 4712 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:10:30.0301 4712 wmiApSrv - ok
17:10:30.0304 4712 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:10:30.0308 4712 WPCSvc - ok
17:10:30.0314 4712 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:10:30.0317 4712 WPDBusEnum - ok
17:10:30.0322 4712 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:10:30.0324 4712 ws2ifsl - ok
17:10:30.0328 4712 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:10:30.0331 4712 wscsvc - ok
17:10:30.0334 4712 WSearch - ok
17:10:30.0367 4712 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:10:30.0391 4712 wuauserv - ok
17:10:30.0397 4712 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:10:30.0399 4712 WudfPf - ok
17:10:30.0405 4712 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:10:30.0408 4712 WUDFRd - ok
17:10:30.0413 4712 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:10:30.0415 4712 wudfsvc - ok
17:10:30.0422 4712 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:10:30.0427 4712 WwanSvc - ok
17:10:30.0464 4712 [ 5BCB1F6CB749B6826BE1C0F16FF2F600 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
17:10:30.0553 4712 ZeroConfigService - ok
17:10:30.0570 4712 ================ Scan global ===============================
17:10:30.0575 4712 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:10:30.0583 4712 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:10:30.0591 4712 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:10:30.0597 4712 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:10:30.0605 4712 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:10:30.0609 4712 [Global] - ok
17:10:30.0610 4712 ================ Scan MBR ==================================
17:10:30.0612 4712 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:10:30.0612 4712 Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:10:30.0613 4712 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:10:30.0613 4712 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:10:30.0614 4712 ================ Scan VBR ==================================
17:10:30.0616 4712 [ 2AE14AEEFAA2D43C1127127C6621DCC4 ] \Device\Harddisk0\DR0\Partition1
17:10:30.0617 4712 \Device\Harddisk0\DR0\Partition1 - ok
17:10:30.0620 4712 [ E057B02D1737EA781240D49D9ADD220E ] \Device\Harddisk0\DR0\Partition2
17:10:30.0621 4712 \Device\Harddisk0\DR0\Partition2 - ok
17:10:30.0624 4712 [ 03CA3E1B1C19DE4221647236790EBC88 ] \Device\Harddisk0\DR0\Partition3
17:10:30.0625 4712 \Device\Harddisk0\DR0\Partition3 - ok
17:10:30.0625 4712 ============================================================
17:10:30.0625 4712 Scan finished
17:10:30.0625 4712 ============================================================
17:10:30.0633 8104 Detected object count: 1
17:10:30.0633 8104 Actual detected object count: 1
17:10:39.0810 8104 \Device\Harddisk0\DR0\# - copied to quarantine
17:10:39.0826 8104 \Device\Harddisk0\DR0 - copied to quarantine
17:10:41.0485 8104 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:10:41.0513 8104 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:10:41.0534 8104 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:10:42.0273 8104 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:10:42.0290 8104 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:10:42.0295 8104 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:10:42.0298 8104 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:10:42.0447 8104 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:10:42.0469 8104 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:10:42.0478 8104 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:10:42.0481 8104 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:10:42.0485 8104 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:10:42.0497 8104 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:10:42.0498 8104 \Device\Harddisk0\DR0 - ok
17:10:42.0505 8104 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:11:01.0124 8072 Deinitialize success
 
Good :)

Re-run MBAM and post new log.

Then....

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.11.14
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
aliu :: ALVIN-LAPTOP [administrator]
10/11/2012 5:28:46 PM
mbam-log-2012-10-11 (17-28-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199225
Time elapsed: 1 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
 
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : aliu [Admin rights]
Mode : Remove -- Date : 10/12/2012 09:29:04
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1354656034-2485363117-3333568910-1309\$114f045185919f3ffc3ace6479948bfb\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1354656034-2485363117-3333568910-1309\$114f045185919f3ffc3ace6479948bfb\L --> REMOVED
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: INTEL SSDSA2BW160G3L ATA Device +++++
--- User ---
[MBR] 2664ec4df2ced356b1f88af412af292b
[BSP] 51a5da2d6ebaf966b9cc0442d1b3422d : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 135125 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 279810048 | Size: 16000 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
Here's the final log.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-12 09:30:43
-----------------------------
09:30:43.829 OS Version: Windows x64 6.1.7601 Service Pack 1
09:30:43.829 Number of processors: 4 586 0x2A07
09:30:43.829 ComputerName: ALVIN-LAPTOP UserName: aliu
09:30:44.038 Initialize success
09:32:38.353 AVAST engine defs: 12101200
09:53:28.259 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:53:28.263 Disk 0 Vendor: INTEL_SSDSA2BW160G3L 4PC1LE05 Size: 152627MB BusType: 11
09:53:28.266 Disk 0 MBR read successfully
09:53:28.269 Disk 0 MBR scan
09:53:28.274 Disk 0 Windows 7 default MBR code
09:53:28.276 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
09:53:28.295 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 135125 MB offset 3074048
09:53:28.314 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16000 MB offset 279810048
09:53:28.351 Disk 0 scanning C:\Windows\system32\drivers
09:53:34.117 Service scanning
09:53:52.904 Modules scanning
09:53:52.920 Disk 0 trace - called modules:
09:53:52.924 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:53:52.928 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d4b060]
09:53:52.931 3 CLASSPNP.SYS[fffff8800191f43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a50060]
09:53:53.126 AVAST engine scan C:\Windows
09:53:53.978 AVAST engine scan C:\Windows\system32
09:56:21.953 AVAST engine scan C:\Windows\system32\drivers
09:56:28.584 AVAST engine scan C:\Users\Aliu
09:57:53.448 File: C:\Users\Aliu\AppData\Local\Temp\vytnsc\fdgsiq:wiutjq **INFECTED** Win32:Alureon-AXO [Trj]
10:01:59.243 AVAST engine scan C:\ProgramData
10:02:26.713 File: C:\ProgramData\Microsoft\Windows\DRM\8ED5.tmp **INFECTED** Win32:Malware-gen
10:02:44.390 Scan finished successfully
10:27:22.930 Disk 0 MBR has been saved successfully to "C:\Users\Aliu\Desktop\MBR.dat"
10:27:22.969 The log file has been saved successfully to "C:\Users\Aliu\Desktop\aswMBR.txt"
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
When I go into "repair your computer" in the boot menu, and after I select a language, it does not ask me to choose an OS. Instead it takes me straight to the System Recovery Options, where theres is only one option "Startup Repair." Please advise.
 
Let's try something else...

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
COMBOFIX: (Those files it deleted aren't anything I'm going to miss are they?)

ComboFix 12-10-12.01 - aliu 10/12/2012 13:08:17.1.4 - x64
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.3978.1647 [GMT -7:00]
Running from: c:\users\Aliu\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\programdata\Roaming
c:\windows\SysWow64\muzapp.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 )))))))))))))))))))))))))))))))
.
.
2012-10-12 20:11 . 2012-10-12 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-12 18:43 . 2012-10-12 18:43 -------- d-----w- c:\users\Aliu\AppData\Local\Google
2012-10-12 18:43 . 2012-10-12 18:43 -------- d-----w- c:\users\Aliu\AppData\Local\Deployment
2012-10-12 18:43 . 2012-10-12 18:43 -------- d-----w- c:\users\Aliu\AppData\Local\Apps
2012-10-12 18:34 . 2012-10-12 18:34 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33FF4951-7618-4653-AAFD-652A786A71CE}\offreg.dll
2012-10-12 00:10 . 2012-10-12 00:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-11 21:36 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33FF4951-7618-4653-AAFD-652A786A71CE}\mpengine.dll
2012-10-11 21:17 . 2012-10-11 21:17 -------- d-----w- c:\users\Aliu\AppData\Roaming\Malwarebytes
2012-10-11 21:17 . 2012-10-11 21:17 -------- d-----w- c:\programdata\Malwarebytes
2012-10-11 21:17 . 2012-10-11 21:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-11 21:17 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-11 21:14 . 2012-10-11 21:14 -------- d-----w- c:\users\Aliu\AppData\Roaming\DAEMON Tools Lite
2012-10-11 20:39 . 2012-10-11 20:39 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4605B198-7224-4C4F-BE49-CCCA7084A801}\gapaengine.dll
2012-10-11 20:36 . 2012-10-11 20:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-10-11 20:36 . 2012-10-11 20:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-11 17:33 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8039718-9CCD-414D-B6EB-FD80FC8E220D}\mpengine.dll
2012-10-10 16:31 . 2012-10-10 16:31 -------- d-----w- c:\program files (x86)\Citrix
2012-10-09 23:18 . 2012-10-09 23:18 5632 ----a-w- c:\programdata\Microsoft\Windows\DRM\8ED5.tmp
2012-10-09 23:18 . 2012-10-09 23:18 5632 ----a-w- c:\programdata\Microsoft\Windows\DRM\8ED4.tmp
2012-10-09 21:46 . 2012-10-09 21:46 -------- d-----w- c:\windows\SysWow64\%APPDATA%
2012-10-08 20:55 . 2012-10-08 20:55 -------- d-----w- c:\users\Aliu\AppData\Local\Cisco
2012-10-08 20:49 . 2012-10-08 20:49 -------- d-----w- c:\programdata\Cisco
2012-10-05 01:50 . 2012-10-05 01:50 -------- d-----w- c:\program files\Microsoft Lync
2012-10-05 01:50 . 2012-10-05 01:50 -------- d-----w- c:\program files (x86)\Microsoft Lync
2012-10-05 01:48 . 2012-10-12 18:34 -------- d-----w- c:\users\Aliu\Tracing
2012-10-05 01:48 . 2012-10-05 01:48 -------- d-----w- c:\program files (x86)\OCSetup
2012-10-02 03:03 . 2012-10-02 03:05 -------- d-----w- c:\users\Aliu\AppData\Roaming\Ventrilo
2012-09-28 21:29 . 2012-09-28 21:29 -------- d-----w- c:\users\Aliu\VSWebCache
2012-09-28 03:04 . 2012-09-28 03:04 -------- d-----w- c:\program files\Ventrilo
2012-09-28 03:04 . 2012-09-28 03:04 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-09-26 22:09 . 2012-09-26 22:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-26 19:01 . 2012-10-11 17:32 -------- d-----w- c:\program files (x86)\af0.net
2012-09-26 16:20 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 20:43 . 2012-10-11 20:19 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-09-24 20:43 . 2012-09-24 20:43 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-09-24 20:43 . 2012-09-24 20:43 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-09-24 20:42 . 2012-09-24 20:42 -------- d-----w- c:\programdata\Battle.net
2012-09-24 17:39 . 2012-09-24 17:39 -------- d-----w- c:\users\Aliu\AppData\Roaming\Microsoft Business Solutions
2012-09-19 23:20 . 2012-09-19 23:20 -------- d-----w- c:\users\Aliu\AppData\Local\IsolatedStorage
2012-09-19 17:02 . 2012-09-19 17:02 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-09-18 23:46 . 2012-09-18 23:48 -------- d-----w- c:\users\Aliu\AppData\Roaming\vlc
2012-09-18 23:46 . 2012-09-18 23:46 -------- d-----w- c:\program files\VideoLAN
2012-09-18 19:46 . 2012-09-18 19:46 -------- d-----w- c:\users\Aliu\AppData\Roaming\SonicWALL
2012-09-18 19:46 . 2009-03-06 06:51 99352 ----a-w- c:\windows\system32\drivers\SWIPsec.sys
2012-09-18 19:46 . 2012-09-18 19:46 -------- d-----w- c:\program files\SonicWALL
2012-09-18 00:37 . 2012-09-18 00:37 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2012-09-18 00:37 . 2012-09-18 00:37 -------- d-----w- c:\program files (x86)\Cisco Systems
2012-09-17 18:02 . 2012-09-17 18:02 -------- d-----w- c:\users\Aliu\AppData\Local\Microsoft Games
2012-09-15 17:07 . 2012-09-15 17:07 -------- d-----w- c:\users\Aliu\AppData\Local\Bomgar
2012-09-14 23:31 . 2012-09-14 23:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-09-14 23:29 . 2012-09-14 23:29 -------- d-----w- c:\windows\system32\appmgmt
2012-09-14 02:14 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-09-14 02:14 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-09-14 02:14 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-09-12 20:45 . 2012-09-12 20:45 -------- d-----w- c:\users\Aliu\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 19:38 . 2012-09-10 16:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-11 19:38 . 2012-09-10 16:34 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-05 01:56 . 2010-07-20 12:09 18208 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
2012-09-10 02:22 . 2012-09-10 02:22 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-09-10 01:05 . 2012-09-10 01:05 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-09 23:06 . 2012-09-09 23:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-09 23:06 . 2012-09-09 23:06 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-09 23:06 . 2012-09-09 23:06 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-09 23:06 . 2012-09-09 23:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-09 23:06 . 2012-09-09 23:06 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-09 23:06 . 2012-09-09 23:06 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-09 23:06 . 2012-09-09 23:06 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-09 23:06 . 2012-09-09 23:06 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-09 23:06 . 2012-09-09 23:06 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-09 23:06 . 2012-09-09 23:06 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-09 23:06 . 2012-09-09 23:06 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-09 23:06 . 2012-09-09 23:06 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-09 23:06 . 2012-09-09 23:06 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-09 23:06 . 2012-09-09 23:06 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-09 23:06 . 2012-09-09 23:06 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-09 23:06 . 2012-09-09 23:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-09 23:06 . 2012-09-09 23:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-09 23:06 . 2012-09-09 23:06 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-09 23:06 . 2012-09-09 23:06 448512 ----a-w- c:\windows\system32\html.iec
2012-09-09 23:06 . 2012-09-09 23:06 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-09 23:06 . 2012-09-09 23:06 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-09 23:06 . 2012-09-09 23:06 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-09 23:06 . 2012-09-09 23:06 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-09 23:06 . 2012-09-09 23:06 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-09 23:06 . 2012-09-09 23:06 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-09 23:06 . 2012-09-09 23:06 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-09 23:06 . 2012-09-09 23:06 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-09 23:06 . 2012-09-09 23:06 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-09 23:06 . 2012-09-09 23:06 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-09 23:06 . 2012-09-09 23:06 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-09 23:06 . 2012-09-09 23:06 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-09 23:06 . 2012-09-09 23:06 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-09 23:06 . 2012-09-09 23:06 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-09 23:06 . 2012-09-09 23:06 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-09 23:06 . 2012-09-09 23:06 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-09 23:06 . 2012-09-09 23:06 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-09 23:06 . 2012-09-09 23:06 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-09 23:06 . 2012-09-09 23:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-09 23:06 . 2012-09-09 23:06 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-09 23:06 . 2012-09-09 23:06 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-09 23:06 . 2012-09-09 23:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-09 23:06 . 2012-09-09 23:06 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-09 23:06 . 2012-09-09 23:06 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-09 23:06 . 2012-09-09 23:06 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-09 23:06 . 2012-09-09 23:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-09 23:06 . 2012-09-09 23:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-09 23:06 . 2012-09-09 23:06 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-09 23:06 . 2012-09-09 23:06 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-09 23:06 . 2012-09-09 23:06 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 05:03 . 2012-08-31 05:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-28 17:05 . 2012-09-12 18:08 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-08-28 17:04 . 2012-08-28 17:04 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-08-28 17:04 . 2012-08-28 17:04 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-08-28 17:04 . 2012-08-28 17:04 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-08-28 17:04 . 2012-08-28 17:04 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-08-28 17:04 . 2012-08-28 17:04 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-08-28 17:04 . 2012-08-28 17:04 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-08-28 17:04 . 2012-08-28 17:04 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-08-28 17:04 . 2012-08-28 17:04 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-08-28 17:04 . 2012-08-28 17:04 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-08-28 17:04 . 2012-08-28 17:04 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-08-28 17:04 . 2012-08-28 17:04 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-08-28 17:04 . 2012-08-28 17:04 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-08-28 17:04 . 2012-08-28 17:04 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-08-28 17:04 . 2012-08-28 17:04 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-08-28 17:04 . 2012-08-28 17:04 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-08-28 17:04 . 2012-09-12 18:05 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-08-28 17:04 . 2012-08-28 17:04 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-08-28 17:04 . 2012-08-28 17:04 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-08-28 17:04 . 2012-08-28 17:04 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-08-28 17:04 . 2012-08-28 17:04 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-08-28 17:04 . 2012-08-28 17:04 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-08-28 17:04 . 2012-08-28 17:04 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-08-28 17:04 . 2012-08-28 17:04 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-08-28 17:04 . 2012-08-28 17:04 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-08-28 17:04 . 2012-08-28 17:04 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-08-28 17:04 . 2012-08-28 17:04 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-08-28 17:04 . 2012-08-28 17:04 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-08-28 17:04 . 2012-08-28 17:04 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-08-28 17:04 . 2012-08-28 17:04 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-08-22 18:12 . 2012-09-12 16:33 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 16:33 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 16:33 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 16:33 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 17:58 . 2012-09-12 16:33 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 16:33 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-31 10:42 . 2012-09-12 18:11 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-07-30 20:32 . 2012-07-30 20:32 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-07-18 18:15 . 2012-09-10 16:42 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-06-12 12099672]
.
c:\users\Aliu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2009-03-06 99352]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 250808]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-31 203104]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2009-03-05 24600]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-12 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 314904]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-03-08 28992]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-10 283200]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-03-08 249152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-12-27 514048]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MR2012ApplicationService;Management Reporter 2012 Application Service;c:\program files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe [2012-07-24 19544]
S2 MR2012ProcessService;Management Reporter 2012 Process Service;c:\program files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe [2012-07-24 19544]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 214040]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-08-17 2024864]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-07-10 2045464]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-03-07 382272]
S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-06 284696]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-12-27 979456]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-06-25 3325232]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-12-02 84480]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2012-01-11 360624]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\Netwsw00.sys [2012-06-03 11499008]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-05-10 97792]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-05-10 217600]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-07-06 27960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 19:38]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1354656034-2485363117-3333568910-1309Core.job
- c:\users\Aliu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-12 18:43]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1354656034-2485363117-3333568910-1309UA.job
- c:\users\Aliu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-12 18:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.100.106 192.168.100.115
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
SafeBoot-74655954.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MR2012ApplicationService]
"ImagePath"="\"c:\program files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe\" /s: /sn:ApplicationService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MR2012ProcessService]
"ImagePath"="\"c:\program files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe\" /s: /sn:processService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-12 13:12:36
ComboFix-quarantined-files.txt 2012-10-12 20:12
.
Pre-Run: 57,935,130,624 bytes free
Post-Run: 58,861,600,768 bytes free
.
- - End Of File - - 126C90CCCB14B19757F14294AAF5F1D7
 
Looks good :)

How is computer doing?

==========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL.txt

OTL logfile created on: 10/12/2012 4:21:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aliu\Desktop
64bit- Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 47.87% Memory free
7.77 Gb Paging File | 5.20 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 131.96 Gb Total Space | 54.86 Gb Free Space | 41.58% Space Free | Partition Type: NTFS
Drive D: | 15.62 Gb Total Space | 5.58 Gb Free Space | 35.73% Space Free | Partition Type: NTFS
Drive G: | 313.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ALVIN-LAPTOP | User Name: aliu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/12 16:19:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aliu\Desktop\OTL.exe
PRC - [2012/10/11 12:38:22 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/08/31 09:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/08/31 09:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/27 03:07:46 | 000,879,800 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/07/27 03:05:02 | 000,380,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2012/07/26 18:17:56 | 001,374,112 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
PRC - [2012/07/18 16:10:04 | 000,052,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2012/06/11 21:01:32 | 012,099,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe
PRC - [2012/03/07 15:01:08 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/11/04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/20 20:24:47 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/18 13:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/12 13:08:54 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012/09/12 13:08:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll
MOD - [2012/09/12 13:08:25 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/09/12 11:58:06 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/09/12 11:57:48 | 012,549,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\da08652740e99059522e994b7b420f39\System.Windows.Forms.ni.dll
MOD - [2012/09/12 11:57:43 | 001,595,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a4007b2b168a660d6427d05247344a98\System.Drawing.ni.dll
MOD - [2012/09/12 11:57:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/09/12 11:44:30 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/09/12 11:44:21 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/09/12 11:44:13 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/09/12 11:42:36 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/09/12 11:42:33 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/09/12 11:42:29 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012/09/12 11:42:28 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/09/12 11:40:57 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012/03/07 18:42:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/07/24 13:47:08 | 000,019,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe -- (MR2012ProcessService)
SRV:64bit: - [2012/07/24 13:47:08 | 000,019,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe -- (MR2012ApplicationService)
SRV:64bit: - [2012/06/25 16:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/06/25 16:05:54 | 000,628,016 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/06/25 16:05:28 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/04/11 16:27:06 | 000,047,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011/12/27 14:24:08 | 000,514,048 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011/12/27 14:18:34 | 000,979,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2011/07/12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/12/17 05:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/05 23:51:34 | 000,284,696 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV - [2012/10/11 12:38:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/07 15:01:08 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/18 13:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/09 18:05:48 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/31 03:42:48 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/07/05 21:43:24 | 000,443,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/07/05 21:43:24 | 000,027,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/05 18:40:42 | 001,580,704 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012/06/03 08:33:44 | 011,499,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/05/10 16:33:56 | 000,217,600 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/05/10 16:33:54 | 000,097,792 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/04/25 08:03:30 | 000,093,272 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2012/04/11 16:27:04 | 000,042,280 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012/03/07 18:42:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012/03/07 18:42:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/11 12:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/12/01 17:37:48 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2011/09/26 02:40:28 | 012,309,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/25 17:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 18:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010/11/20 20:25:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 20:25:00 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:24:16 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 20:24:16 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 20:24:16 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 20:24:15 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:24:15 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:24:14 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/05 23:51:50 | 000,099,352 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SWIPsec.sys -- (SWIPsec)
DRV:64bit: - [2009/03/04 18:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWVNIC.sys -- (SWVNIC)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/07/10 05:25:42 | 000,314,904 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B F0 99 D2 77 8F CD 01 [binary data]
IE - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\..\SearchScopes,DefaultScope = {B465499A-915C-41E3-8B15-09B774EB0A31}
IE - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\..\SearchScopes\{B465499A-915C-41E3-8B15-09B774EB0A31}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120918-0402: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Aliu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Aliu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Aliu\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Aliu\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2012/06/11 20:59:16 | 000,031,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2012/10/12 13:11:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - Startup: C:\Users\Aliu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.106 192.168.100.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dm.int
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EB251FE-37B1-4AA5-BC07-DEAE96051880}: DhcpNameServer = 192.168.100.106 192.168.100.115
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========

[2012/10/12 16:19:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aliu\Desktop\OTL.exe
[2012/10/12 16:02:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/12 13:46:52 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\ICAClient
[2012/10/12 13:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/10/12 13:46:40 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\Citrix
[2012/10/12 13:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Citrix
[2012/10/12 13:12:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/12 13:07:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/12 13:07:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/12 13:07:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/12 13:07:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/12 13:07:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/12 13:05:20 | 004,771,502 | R--- | C] (Swearware) -- C:\Users\Aliu\Desktop\ComboFix.exe
[2012/10/12 11:43:47 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\Mozilla
[2012/10/12 11:43:24 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\Google
[2012/10/12 11:43:14 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\Deployment
[2012/10/12 11:43:14 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\Apps
[2012/10/12 09:30:30 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Aliu\Desktop\aswMBR.exe
[2012/10/12 09:28:21 | 000,000,000 | ---D | C] -- C:\Users\Aliu\Desktop\RK_Quarantine
[2012/10/11 17:10:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/11 17:10:05 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aliu\Desktop\TDSSKiller.exe
[2012/10/11 14:35:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Aliu\Desktop\dds.com
[2012/10/11 14:17:37 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\Malwarebytes
[2012/10/11 14:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/11 14:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/11 14:17:20 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/11 14:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/11 14:16:10 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Aliu\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/11 14:14:53 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\DAEMON Tools Lite
[2012/10/11 13:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/10/11 13:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/10 09:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/10/09 14:46:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/10/08 13:55:31 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\Cisco
[2012/10/08 13:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2012/10/04 18:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
[2012/10/04 18:50:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/04 18:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Lync
[2012/10/04 18:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Lync
[2012/10/04 18:48:24 | 000,000,000 | ---D | C] -- C:\Users\Aliu\Tracing
[2012/10/04 18:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OCSetup
[2012/10/03 15:24:13 | 000,000,000 | R--D | C] -- C:\Users\Aliu\Documents\DM FTP server
[2012/10/01 20:03:47 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\Ventrilo
[2012/09/28 14:29:03 | 000,000,000 | ---D | C] -- C:\Users\Aliu\VSWebCache
[2012/09/27 20:04:55 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2012/09/27 20:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2012/09/27 20:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/09/26 15:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/09/26 12:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\af0.net
[2012/09/24 13:57:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/24 13:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/09/24 13:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2012/09/24 13:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/09/24 13:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/09/24 13:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/09/24 10:39:59 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\Microsoft Business Solutions
[2012/09/20 18:10:08 | 000,000,000 | ---D | C] -- C:\Users\Aliu\Documents\Client Documents
[2012/09/19 16:20:47 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\IsolatedStorage
[2012/09/19 10:02:08 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012/09/18 16:46:50 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\vlc
[2012/09/18 16:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/09/18 16:46:12 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/09/18 12:46:31 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\SonicWALL
[2012/09/18 12:46:16 | 000,099,352 | ---- | C] (SonicWALL, Inc.) -- C:\Windows\SysNative\drivers\SWIPsec.sys
[2012/09/18 12:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\SonicWALL
[2012/09/17 17:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2012/09/17 17:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2012/09/17 17:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2012/09/17 11:02:28 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\Microsoft Games
[2012/09/15 10:07:58 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\Bomgar
[2012/09/14 16:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/09/14 16:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/09/14 16:29:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/09/13 13:51:09 | 000,000,000 | ---D | C] -- C:\Users\Aliu\Documents\GP Reference

========== Files - Modified Within 30 Days ==========

[2012/10/12 16:19:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aliu\Desktop\OTL.exe
[2012/10/12 16:15:17 | 000,001,266 | ---- | M] () -- C:\Users\Aliu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/10/12 16:10:09 | 000,020,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 16:10:09 | 000,020,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 16:06:57 | 000,934,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/12 16:06:57 | 000,767,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/12 16:06:57 | 000,164,002 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/12 16:02:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/12 16:02:34 | 3128,610,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/12 15:53:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354656034-2485363117-3333568910-1309UA.job
[2012/10/12 15:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/12 13:11:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/12 13:05:26 | 004,771,502 | R--- | M] (Swearware) -- C:\Users\Aliu\Desktop\ComboFix.exe
[2012/10/12 11:53:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354656034-2485363117-3333568910-1309Core.job
[2012/10/12 11:28:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/10/12 10:27:22 | 000,000,512 | ---- | M] () -- C:\Users\Aliu\Desktop\MBR.dat
[2012/10/12 09:30:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Aliu\Desktop\aswMBR.exe
[2012/10/12 09:27:56 | 001,422,336 | ---- | M] () -- C:\Users\Aliu\Desktop\RogueKiller.exe
[2012/10/11 17:09:45 | 002,193,278 | ---- | M] () -- C:\Users\Aliu\Desktop\tdsskiller.zip
[2012/10/11 14:35:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Aliu\Desktop\dds.com
[2012/10/11 14:29:15 | 000,302,592 | ---- | M] () -- C:\Users\Aliu\Desktop\qkijjpqn.exe
[2012/10/11 14:16:29 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Aliu\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/11 13:36:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/09 10:58:57 | 000,002,050 | -H-- | M] () -- C:\Users\Aliu\Documents\Default.rdp
[2012/09/27 20:04:56 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/09/24 15:28:21 | 504,791,916 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aliu\Desktop\TDSSKiller.exe
[2012/09/17 17:38:14 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2012/09/17 11:31:59 | 000,000,254 | ---- | M] () -- C:\Windows\ODBC.INI

========== Files Created - No Company Name ==========

[2012/10/12 13:46:58 | 000,001,508 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2012/10/12 13:07:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/12 13:07:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/12 13:07:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/12 13:07:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/12 13:07:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/12 11:43:26 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354656034-2485363117-3333568910-1309UA.job
[2012/10/12 11:43:26 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354656034-2485363117-3333568910-1309Core.job
[2012/10/12 11:28:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/10/12 10:27:22 | 000,000,512 | ---- | C] () -- C:\Users\Aliu\Desktop\MBR.dat
[2012/10/12 09:27:56 | 001,422,336 | ---- | C] () -- C:\Users\Aliu\Desktop\RogueKiller.exe
[2012/10/11 17:09:45 | 002,193,278 | ---- | C] () -- C:\Users\Aliu\Desktop\tdsskiller.zip
[2012/10/11 14:29:15 | 000,302,592 | ---- | C] () -- C:\Users\Aliu\Desktop\qkijjpqn.exe
[2012/10/11 13:36:45 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/10/11 13:36:42 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/11 12:20:34 | 000,000,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2012/09/27 20:04:53 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/09/24 13:57:43 | 504,791,916 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/18 12:46:12 | 000,002,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SonicWALL Global VPN Client.lnk
[2012/09/17 17:38:14 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2012/09/14 16:31:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/10 15:00:22 | 000,000,408 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/09/10 14:53:34 | 000,923,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/10 14:13:39 | 000,000,254 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/09/10 10:01:06 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/09/09 16:18:15 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/09/09 16:18:14 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/09/09 16:18:13 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/09/09 16:18:12 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/09/09 16:18:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/08/28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/08/28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/08/28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/08/28 10:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/08/28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/03/07 15:01:20 | 000,417,600 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== ZeroAccess Check ==========

[2009/07/13 22:00:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:46 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/12 16:02:04 | 000,000,000 | ---D | M] -- C:\Users\Aliu\AppData\Roaming\.purple
[2012/10/11 14:14:54 | 000,000,000 | ---D | M] -- C:\Users\Aliu\AppData\Roaming\DAEMON Tools Lite
[2012/09/19 11:36:47 | 000,000,000 | ---D | M] -- C:\Users\Aliu\AppData\Roaming\gtk-2.0
[2012/10/12 16:02:05 | 000,000,000 | ---D | M] -- C:\Users\Aliu\AppData\Roaming\ICAClient
[2012/09/12 11:57:52 | 000,000,000 | ---D | M] -- C:\Users\Aliu\AppData\Roaming\Samsung

========== Purity Check ==========

< End of report >
 
OTL Extras logfile created on: 10/12/2012 4:21:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aliu\Desktop
64bit- Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 47.87% Memory free
7.77 Gb Paging File | 5.20 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 131.96 Gb Total Space | 54.86 Gb Free Space | 41.58% Space Free | Partition Type: NTFS
Drive D: | 15.62 Gb Total Space | 5.58 Gb Free Space | 35.73% Space Free | Partition Type: NTFS
Drive G: | 313.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ALVIN-LAPTOP | User Name: aliu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 61 01 DA 5A 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{94371DE4-2FCE-4BA7-8C08-4EF7E95D708E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{BE1182FA-A0EE-4AA3-B5A9-05FB30814CE2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FD4E8F-EB13-4E07-888E-E2D3C6F985A7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{0D64C1AE-3C6D-4AD6-BE04-87C64A0C244E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{10E94D9D-1788-4098-843C-5D3003FE05C3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{147D8150-165E-4F72-B452-D705858B09D9}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe |
"{1EE6AFC7-F202-4B0B-BEAB-6743D181BE4E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1F6E5079-7B09-4958-9845-8D813D400BE6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{25C7FF1B-0AEC-4AB9-AC75-1FC36175A61A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{2C3E479A-BB0E-45A6-86B4-302AF3BF0E1F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{327F1C8B-1F82-467B-9D03-F3F12CCE5B0E}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe |
"{36FD7BFF-AD2C-4FBB-9EBF-E6921D995F9B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{468F429E-8A05-46F8-B922-9578ACAF9351}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{56912B15-437B-4737-A7AB-6B9E6EDC571F}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe |
"{638992DE-A72C-47D8-AE0C-75E7F95259A3}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{64523622-5A28-48EC-BC64-6183B289F01D}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{7E03B190-867D-48EF-BB1B-978CE01840E5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{944E31AC-2AD3-4E4F-93A7-5DC075103E48}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{9CED9D9E-0DC9-42E9-BCA4-47AAD2530FD9}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{A0496323-1EA9-4643-B96E-B915050DF5BF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{B686CAE9-F407-4BA1-A45F-A462793D684E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C2A4F3C3-82A2-4C19-AF55-8E8817249C37}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C3C51393-D7E0-46D0-B4D0-398BC983FCF5}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E40175C2-D676-437E-891E-F0F69BB036F0}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F1109001-BECC-4D66-BE5D-EB371B8BC6B6}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{F593BC14-2A6A-454B-A02F-859EF0AF9FE1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"TCP Query User{245DCA98-9016-4C36-ADEC-409D1563A32A}C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe" = protocol=6 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvc.exe |
"TCP Query User{A9807972-F8E0-4578-A6E4-A268C37E02BC}C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe" = protocol=6 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvc.exe |
"UDP Query User{1C4039BF-6D5D-470C-BFA4-3CC5F659276D}C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe" = protocol=17 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvc.exe |
"UDP Query User{B717B89E-A497-48A1-858A-78F2C4A83F35}C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe" = protocol=17 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0C270C59-8706-42B8-A2AD-6E5EE18BC90B}" = Microsoft SQL Server 2008 Reporting Services
"{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi Software
"{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = Microsoft SQL Server 2008 Reporting Services
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53D7A054-4598-4947-A159-E8FCC77720AB}" = Microsoft Sync Framework Runtime v1.0 (x64)
"{5D62CA9E-C68A-4BED-A1E9-7D38D9DDC2DB}" = Microsoft Online Services Sign-in Assistant
"{5E2D889D-FAFC-4E76-A851-3695ABA1A76F}" = SonicWALL Global VPN Client
"{5F588B19-C575-4750-86FD-6ED2B76E61F1}" = Intel® PROSet/Wireless WiMAX Software
"{67C816AF-93F0-4C11-A355-AABC5FC00083}" = Microsoft SQL Server 2008 BI Development Studio
"{6E2EE862-FEF9-408A-90BB-F5B4EC129C8E}" = Microsoft SQL Server 2008 Analysis Services
"{817BCC2B-76A8-4C8B-8B55-FD916C6969CC}" = Microsoft Sync Services for ADO.NET v2.0 (x64)
"{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{910A147A-75D7-4ECD-A00D-727AAC0FD0E7}" = Microsoft SQL Server 2008 Client Tools
"{91730409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = Microsoft SQL Server 2008 Full text search
"{AE479CE0-753F-49C0-B8E6-79A37403999F}" = Microsoft SQL Server 2008 BI Development Studio
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B702C53B-D809-4DD3-8C77-23EC0C948959}" = Microsoft SQL Server 2008 Integration Services
"{BAACB61F-43E0-4E70-BDC9-F81CC3B22970}" = Microsoft SQL Server 2008 Client Tools
"{BCF5E733-D8A0-58DA-E667-37512D7871F2}" = Microsoft Dynamics ERP Management Reporter 2012 Server
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D16D4F2A-C26C-4968-8285-3A2769E8C5C3}" = Microsoft Dynamics ERP Management Reporter 2012 Client
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E35C24C7-231F-4AAB-8B22-A59F9A00BED3}" = Microsoft SQL Server 2008 RsFx Driver
"{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F01EC9B9-21B4-441E-958A-1E01098B03BE}" = Microsoft SQL Server 2008 Analysis Services
"{F4264106-F90E-4076-98CF-1B878DB14513}" = SQL Server System CLR Types
"{F5459EB2-A662-4EB3-AD94-E771DC2F542A}" = Dexterity Shared Components 11.0 (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5FEEB7E-F647-4D18-85BA-096750A15547}" = Microsoft SQL Server 2008 Integration Services
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Bomgar Representative Console [helpdesk.dynamicmethods.net]" = Bomgar Representative Console [helpdesk.dynamicmethods.net]
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"EA1C8ECD4E416637C38F0079F98C8C7B0A112265" = Windows Driver Package - Intel (NETwLv64) net (10/07/2010 13.4.0.139)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = Lenovo Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 2.1.0-git-20120918-0402

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{0A561DC3-36F0-4EBA-961D-531F82D053C9}" = Self-service Plug-in
"{0EB183F5-17C6-45AA-96EC-888C615AD53C}" = Citrix Receiver (HDX Flash Redirection)
"{0F0447B4-6DDD-4831-933A-1EDF52091150}" = SnagIt 8
"{171D8D76-3F05-455A-A8AF-C561C2679905}" = Open XML SDK 2.0 for Microsoft Office
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{234AB115-C6C4-4ACB-A029-8845120E4F37}" = Online Plug-in
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{3431A7A3-6287-46B0-8AF1-BE2452A1FE62}" = Microsoft SQL Server 2008 Books Online (English)
"{36B6CCCF-97C3-4BC3-8890-A2E778C0037E}" = Citrix Receiver Updater
"{37334614-FAB1-4C67-9973-BC6C1DF82DAE}" = Citrix Receiver(USB)
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF10E19-4330-4077-A1B5-491ACDC24B08}" = Microsoft Lync 2010 SDK Runtime
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D3D2C60-A55F-4fed-B2B9-17311226DF01}" = ThinkPad Wireless LAN Adapter Software
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{ABD43F00-91CA-4BDC-A28E-CB3271A39386}" = Citrix Receiver(DV)
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{DC90A0A6-2D90-493E-8D13-D54AD123B9FD}" = Microsoft Dynamics GP 2010
"{DC90A0A6-2D90-493E-8D13-D54AD123B9FD}_Ex" = Microsoft Dynamics GP 2010
"{DD60885C-0CBE-40D8-AA14-11D8EDD7D97C}" = Citrix Receiver Inside
"{DD811185-0A2F-460A-B1DD-D786E6034011}" = Citrix Receiver(Aero)
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E8FC7C4A-FE4E-4356-A1B7-4DC57620DD5C}" = Citrix Authentication Manager
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"DAEMON Tools Lite" = DAEMON Tools Lite
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pidgin" = Pidgin
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1354656034-2485363117-3333568910-1309\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/12/2012 2:34:24 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.

Error - 10/12/2012 2:34:26 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.

Error - 10/12/2012 7:02:50 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2012 7:02:55 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = MSSQLSERVER | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: 192.168.100.33]

Error - 10/12/2012 7:02:55 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.

Error - 10/12/2012 7:02:56 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.

Error - 10/12/2012 7:03:04 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Management Reporter Report Designer | ID = 0
Description =

Error - 10/12/2012 7:03:04 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Management Reporter Report Designer | ID = 0
Description = Microsoft.Dynamics.Performance.Reporting.Common.ReportingServerNotFoundException:
The server could not be found. Make sure the server address is correct. at Microsoft.Dynamics.Performance.Reporting.Common.Service.ClientBase.Execute[TExec](Func`1
executor, Action`1 handler) at Microsoft.Dynamics.Performance.Reporting.Security.Client.InformationClient.HostIdentity()
at Microsoft.Dynamics.Performance.Reporting.Security.Client.SecurityManager.<>c__DisplayClassc.<TestServiceConnection>b__a()
at Microsoft.Dynamics.Performance.Reporting.Common.ExceptionHandling.<>c__DisplayClass1`2.<MakeHandler>b__0(Func`1
execute)

Error - 10/12/2012 7:03:06 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Management Reporter Report Designer | ID = 0
Description =

Error - 10/12/2012 7:03:06 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Management Reporter Report Designer | ID = 0
Description = Microsoft.Dynamics.Performance.Reporting.Common.ReportingServerNotFoundException:
The server could not be found. Make sure the server address is correct. at Microsoft.Dynamics.Performance.Reporting.Common.Service.ClientBase.Execute[TExec](Func`1
executor, Action`1 handler) at Microsoft.Dynamics.Performance.Reporting.Security.Client.InformationClient.HostIdentity()
at Microsoft.Dynamics.Performance.Reporting.Security.Client.SecurityManager.<>c__DisplayClassc.<TestServiceConnection>b__a()
at Microsoft.Dynamics.Performance.Reporting.Common.ExceptionHandling.<>c__DisplayClass1`2.<MakeHandler>b__0(Func`1
execute)

[ System Events ]
Error - 10/12/2012 12:09:49 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 10/12/2012 12:09:49 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 10/12/2012 2:34:14 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain DM0 due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 10/12/2012 2:34:27 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SWIPsec

Error - 10/12/2012 3:51:14 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = DCOM | ID = 10010
Description =

Error - 10/12/2012 4:09:30 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/12/2012 4:10:51 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 10/12/2012 4:11:15 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/12/2012 7:02:43 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain DM0 due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 10/12/2012 7:02:57 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SWIPsec


< End of report >
 
Windows firewall is running again, and I haven't gotten any search redirects. Functionality seems to be restored, although I'm occasionally getting a problem when I open up an application. It gives me an error regarding registry entries, although restarting seems to clear up the problem. Also I'm having trouble with adobe pdf previewer in outlook. Do I need to reinstall some of my programs? I'll keep testing and let you know what else I find.

Thanks so much for your help.
 
It's a good chance that some programs got corrupted so you may need to reinstall those.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O4 - Startup: C:\Users\Aliu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
    [2009/07/13 22:00:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:46 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

===================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Log from the custom fix:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
C:\Users\Aliu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Aliu
->Temp folder emptied: 4068682 bytes
->Temporary Internet Files folder emptied: 327826947 bytes
->Java cache emptied: 102096 bytes
->Flash cache emptied: 2084 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11600 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 317.00 mb


[EMPTYJAVA]

User: Aliu
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Aliu
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10122012_203335
Files\Folders moved on Reboot...
C:\Users\Aliu\AppData\Local\Temp\ExchangePerflog_8484fa310d6c5a69cfcccd43.dat moved successfully.
C:\Users\Aliu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TYNV1LZI\ads[1].htm moved successfully.
C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TYNV1LZI\need-help-removing-malware[2].htm moved successfully.
C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TYNV1LZI\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DUXI2KKW\partner[1].htm moved successfully.
C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DJ56EX58\918[1].htm moved successfully.
C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DJ56EX58\fights[1].htm moved successfully.
C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1FS9LEX\iframe[1].htm moved successfully.
C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AEQ7KMJ7\partner[3].htm moved successfully.
C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5DT3067S\ads[1].htm moved successfully.
C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Security Check:

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
 
FSS:

Farbar Service Scanner Version: 07-10-2012
Ran by aliu (administrator) on 12-10-2012 at 20:42:35
Running from "C:\Users\Aliu\Desktop"
Microsoft Windows 7 Ultimate N Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
AdwCleaner:

# AdwCleaner v2.004 - Logfile created 10/12/2012 at 20:47:13
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Ultimate N Service Pack 1 (64 bits)
# User : aliu - ALVIN-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Aliu\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
*************************
AdwCleaner[S1].txt - [1371 octets] - [12/10/2012 20:47:13]
########## EOF - C:\AdwCleaner[S1].txt - [1431 octets] ##########
 
I wasn't sure if I was supposed to uninstall the application on close. Or delete quarantined files? Thanks.

C:\ProgramData\Microsoft\Windows\DRM\8ED4.tmp Win64/Olmarik.AO trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\8ED5.tmp Win64/Olmarik.AO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.10.2012_17.10.18\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.10.2012_17.10.18\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.10.2012_17.10.18\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
 
It really doesn't matter...

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

13. Please, let me know, how your computer is doing.
 
Back